Google launches encryption on Gmail. However, there are conditions

by · December 19, 2022

Google launches encryption on Gmail. However, there are conditions

We are all aware of end-to-end encryption, thanks to WhatsApp. Most of us also understand the importance of it in the increasingly digital age, with hacking and leaks. Now Google has announced that they are extending encryption services to Gmail, the one email that most of us use. But terms and conditions have been added.

Wait a minute, Gmail doesn’t have encryption for email, and we’re in 2022? Did you also think that should have been the norm a long time ago? We thought so too!

None of us want our emails or messages to be read by anyone other than us and the person we send them to. For a long time, Gmail did not have this encryption protection, and we all just had and still have blind faith in the almighty Google.

On Friday, Google rolled out what is called client-side encryption for Gmail. Unfortunately, it has not yet been rolled out for personal accounts. It looks like it will take much longer than 2022 or even 2023 for that to become a reality.

GIF: Google

So, what is Client Side Encryption (CSE)? First, it’s not end-to-end encryption, like WhatsApp; that Google offers. And the client-side encryption service is still in beta mode.

  • Currently, the service is only available to users of Google Workspace Enterprise Plus, Education Plus and Education Standard, not personal accounts.
  • CSE is intended for organizational use, where business administrators can encrypt and decrypt data on Google services.
  • Employees on the organizational Gmail system can send and receive emails across various other email providers with secure encryption.
  • This means that the service provider, such as Google servers, cannot read the emails. Therefore provides protection against any hacking attempt at any level (be it during the transmission of the email or at the start or end).
  • However, the organization will have the decryption key, which means that only the company will be able to see all the interactions between everyone hosted on the system.
See also  Enterprise Hits and Misses - The Meta Gets Hacked, The Metaverse Gets Beaten, And Co-Code Gets A Jargon Check

Using client-side encryption in Gmail ensures that sensitive data in the email text and attachments cannot be read by Google’s servers. Customers retain control of encryption keys and the identity service to access those keys.

– Google

  • In comparison, end-to-end encryption works at an individual level where only the sender and recipient can decrypt the message and no one else.
  • Currently, this service is only useful for those organizations that can generate their own decryption keys, which means that it is likely to benefit IT companies.

What will be encrypted? The email text, attachments and embedded images will be encrypted in the Services.

  • However, the email subject or header, timestamps or recipient list will not be encrypted.
  • Users can apply for beta version until January 20, 2023. Also, CSE for Gmail is only available for web use and is not yet applicable for the Gmail app. Google has promised to roll out the services for its mobile apps in the future as well.
  • Apart from Gmail, CSE is already available for Google Docs, Sheets, Slides, Drive, Meeting and Calendar in various capacities.

Other options: Currently, Gmail provides its users with what is called TLS (Transport Layer Security), where your emails are secured against snooping and hacking while in transit.

  • But the email is vulnerable to hacking on Google’s servers once the message is sent and received.
  • Some alternatives to Gmail are Proton Mail, FlowCrypt or Hushmail. For those with an iPhone, you can still use Gmail with extra protection like Proton Mail, in the Mail app on iOS.
  • Speaking of iPhone, Apple has also rolled out end-to-end encryption for iCloud backups. You can get it with the latest software update. This means that everything you back up also stays safe from hackers.
See also  Your Instagram friends can now help you regain access to a locked account

Of course, other than the owner of the chats granting access, there was no other way to retrieve all this data. Except, there was another way – backup! If you are in the custody of the CBI or another high-ranking government agency, it is likely that they will retrieve your phone backups.

WhatsApp backups are not end-to-end encrypted and vulnerable to hacking and snooping by any agency. But if you are an iPhone userare you in luck with the latest end-to-end encryption rolled out for iCloud backups.

Related posts:

  1. Switch back to iPhone
  2. Malicious app developer remains on Google Play
  3. Are you still using ‘Bigbasket’ as your password? Change that and follow these safe cyber practices
  4. Explained | How Google Passkeys will mitigate password leak threats

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *