A plea to Google: give us crypto

"Rolling out strong encryption for Gmail would be a win-win situation for Google," argues Julian Sanchez in Ars Technica.


  1. If you trust google to encrypt your communications, then you can trust google to decrypt your communications.

    1. If Google does the encryption on their computers, that’s true.  If they do it on your computer, by giving you an application that you can verify is trustable, it’s not true. 

      If they take an intermediate step, such as doing the encryption in a Javascript program at compose-message.gmail.com, then you have to either verify each time that they haven’t replaced the script with an Evil version or else risk getting attacked.  (The Cryptocat people found out the hard way that they had to redesign their application as a Firefox plugin to avoid this problem.)

  2. This is downright silly. Gmail is free because Google uses the keywords to serve ads. The article suggests Google has other methods and enough info on it’s users. Guess what? Google doesn’t think so. To ask them to provide Gmail for free with nothing in return is ludicrous. You want crypto? Use a system that supports it. And yes, you may have to pay for it.

    1. Yeah, this seems like the most obvious rebuttal. It’s not in Google’s best interests to encrypt our mail because it is in their best interests (or so they believe) to read our email for us and attach context-sensitive ads to it. Those 425 million email users aren’t free for Google. Without the ad revenue why would they give us email at all?

    2. They use keywords to serve ads, but they don’t have to. If you watch OTA television, that is being paid for with ads even though the network has very little idea who you are or what you like. Even without the email text, the metadata associated with the email still means that Google knows way, way more about me than the TV station does. So, they can still target ads to me more effectively than a TV station broadcasting with an antenna can.

      Personally, I would be willing to pay around $25 / year for email that supported client-side encryption. I use GPG all the time in Thunderbird (Enigmail) but it would be nice if I could use GMail for all of my mail.

      1. That’s a false equivalency. The whole point of online ads is that you can target them, and the more targeted they are, the more valuable they are. Even then, you still can’t sell ads online for the same prices that broadcasters get. Google is not going to rely on metadata alone for this. They’d have to drastically cut their prices to do so, and they’re not going to do that. There’s no reason for google to take this “plea” seriously. It’s simply not in their immediate interest.

        Bottom line: If you want encrypted email you have to pay for it and use client side encryption. And that is definitely an option. I pay for my email, and have for a long time (about $35/year with my own domain names, unlimited aliases, on-demand burner aliases for online registration forms, temporary serial passwords for travel and a whole lot more). None of the free services are as good as a paid one.

        1. Your bottom line is incorrect. If I were willing to live in Thunderbird all the time, I can have free encrypted email because there are lots of free email services that support pop or imap.

  3. It might be in Google’s best interests to offer a freemium service. Want crypto and other ad-free benefits (e.g. actual customer support)? Pay for it. FWIW, I’d be glad to.

    1.  A few months ago I decided that I wanted actual customer support, crypto, etc., and, after a pretty length research process, dropped Google for my email and signed up with countermail.com. I’ve been very happy with them.

    2. There are dozens of great ad-free, customer-supported email services out there already. Most of them are better than gmail. Just drop google and start using one of them. That’s the only way google will get the message that you really want that kind of service.

      1. Better in what way? I am a huge GMail fan because of the UI and I haven’t been able to find any that work as well for me. When I have to use a local client, I’m using Thunderbird and it’s awful.

  4. Plenty of non-web mail clients support GPG and they can all use gmail’s IMAP and POP3 interfaces; Mozilla Thunderbird is one. This has been so since email and GPG existed; I used IMAP + GPG in the 90s before there was a Google, and webmail interfaces could never compete on features. Why isn’t that enough for everyone?

    I think the correct conclusion here is simply “most users won’t give up 1% of convenience to gain 99% of security”. If all your email is stored encrypted, you can’t do full text search. Secure key management (how do you know the right public key for your recipient?) requires sometimes not clicking the “allow” button, and users hate that. Etc. etc.

