Google to Introduce End-to-End Gmail Web Encryption

Google to Introduce End-to-End Gmail Web Encryption

Google is preparing to bring end-to-end encryption (E2EE) to Gmail accounts accessed via web browser—but not everyone will get to enjoy the new feature. According to an announcement from Friday, only Google Workspace users will experience new E2EE email protections when they’re swapping messages back and forth.

Now through Jan. 20, Workspace Enterprise Plus, Education Plus, and Education Standard customers are able to apply for Google’s client-side encryption (Google’s term for E2EE) beta. The beta period will allow Google to touch up the new security feature before the official rollout. (Google didn’t specify when this would be, but it would be surprising if E2EE didn’t make a broader introduction sometime in 2023.) It’s unknown whether Google will eventually bring E2EE to personal Gmail accounts or to its remaining business and nonprofit customers.

Google to Introduce End-to-End Gmail Web Encryption

The update constitutes the first time Gmail has ever incorporated E2EE. Gmail currently uses transport layer security (TLS), which secures emails while they’re in transit as long as the receiving email provider can maintain a secure connection. For the average person, TLS provides a reasonable enough level of protection; for businesses handling customer information, product development plans, and other sensitive material, however, TLS isn’t always enough. Government officials, internet service providers, and skilled hackers can still access the contents of TLS-protected communications if they’re motivated enough, presenting what’s at best an extra source of stress.

Now Gmail will join Google Drive, Google Docs, Sheets, and Slides, Google Meet, and Google Calendar (the last of which is also under E2EE beta) in offering full encryption between two or more users. Google’s Gmail E2EE beta application page notes that users will need to turn on the feature once their application has gone through by accessing the administrative console. Once E2EE has been turned on, users will have to choose to encrypt individual emails by clicking the lock option in the top right corner of their draft, then clicking the “Turn On” button. Google’s client-side encryption will encrypt the body of an email and any attachments, including inline images. Email subjects, timestamps, and recipient lists won’t be encrypted.

Continue reading

Google Pixel Slate Owners Report Failing Flash Storage
Google Pixel Slate Owners Report Failing Flash Storage

Google's product support forums are flooded with angry Pixel Slate owners who say their devices are running into frequent, crippling storage errors.

Google Kills Free Photo Storage, Changes What Counts Toward Storage Caps
Google Kills Free Photo Storage, Changes What Counts Toward Storage Caps

Google has announced some significant changes to Photos, especially if you use the service for automatic backup.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.

Nvidia, Google to Support Cloud Gaming on iPhone Via Web Apps
Nvidia, Google to Support Cloud Gaming on iPhone Via Web Apps

Both Nvidia and Google have announced iOS support for their respective cloud gaming platforms via progressive web applications. Apple can't block that.