Google To Adopt End-To-End Encryption For Gmail And Chrome :
Google has changed it’s policy for Gmail and Chrome in order to improve the security of data and content. Gmail has setup Content Security Policy (CSP) within preliminary code for end-to-end email encryption. Company is planning to encrypt all the data communication that happens between the sender and receiver in Gmail and Chrome web versions.
CSP became popular when Mozilla implemented it in Firefox 4 in 2010. The basic idea behind CSP is to limit the risk of Cross Site Scripting (XSS) security flaws. There are some malicious extensions available for Chrome. Some of these extensions run encrypted script that interferes with Gmail session. The inbuilt CSP in Gmail and Chrome will stop these extensions from loading the unsafe script.
Google’s end-to-end email encryption offers fully encrypted email mechanism that is totally new and interoperable with any other online webmail services. Google seems to have followed Yahoo’s footstep by announcing the end-to-end encryption for emails. The project is still in alpha stage of development.
Google is planning to launch a chrome extension for encryption, decryption, digital signature, verification of signed emails using this extension within the browser. Google’s Security and Privacy Product Manager, Stephan Somogyi has posted a blog post that states company doesn’t think End-to-End encryption is as usable as it sounds. The project is still in alpha stage and it’s not yet available for public usage.
Somogyi said, “Anyone accessing the source code through our Github page will understand that the code refers to our key server. We are still working on the system, which is why it does not point towards the public server.” The end-to-end encryption will bring highest tier of email security for Gmail conversations.
Google is also considering to adopt a new strategy that will label non-SSL/HTTPS sites as insecure websites. A chromium proposal states that, agent users need to change their UX to display non-secure origins as affirmatively non-secure.” Google plans to deploy the transition plan for Chrome in coming year.
Source : azure.efytimes.com
