I am not surprised. I got sick in 2014 and spent a summer implementing OpenPGP from scratch. It is _extremely_ ugly. If I was Google I would make something better and push that, instead of spending tearful days implementing the really bad specification that is RFC4880.
Mailvelope is OpenPGP as a browser extension and works ok with GMail:<p><a href="https://github.com/mailvelope/mailvelope" rel="nofollow">https://github.com/mailvelope/mailvelope</a>
Google stopped working on End-to-End at least a year ago:<p><a href="https://motherboard.vice.com/en_us/article/google-yahoo-end-to-end-email-encryption-work-in-progress" rel="nofollow">https://motherboard.vice.com/en_us/article/google-yahoo-end-...</a><p>And now they've "open sourced it" with minimal changes since then. Sounds to me like they stopped working on it, but they didn't want to keep getting asked by the tech media and crypto people about the project's status. So they went "Here, it's all yours now! You're welcome. Yes, we know how awesome we are."<p>But it doesn't look quite finished, so I wonder if anyone will bother to complete Google's half-assed job. Google didn't even bother to integrate it with Key Transparency before open sourcing it. That speaks volumes as well.<p>They've recently also released a centralized/hosted version of S/MIME for enterprise users as well, again showing their complete disinterest in continuing to support <i>end-to-end</i> crypto.<p><a href="https://security.googleblog.com/2017/02/hosted-smime-by-google-provides.html" rel="nofollow">https://security.googleblog.com/2017/02/hosted-smime-by-goog...</a><p>I'm guessing they stopped working on End-to-End around the time they started working on the hosted S/MIME. I wouldn't get my hopes up about Google supporting end-to-end crypto in the future. Now I'm starting to wonder if they'll also kill the feature in Allo, or just hide it some more in future releases, so that it becomes even harder to use.
So, it is still decidedly beta (more accurately, alpha), but I wrote and just released <a href="http://gibber.it" rel="nofollow">http://gibber.it</a>, to allow users to send end-to-end encrypted messages through basically any place in a browser that you can enter text.<p>I wrote this because it seems to me that the lack of end to end encryption in services like gmail is a problem - it also seems to me that there is no reason to have this service tied to a particular website, or for it to be administrated by another service provider. Accordingly, all GibberIt does is provide the encryption and key exchange - use it on gmail, nytimes comment boards and reddit (all working well so far) - or wherever the hell else you want. It will soon (I hope...) be working on facebook too (their content-security-policy is very strict - rightly so - and I am making the extension compatible with these requirements).<p>* It currently functions as a chrome extension.<p>* Sign up, invite connections just like any other social network.<p>* Encryption is end to end, AES 128 with nonce'd salts.<p>* Use a password you share with your connection (NOT your login password) to send connection invites - this is used to encrypt your keys during the invite process. (Make sure to accept the return invite! This is how your connection sends his or her keys back to you. Also note that you will likely need to reload any tab running the extension after accepting an invite in order to get the keys to load.)<p>* Use the chrome extension to encrypt and decrypt messages as you browse.<p>* I am, by profession, a corporate, software and information lawyer. More about me here: <a href="http://www.lawyernamedliberty.com" rel="nofollow">http://www.lawyernamedliberty.com</a><p>Demonstration gifs of GibberIt here: <a href="https://www.gibberit.com/#!how" rel="nofollow">https://www.gibberit.com/#!how</a><p>Please note that the system is in BETA. Still many tweaks to work out. Use is at your own risk.<p>Please feel free to ask any questions you may have. I welcome any and all feedback. Love the system? Hate the system? Please let me know.<p>Edit: Please note that the gibberit homepage - AND NO OTHER PAGE - uses google analytics. This is clearly detailed in my privacy policy. Aside from that, I do not use any tracking software.
Google once again has proved that 'Google fighting surveillance' sounds like 'rock musicians fighting drugs' and 'bees fighting honey'.