Google announced on Friday that it's adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.
Once enabled, Gmail client-side encryption will ensure that any sensitive data delivered as part of the email's body and attachments can not be decrypted by Google servers.
"With Google Workspace Client-side encryption (CSE), content encryption is handled in the client's browser before any data is transmitted or stored in Drive's cloud-based storage," Google explained on its support website.
"That way, Google servers can't access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally."
Proton Mail and Tutanota have already long been doing this, and Thunderbird and other clients can handle E2EE through 3rd party extensions. What is not clear though is whether Google will allow the uploading of a user's existing encryption keys (like Proton Mail does).
And whilst this is a great advance to finally make it to GMail, I'm not sure if users are ready for encrypted e-mails. For a start, you need to be able to send to other users who also have this capability to decrypt the contents. This is therefore only going to be effective between two email users who both have the capability. Of course, this also means that both mail clients also have to use the same encryption standards. For example, if it does use the openPGP standard then encrypted mails will work fine between GMail and Proton Mail users, otherwise you will only see gibberish.
Why only the body and attachments? Because the mail still has to be routed to an address, and have a reply sent back.
See
Google introduces end-to-end encryption for Gmail on the web#
technology #
encryption #
GMail #
email #
privacy Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within their domain and outside their domain.