Three years ago Google announced that they are building an end-to-end encrypted Chrome plugin to automatically encrypt emails between Gmail users. Now they have silently handed the project to the open-source community.
Forerunners of people's right to privacy see this move as a confirmation that Google has buried the E2EMail project, which would have been a great tool for millions of people to automatically adapt end-to-end encryption.
"The real message is that they’re not actively developing this as a Google project anymore,” said cryptography expert Matthew Green to Wired. "It’s definitely a bit of a disappointment, given how much hype Google generated around this project at one point, to see that they’re not pursuing this as a core feature of Gmail," Green says.
Making email encryption easy is hard
Google officially says that they have not abandoned their move towards encryption. However, they explained that developing easy email encryption is much harder than one might think.
It is difficult to make encrypted emails interoperable with different clients as well as to design the key exchange in an easy-to-use fashion. Issues that are already known to any pgp-user, and that don't disappear when Google wants to add a pgp-based plugin to Chrome.
Automatic encryption is a must to regain privacy
Google wants to leave the final decision about whether or not to make use of encryption to the user, but cryptography expert Matthew Green criticizes this harshly via Twitter, calling it a "self-serving decision":
Here's an idea Google: stop making self-serving decisions for your users and calling it "choice".— Matthew Green (@matthew_d_green) 28. Februar 2017
While encryption is a must to make sure no-one can read your personal information, this choice might never become available to Gmail users.
The more encrypt the better!
We at Tutanota are disappointed that E2EMail is dead. We believe in our right to privacy and fight for it with encryption ourselves. If Gmail had adopted automatic end-to-end encryption, this would have made a huge difference to today's level of all-round surveillance online. It would have made the Internet so much more secure to millions of users!
Unfortunately, Google's move to abandon E2EMail once again shows that we should not trust large organizations with our private information. Maybe it was illusional from the start to believe that a company so focused on mining user data and posting targeted ads would suddenly start protecting its users' right to privacy.
We have to take matters into our own hands when we want to really protect our privacy. And this is exactly what we've been doing at Tutanota these past couple of years: Building easy-to-use end-to-end encrypted email, free for anyone. In Tutanota your entire mailbox is encrypted so that no-one - not even our developers - can read your personal emails.
Stop waiting for Google, start using end-to-end encryption now!
If you want to take back your privacy completely, read our recommendations on how to leave Google behind.