It is unlikely that built-in email encryption will ever be available in Gmail

196 点作者 wil_I_am_27大约 6 年前

16 条评论

tkfu大约 6 年前

> While it is possible to encrypt certain emails in Gmail with GPG, Google can still read all email meta-data such as email addresses and subject lines. Better use a Gmail alternative that encrypts your entire mailbox and contacts automatically.This is nonsense. Any email service will be able to see the recipients (and senders) of your messages, because that's how email works. Subject lines too, again, because that's how email works.E2E encryption of email is a good thing, GPG is hard. These things have be true forever.

评论 #19440874 未加载

评论 #19440747 未加载

评论 #19440784 未加载

评论 #19440634 未加载

yuz大约 6 年前

This is a promotion article for an end-to-end encrypted mail service called tutanota. They claim that google abandonment of the mail encryption project impiles that gmail encryption will necessarily never be available for gmail users.

politelemon大约 6 年前

It was dead the moment they put it on Github. Their blog post[1] claimed:> E2EMail is not a Google product, it’s now a fully community-driven open source project, to which passionate security engineers from across the industry have already contributed.But looking at the commit history[2] makes it clear that was not the case at all.Although this post is by Tutanota (and I can't tell if Tutanota supports PGP), Protonmail does support PGP emails.1: <a href="https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html" rel="nofollow">https://security.googleblog.com/2017/02/e2email-research-pro...</a>2: <a href="https://github.com/e2email-org/e2email/commits/master" rel="nofollow">https://github.com/e2email-org/e2email/commits/master</a>

评论 #19440973 未加载

评论 #19440729 未加载

hannob大约 6 年前

I know it's a bit old, but since I read this I cannot possibly take Tutanota seriously on anything crypto:<a href="https://tutanota.uservoice.com/forums/237921-general/suggestions/7858974-tutanota-is-using-unauthenticated-aes-cbc-encrypti" rel="nofollow">https://tutanota.uservoice.com/forums/237921-general/suggest...</a> <a href="https://seclists.org/fulldisclosure/2015/Jun/58" rel="nofollow">https://seclists.org/fulldisclosure/2015/Jun/58</a>

Leace大约 6 年前

The article has a point but do know that Tutanota is using their own custom encryption scheme. I can understand they don't want to support PGP if they have something better but judging from their FAQ [0] they just replicated what PGP already can do [1] [2] effectively reinventing square wheel.As for browser encryption Mailvelope [3] works and can even use local GnuPG (through NativeMessaging). FlowCrypt [4] is a little bit more tightly integrated with Gmail (through their API).[0]: <a href="https://tutanota.com/faq/#pgp" rel="nofollow">https://tutanota.com/faq/#pgp</a>[1]: "That's why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments."[2]: <a href="https://github.com/autocrypt/memoryhole#memory-hole-protected-e-mail-headers" rel="nofollow">https://github.com/autocrypt/memoryhole#memory-hole-protecte...</a>[3]: <a href="https://www.mailvelope.com/en" rel="nofollow">https://www.mailvelope.com/en</a>[4]: <a href="https://flowcrypt.com/" rel="nofollow">https://flowcrypt.com/</a>

评论 #19441570 未加载

mikekchar大约 6 年前

In the meantime I'm using mutt on the desktop on K9 on Android. I have to say that K9 is brilliant (mutt less so, but I like it ;-)). It's the closest "it just works" E2E mail client I've ever used. Unfortunately the reality of PGP is that it's hard for a normal person to use, although I've got my Dad using it for all of our email.

snvzz大约 6 年前

We need the Dark Mail Alliance more than ever.<a href="https://en.wikipedia.org/wiki/Dark_Mail_Alliance" rel="nofollow">https://en.wikipedia.org/wiki/Dark_Mail_Alliance</a><a href="https://darkmail.info/downloads/dark-internet-mail-environment-june-2018.pdf" rel="nofollow">https://darkmail.info/downloads/dark-internet-mail-environme...</a><a href="https://github.com/lavabit/" rel="nofollow">https://github.com/lavabit/</a>

LinuxBender大约 6 年前

GPG is hard for some, but 7-zip is easy for most. Not perfect, but perfect is enemy of good. Just put your email, files, whatever in a 7-zip encrypted and compressed file and email that.Tell your friend the password over voice chat, or some other chat that is in no way related to your mail provider. Even a weak password is better than trusting the mail provider to handle this job. Here is a 7-zip file with a very simple password. [1] Please reply with the contents of the text file in the 7z.[1] - <a href="https://tinyvpn.org/5/e/f/5efed61e6efe235d965547999292279e.7z" rel="nofollow">https://tinyvpn.org/5/e/f/5efed61e6efe235d965547999292279e.7...</a>

stirfrykitty大约 6 年前

If all one wants to do is communicate securely with another person and what your typing is private but not "illegal", then why even send email. Simply use the Drafts in GMail. Compose an email and leave it in Drafts. Each person amends the draft and they can agree on times to check and update. This has been done with great success before if you want nothing "going across the wire" so to speak.

nukeop大约 6 年前

Advertisement for tutanota. Just use GPG like everybody who knows what they're doing.

kjar大约 6 年前

Mass surveillance is kinda Google’s model

jimnutt大约 6 年前

So, I'm sure this idea has holes all over it, but how about a very simple service that you log into with your PGP public key, then would allow you to post encrypted messages to other PGP public keys and retrieve messages posted to your public key. It could be fully anonymous, depending on your choice of keys. It would be very similar to the mixmaster remailers, except it wouldn't actual mail anything as it wouldn't have any identifiable information other than the public key.

评论 #19448123 未加载

vlastik大约 6 年前

Why not something like Let's Encrypt, but for S/MIME?

评论 #19440933 未加载

Causality1大约 6 年前

"shows where Google's real interests are: Not in protecting their users' private data, but in harvesting it for their own benefit."Well, Duh. That's the deal. "in exchange for this service we will scrape your data in order to serve ads". If you don't like it go somewhere else. Google doesn't owe you a free email service.

hguhghuff大约 6 年前

The problem with Email is that it’s routed, store and forward, whereas there’s no reason why it shouldnt be point to point.If you wanted to revolutionize email then you’d create a point to point email service.

评论 #19442129 未加载

评论 #19441134 未加载

评论 #19440845 未加载

chiefalchemist大约 6 年前

I'm not a fan of email, and not only because of security / privacy. Yes, it's ubiquitous and convenient; and great for quick simple messages.But it's not (in a biz / life context) a project management tool. So aside from "where do you want to go for lunch?" the appropriateness of email breaks down pretty quick. Unfortunately, the habit and convenience not so much so.Ideally, we're nudging towards a tipping point where email gets replaced by more appropriate (planning and proj management) tools - even at the personal level.

评论 #19441937 未加载