Google Reveals New End-to-End Encryption Scheme for Chrome

Google has announced their plans to bring full, end-to-end encryption capabilities to their Chrome web browser in the form of a new plugin which should be released sometime within the next six months if all goes according to script.

For the past several months, Google has been scrambling to encrypt their servers, data centers, the links between those data centers, and their email clients as quickly and efficiently as they can.

Given the dire circumstances of the security of the Internet that were dropped on their heads last year by an as-of-then unknown IT contractor from the NSA, it’s no wonder why a tech company of their magnitude might feel a little embarrassed for how far behind the curve they were when the leaks finally broke.

By utilizing the Chrome engine to generate encryption keys, Google hopes to provide a simple, easy to use solution for anyone who is concerned about the privacy of the messages they send through their preferred email service.

Unfortunately though, the sanctity of this security push is already coming under fire from a bevvy of experts, who claim its reliance on the massive malware threat that is Javascript will make it too weak to pin our hopes on right out of the gate.

Popular clients like Google’s own Gmail, Yahoo Mail, and Hotmail all came under fire last year, when it was revealed that the NSA had been actively (and easily) tracking the correspondence of users registered with the websites through standard decryption tactics that took next to no computing power to complete.

chrome

Photo: Google

“While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use,” Stephan Somogyi, a Google product manager for security and privacy, wrote in a blog post published Tuesday. “To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools.”

As of today Google claims that the service will only be available through the desktop Chrome browser itself, rather than the Gmail client, so sending anything from your phone or tablet still runs the heady risk of being picked up by anyone who might be listening on the other line.

This means that anyone who depends on Firefox, Opera, or Safari for their browsing needs could be left out in the unencrypted cold, but that could change at any point as the development process continues at a steady pace. For now, the claims of either Google or its detractors should be taken with a grain of salt until the finished product is made available to the public for a full, and thorough security audit.

The plugin is still stuck in the earliest stages of alpha development, but from what we’ve seen so far the project looks like a promising way to distribute encryption methods to the masses without the complicated installation process that prevents so many end users from taking the plunge into fully encrypting their daily emails and communications.