New in Gmail: Making E2E encrypted emails easy to use for all organizations(workspace.google.com)

77 pointsby skim16 days ago9 comments

irq-116 days ago
https://support.google.com/a/answer/14309952
> Users with a consumer Google Account (such as Gmail users) can't access client-side encrypted content, send encrypted email, or participate in client-side encrypted meetings.
> To view or edit client-side encrypted content, users must use either the Google Chrome or Microsoft Edge (Chromium) browser.
- SahAssar16 days ago
  That's just absurd. Requiring both a specific (paid) email provider and specific (both funded by ads) browsers is a joke.
  - ariwilson15 days ago
    Why?
    Larrikin14 days ago
    Email exists between providers in its current form because there weren't people trying to figure out how to insert themselves in between so they can make money. Justify needing a better reason
    15 days ago
    undefined
ninjastar9916 days ago
Thought this was an April Fools joke - please tell me it is! That UI looks exactly like a phishing email. And then to make users login once they click it? Exactly like a phishing email.
- Tutanota15 days ago
  Here's a better one: Breaking: Gmail starts using the whitelabel version of Tuta Mail so that 2.5 billion users will get automatic encryption.
  https://mastodon.social/@Tutanota/114262092716832489
- hcaz15 days ago
  Google have a history of releasing products on april 1st, gmail itself was right?
rlpb16 days ago
> When the recipient is a Gmail user (enterprise or personal), Gmail sends an E2EE email. The email is automatically decrypted in the recipient's inbox, and the recipient can use Gmail in a familiar way.
So what happens with Search?
- netsharc15 days ago
  Random unpolished idea: a (local) search engine that runs when seeing the email and stores the keywords encrypted in its index..
  So if you're looking for "Nigerian prince" it will look up "Avtrevna cevapr" and return references to the emails containing that term.
  - wildzzz15 days ago
    Is that an April fools joke? Proper encryption suites don't produce something that looks like a Caesar cipher, it's just a solid block of seemingly random data. You can't really index something like the words inside an email unless you first decrypt it.
    IcePic14 days ago
    Reading all parts of
    https://esl.cs.brown.edu/blog/how-to-search-on-encrypted-dat...
    might allow for some options to solve this problem.
    wildzzz4 days ago
    Right, I do understand that with some setup involved, there are ways to search against encrypted messages but simply being given a brand new chunk of encrypted data with no prior knowledge of the contents would be impossible for anyone to index other than the recipient using the key. There would definitely be a way for the client-side to automatically download an encrypted email, decrypt it, index it, and keep an index database using whatever method while simultaneously keeping the originally encrypted email secure on the server.
- saint_yossarian15 days ago
  ProtonMail downloads the whole mailbox to browser storage to support fulltext search.
  - 13 days ago
    undefined
  - moralestapia14 days ago
    Whew!
d33216 days ago
Judging from the screencast, this UX is going to be a great gift for scammers.
- easton15 days ago
  I mean, this is almost the same as the external Office 365 screens for encrypted mail just with Google’s design language, so maybe it doesn’t happen as often in practice?
cachedthing015 days ago
Google and privacy is like Zuckerberg and moral or JD Vance and self-reflection. Only on april 1.
commandersaki16 days ago
This is like their 3rd or 4th attempt to do encrypted email.
blitzar15 days ago
Is this a .gov selling feature they are letting us mere mortal corporations play with?
CyanLite215 days ago
April Fool's!
egberts15 days ago
Ummmmm, E2E on a JavaScript-infested website?
No thanks. Just, no.