    1. I should have addressed that the linked article proposes that Google should manage the key distribution for gmail users. Then mails could be signed and/or encrypted automatically – but only mails between gmail users, who are after all a minority of global email addresses. 

      Also, Google couldn’t provide several existing features to users who enable encryption. This includes full text search, spam filtering, and custom filter rules based on email contents. If Google offers to users to enable encryption at the price of disabling search and spam filtering, less than the proverbial 1% would accept the bargain. But if only 1% of Google users use encryption, the purported network effect of signing up all Google users doesn’t materialize, and there’s no real benefit to be gained. People who want encryption already have it, by not using webmail.

  5. Use your Gmail account to perfect your public persona. Write nothing incriminating. Don’t use it to communicate with those likely to incriminate you. For sensitive communications, use public wifi, computers bought with cash and secure mail.

  6. That was a good article   I remember the crypto wars of the 90’s, and the hope that existed that encryption would become common once people could legally use fairly strong encryption.

    In my observations, crypto was just too hard for people in general to understand and use, and like the article notes, no one ever properly integrated it into a widely spread easy to use form.  Google could do this, and I would welcome it, and may even use it in some instances.

    In general, however, the only people one is hiding things from with encryption is law enforcement and employees of services along the way, and so while unencrypted email is like a post card, in most cases, only the sender and recipient see it, and while keyword searches happen along the way for security and advertising, most email is not viewed by prying human eyes unless one is suspicious.

    Privacy is a relative comparison, not an absolute condition.

  7. I am confident that Google knows exactly how much the ads it shows me net it in a year. It should offer to sell me encrypted e-mail for that amount plus some constant.

    1. If you want serious crypto, Google just isn’t the right company.  They don’t offer it because it isn’t worth the effort to cater to a group that isn’t going to trust them fully anyways.  All the stuff that makes GMail useful breaks when you put real crypto on it.  You can’t search it, the spam filters stop working, and it is no longer free.  Anyone who wants those things simply gets another e-mail service, preferably one located in an obscure country not known for responding to search warrants from foreign nations.

      The solution isn’t for Google to offer good crypto.  The solution is to use something other than Gmail.  Getting crypto from Google is like getting an ARM Linux computer from Microsoft.  It is dumb and no one would want it if it was offered.

  8. This is not very likely to happen with Mr. “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Eric Schmidt-head…

  9. The hard part is dealing with spam – they’re not just parsing your email for advertisers, after all, and good spam filtering is one of the reasons Gmail became popular.

    Unencrypted incoming mail can still be handled with the current tools, but for messages that are sent from Gmail, if they’re encrypted on your computer, Google can’t filter them (whether they’re too other Gmail users or to outside), and they’d probably need to rate-limit mail or use captchas on each message or something similarly annoying to prevent themselves being a major spam source.

    There’s another case – incoming encrypted messages.  Obviously there aren’t a lot of these now, but if Google provides a convenient keyserver and an open format, that could change, and they’d be limited to RBLs and similar blocking approaches plus rate limits.

  10. Much confusion about how crypto works here. 

    * Of course, Google could still filter for spam. Spam would come in unencrypted (because spammers probably can’t afford to pay the CPU cost of encrypting it).

    * They could _store_ your inbox and sent-folder in an encrypted state, sure. But that would buy you nothing, unless they had a HushMail-like scheme with a trusted client-side app for interacting with the site. This scheme in itself has some pretty big problems (in practice, it would not be hard for Google to serve up a compromised client side app if they wanted to/were forced to spy on you). 

    * For you to send encrypted mail, some sort of protocol would be needed (including a protocol for quickly and reliably getting public keys), otherwise your poor recipients wouldn’t understand a word (and quickly tag your scrambled messages as spam). You face the same problem when receiving encrypted mail from outside gmail. Developing and gaining support for a new protocol isn’t trivial.

    As anyone who has used PGP/GPG knows, email crypto faces barriers to adoption that aren’t related to how hard the software is to use. There is (or was) a browser plugin to get encryption support in gmail, try it out and see.

Comments are closed.