"send end-to-end encrypted (E2EE) emails to anyone, even if the recipient uses a different email provider" but the video shows Gmail asking the recipient to authenticate. How does that work? If a Gmail user sends an email to my self-hosted server, there is nowhere to authenticate me to.
And it means either Gmail or the actual email stores decryption keys, so what is the threat model in which E2EE is useful here?
The only "advantage" I see is that now recipients must manually archive these "encrypted" emails if they want to keep access to them in the future (so most of them won't). That would be consistent with Google's strategy with AMP's editable emails.
I never liked the term "end-to-end encryption". I guess we can now say it's fully meaningless.
The one thing I've learnt in security after many years is there are no shortcuts. If you don't understand the basics, you can't have security. Things like "end-to-end encryption" are just trying to avoid teaching people the basics by using nice words.
People understand if someone has a copy of their front door key then it's no longer secure and they need to change the locks. So it should be simple to understand encryption too. But most interfaces try to hide away the existence of keys, which is the most basic principle of all. If you don't know where your key is, how can you be secure?
The demo gif looks so weird. So you send someone an email, and (if it's not a gmail) it asks them the log into some mini gmail looking thing to view the actual message?
> preserving enhanced data sovereignty
As in you need google in order to view any of your data?
> end-to-end encrypted
Ah yes end (googles server) to end (also googles server) encryption. Very useful.
Maybe I'm misunderstanding but this genuinely seems completely pointless at best. It's middleman to that same middleman encryption solving the last mile delivery problem by not sending the actual message.
"Embrace, extend, extinguish" all over again. I am appalled at how many people use Gmail, giving up their privacy, control over E-mail, and leading to an overly centralized system where our mail is controlled by 2-3 companies at most (about 30% of my spam comes from Google servers, they pretty much ignore abuse reports, and I have no way to block it, because they are "too big to fail").
Now we will get a slowly introduced proprietary encryption scheme that will pretend to be "open", but will be carefully controlled so that it is slightly broken for everyone except Google. Several years down the road we'll wake up in a world where people will be annoyed that you can't receive their E-mail and will tell you to "just use gmail".
Replace "Google" with "Microsoft" and "Gmail" with "Outlook" and it's the 1990s all over again.
> I am appalled at how many people use Gmail, giving up their privacy
The article is literally about cross-vendor E2E email encryption. I mean, we all understand that you mean to invoke the Standard HN Litany Against Google here. But surely you at least should nod to the fact that the linked article stands as a point against your position, no?
All I want from Google Workspace is a single-user email account tied to my domain name. Instead, I have an overly complex system where I need to grant my own phone permission to watch YouTube videos. It would be nice if they had a more basic version.
They are saying the truth: those emails are "technically" encrypted.
Just nowhere private on the sender side since they won't even keep the keys private.
Now much less private on the receiver side since they have for "reasons" to login into a gmail hosted server and give them data like their IP address and permit other things like browser fingerprinting.
Fantastic, from the title I almost believed they'd be adding private messaging as done by other email providers almost 30 years ago. But not yet.
This is just Google going after those proprietary “end to end encrypted” email services healthcare and other places use. Technically speaking they don’t accomplish anything but from a compliance perspective they seem to satisfy regulators.
Authenticate where? How does the authentication prove that the intended recipient is the one who has clicked on the link and should be able to view? What happens if the email is forwarded with the link? What should one do to forward the email to someone without this encryption?
Organizations may need ways to store, archive and manage received email content from others.
I don’t understand what problem this solves for organizations and how.
Microsoft Outlook 365 has a somewhat similar feature where the email is just a link to hosted content on its servers (this kind of functionality isn’t new or recent on other platforms). It doesn’t require any authentication by the recipient. IIRC, the sender can also decide on the expiry of the content.
I have used a similar service. Anytime you want to access the link, you must enter a code sent to your email. So if you forward the link, and the person to whom you forward it click the link, they need you to also forward the code to them.
> How does the authentication prove that the intended recipient is the one who has clicked on the link and should be able to view?
You log in with a Google account associated with the recipient address. You prove you control the email by putting in a code Google sends you.
> What happens if the email is forwarded with the link?
They can't open it because they don't have access to the Google account associated with your email address.
> What should one do to forward the email to someone without this encryption?
Obviously, encrypted emails are not meant to be forwarded. Nothing prevents you from taking a photo though. Maybe copy and paste will work.
> Organizations may need ways to store, archive and manage received email content from others.
Organizations can't control how they receive information. It doesn't matter what they want in this regard. If a judge orders them to do something about it, that's for the judge to figure out.
