When it comes to email, my head-in-the-sand approach has always been that if someone’s got nothing better to do than spy on my messages, then I feel sorry for them. But there are a lot of people sending a lot of sensitive information in the world, and taking a look at just how few messages are securely encrypted, I’m shocked at how lax webmail security is.
Google wants to change that. It’s just released a new Chrome extension called End-To-End, which allows users to encrypt, decrypt, and digitally sign emails within the browser. End-to-End uses the encryption program OpenPGP which is designed to be so secure that even the government can’t hack it. (Not that they’d ever want to do anything like that…)
Its alpha code was publically released today but the extension won’t be listed in the Chrome store until it’s been tested and approved by independent cryptographers. (If you think you could spot a bug, there’s up to $20,000 in it.) Once it’s been made available, users will be able to send and receive encrypted emails through any webmail provider, including Gmail.
In the meantime, Google has released stats, which show that at present 65% of messages from Gmail and just 50% of messages to Gmail are securely encrypted. They’ve also listed the percentage of securely transmitted messages for several top domains, and it’s good news for Facebook users, but a bad day for Groupon fans. You can also
search for any company you get emails from to see how well they’re doing.
Hopefully, being named (and in some cases, shamed) will encourage businesses to step up their security. But for now, if you have something really private to send, a carrier pigeon might still be your best bet.