Google’s End-to-End Encryption Moves Forward With Help From Yahoo
Google is on a mission to make end-to-end encryption more accessible for less savvy users than existing tools like PGP and GnuPG. The way it intends to do this is through its End-to-End tool, a work in progress that's currently in alpha form, albeit recently updated and in the process of being migrated to GitHub in hopes that more developers will comb over the protocol.
Yahoo is working with Google on its End-to-End encryption tool and has already offered up several contributions, many of which are found in the latest release. The latest alpha also includes more documentation, including a fleshed out project wiki with additional information about End-to-End, both for developers and security researchers.
"One thing hasn’t changed for this release: we aren’t yet making End-To-End available in the Chrome Web Store," Stephan Somogy, Product Manager, Security and Privacy for Google, stated in a blog post. "We don’t feel it’s as usable as it needs to be. Indeed, those looking through the source code will see references to our key server, and it should come as no surprise that we’re working on one. Key distribution and management is one of the hardest usability problems with cryptography-related products, and we won’t release End-To-End in non-alpha form until we have a solution we’re content with.
When finalized, End-to-End will allow users to "encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP." Such a thing has never really been made easy for mainstream consumption, which is the point behind End-to-End.
It's not clear how much longer Google has yet to go before making its End-to-End tool available in the Chrome web store. When it does, it figures to be a popular add-on, particularly with increased awareness towards data privacy since it's come out that the NSA sees pretty much anything and everything it wants to.
Yahoo is working with Google on its End-to-End encryption tool and has already offered up several contributions, many of which are found in the latest release. The latest alpha also includes more documentation, including a fleshed out project wiki with additional information about End-to-End, both for developers and security researchers.
"One thing hasn’t changed for this release: we aren’t yet making End-To-End available in the Chrome Web Store," Stephan Somogy, Product Manager, Security and Privacy for Google, stated in a blog post. "We don’t feel it’s as usable as it needs to be. Indeed, those looking through the source code will see references to our key server, and it should come as no surprise that we’re working on one. Key distribution and management is one of the hardest usability problems with cryptography-related products, and we won’t release End-To-End in non-alpha form until we have a solution we’re content with.
When finalized, End-to-End will allow users to "encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP." Such a thing has never really been made easy for mainstream consumption, which is the point behind End-to-End.
It's not clear how much longer Google has yet to go before making its End-to-End tool available in the Chrome web store. When it does, it figures to be a popular add-on, particularly with increased awareness towards data privacy since it's come out that the NSA sees pretty much anything and everything it wants to.
