New in Gmail: Making E2E encrypted emails easy to use for all organizations(workspace.google.com)

77 pointsby skim10 months ago9 comments

irq-110 months ago
https://support.google.com/a/answer/14309952
> Users with a consumer Google Account (such as Gmail users) can't access client-side encrypted content, send encrypted email, or participate in client-side encrypted meetings.
> To view or edit client-side encrypted content, users must use either the Google Chrome or Microsoft Edge (Chromium) browser.
- SahAssar10 months ago
  That's just absurd. Requiring both a specific (paid) email provider and specific (both funded by ads) browsers is a joke.
  - ariwilson10 months ago
    Why?
    Larrikin10 months ago
    Email exists between providers in its current form because there weren't people trying to figure out how to insert themselves in between so they can make money. Justify needing a better reason
    10 months ago
    undefined
ninjastar9910 months ago
Thought this was an April Fools joke - please tell me it is! That UI looks exactly like a phishing email. And then to make users login once they click it? Exactly like a phishing email.
- Tutanota10 months ago
  Here's a better one: Breaking: Gmail starts using the whitelabel version of Tuta Mail so that 2.5 billion users will get automatic encryption.
  https://mastodon.social/@Tutanota/114262092716832489
- hcaz10 months ago
  Google have a history of releasing products on april 1st, gmail itself was right?
rlpb10 months ago
> When the recipient is a Gmail user (enterprise or personal), Gmail sends an E2EE email. The email is automatically decrypted in the recipient's inbox, and the recipient can use Gmail in a familiar way.
So what happens with Search?
- netsharc10 months ago
  Random unpolished idea: a (local) search engine that runs when seeing the email and stores the keywords encrypted in its index..
  So if you're looking for "Nigerian prince" it will look up "Avtrevna cevapr" and return references to the emails containing that term.
  - wildzzz10 months ago
    Is that an April fools joke? Proper encryption suites don't produce something that looks like a Caesar cipher, it's just a solid block of seemingly random data. You can't really index something like the words inside an email unless you first decrypt it.
    IcePic10 months ago
    Reading all parts of
    https://esl.cs.brown.edu/blog/how-to-search-on-encrypted-dat...
    might allow for some options to solve this problem.
    wildzzz10 months ago
    Right, I do understand that with some setup involved, there are ways to search against encrypted messages but simply being given a brand new chunk of encrypted data with no prior knowledge of the contents would be impossible for anyone to index other than the recipient using the key. There would definitely be a way for the client-side to automatically download an encrypted email, decrypt it, index it, and keep an index database using whatever method while simultaneously keeping the originally encrypted email secure on the server.
- saint_yossarian10 months ago
  ProtonMail downloads the whole mailbox to browser storage to support fulltext search.
  - 10 months ago
    undefined
  - moralestapia10 months ago
    Whew!
d33210 months ago
Judging from the screencast, this UX is going to be a great gift for scammers.
- easton10 months ago
  I mean, this is almost the same as the external Office 365 screens for encrypted mail just with Google’s design language, so maybe it doesn’t happen as often in practice?
cachedthing010 months ago
Google and privacy is like Zuckerberg and moral or JD Vance and self-reflection. Only on april 1.
commandersaki10 months ago
This is like their 3rd or 4th attempt to do encrypted email.
blitzar10 months ago
Is this a .gov selling feature they are letting us mere mortal corporations play with?
CyanLite210 months ago
April Fool's!
egberts10 months ago
Ummmmm, E2E on a JavaScript-infested website?
No thanks. Just, no.