> I don’t understand what problem this solves for organizations and how.
It keeps messages private. You don't see why organizations in e.g. health care, law, or the military want increased privacy of messages in a way that is super easy to use? And where recipients can't accidentally forward sensitive messages? A lot of this is determined by compliance requirements too.
An ad company that has been creating ads for years based on what is in your email, is telling us emails will now be encrypted eh? Why do I have my doubts
28 comments
[ 3.0 ms ] story [ 64.3 ms ] threadA pop-up where you need to authenticate with credentials...
I'm sure no-one will abuse this.
Pretty sure admins can still audit emails even if they're E2EE.
And it means either Gmail or the actual email stores decryption keys, so what is the threat model in which E2EE is useful here?
The only "advantage" I see is that now recipients must manually archive these "encrypted" emails if they want to keep access to them in the future (so most of them won't). That would be consistent with Google's strategy with AMP's editable emails.
This is likely about regulatory compliance. Many industries require encryption and transit.
This is about the last kind of thing a company or engineer or PM would build just for fun.
This is a feature that will be genuinely used a bunch. Its use gets mandated, in fact.
The one thing I've learnt in security after many years is there are no shortcuts. If you don't understand the basics, you can't have security. Things like "end-to-end encryption" are just trying to avoid teaching people the basics by using nice words.
People understand if someone has a copy of their front door key then it's no longer secure and they need to change the locks. So it should be simple to understand encryption too. But most interfaces try to hide away the existence of keys, which is the most basic principle of all. If you don't know where your key is, how can you be secure?
The "Assured Controls" add on put keys on smartcard / hsm not owned by google.
> preserving enhanced data sovereignty
As in you need google in order to view any of your data?
> end-to-end encrypted
Ah yes end (googles server) to end (also googles server) encryption. Very useful.
Maybe I'm misunderstanding but this genuinely seems completely pointless at best. It's middleman to that same middleman encryption solving the last mile delivery problem by not sending the actual message.
Now we will get a slowly introduced proprietary encryption scheme that will pretend to be "open", but will be carefully controlled so that it is slightly broken for everyone except Google. Several years down the road we'll wake up in a world where people will be annoyed that you can't receive their E-mail and will tell you to "just use gmail".
Replace "Google" with "Microsoft" and "Gmail" with "Outlook" and it's the 1990s all over again.
You could say the same about Signal, how is signal more open than Gmail.
Setting aside whether what you wrote is true, we are not talking about Signal here.
The article is literally about cross-vendor E2E email encryption. I mean, we all understand that you mean to invoke the Standard HN Litany Against Google here. But surely you at least should nod to the fact that the linked article stands as a point against your position, no?
I don't see an RFC defining that "cross-vendor E2E email encryption" as a standard, so calling it "cross-vendor" is just fluff at this point.
> without the hassle of exchanging keys
> access the encrypted message via a guest account
Feels like shifting the goalposts and trying to brand a new working definition of E2EE
https://support.google.com/a/answer/14757842
Just nowhere private on the sender side since they won't even keep the keys private.
Now much less private on the receiver side since they have for "reasons" to login into a gmail hosted server and give them data like their IP address and permit other things like browser fingerprinting.
Fantastic, from the title I almost believed they'd be adding private messaging as done by other email providers almost 30 years ago. But not yet.
There you enter the password and unlock the content.
"secure mail" my ass.
Organizations may need ways to store, archive and manage received email content from others.
I don’t understand what problem this solves for organizations and how.
Microsoft Outlook 365 has a somewhat similar feature where the email is just a link to hosted content on its servers (this kind of functionality isn’t new or recent on other platforms). It doesn’t require any authentication by the recipient. IIRC, the sender can also decide on the expiry of the content.
You log in with a Google account associated with the recipient address. You prove you control the email by putting in a code Google sends you.
> What happens if the email is forwarded with the link?
They can't open it because they don't have access to the Google account associated with your email address.
> What should one do to forward the email to someone without this encryption?
Obviously, encrypted emails are not meant to be forwarded. Nothing prevents you from taking a photo though. Maybe copy and paste will work.
> Organizations may need ways to store, archive and manage received email content from others.
Organizations can't control how they receive information. It doesn't matter what they want in this regard. If a judge orders them to do something about it, that's for the judge to figure out.
> I don’t understand what problem this solves for organizations and how.
It keeps messages private. You don't see why organizations in e.g. health care, law, or the military want increased privacy of messages in a way that is super easy to use? And where recipients can't accidentally forward sensitive messages? A lot of this is determined by compliance requirements too.