To address user privacy concerns Google is developing an encryption tool for email. It released the code for community testing this week. The tool will be an extension for Chrome called End-to-End.
The alpha version of the code, which is based on the popular OpenPGP email encryption standard, is available to be tested and evaluated, with Google’s Vulnerability Reward Program offering cash for improvements.
The tool will encrypt messages as they leave the sender’s browser, and only decrypt them again in the receiver’s browser when they say to.
The company blog post, written by Stephan Somogyi, Product Manager for Security and Privacy, acknowledges similar tools PGP and GnuPG, but says “we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.”
Last week, Google posted information on email encryption to its Transparency Report, including information on how much email is encrypted “in transit” and how much email various providers are encrypting.
Gmail security has been repeatedly updated as Google tries to keep up with user concerns. Gmail broadened its use of HTTPS encryption in March to provide assurances against snooping, however Google itself may be a snoop of concern for some users due to a Terms of Service update in April which allows Google and partners to make use of user “content.”
Other methods of email encryption, such as the “Dark Mail Alliance” created in fall 2013, have made similar promises to “End-to-End,” though their success is still up for debate.