Google's made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they're refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest.
Once you've successfully infected your victim's computer with malware, you want to be able to send it orders -- so you spawn an invisible Internet Explorer window, login to an anonymous Gmail account, and check in the Drafts folder for secret orders.
My latest column in Locus magazine, Security in Numbers, looks at the impossibility of being secure on your own -- if you use the Internet to talk to other people, they have to care about security, too.
Google has announced support for end-to-end encryption with Gmail, a major step for privacy and a major blow against mass surveillance. Gmail users who install free and open Chrome plugin will be able to send and receive messages that can only be read by people who have their intended recipients' passphrase, and not Google -- meaning that even if the NSA legally or covertly taps into Google's data-centers, they won't be able to read mail that's encrypted with the End-to-End plugin.
This is marvellous news. There is already support for Gnu Privacy Guard (GPG) and Pretty Good Privacy (PGP) in Gmail, through Firefox plugin or Chrome plugin, but long experience has shown that many people are confused by PGP/GPG in its current state.
What's more, Google has explicitly tied this to the Reset the Net campaign (in which Boing Boing is a partner), a global day commemorating the Snowden leaks and calling for an Internet that is made strong and secure from mass spying.
Google continues to try and cram its users into Google Plus, its also-ran social network. The latest move allows people who don't have your Gmail address to send email to your Gmail account by using your Google Plus ID. I have a Gmail account that's associated with my Android devices and the last thing I want is for people to start sending email there. Thankfully, there's a way to opt out (though it would have been much better if it was opt-in). Tl;dr: Gmail -> Settings -> Email via Google+ -> Off.
SpyFiles, a new project from Wikileaks and several partner organization, is based on 287 secret documents revealing a campaign of mass spying on users of webmail, GPS, and mobile devices, with this data being sold in a covert, 25-nation global marketplace that Wikileaks claims is worth $5 billion. At present, the underlying documents are not available (Wikileaks is withholding them as part of a fundraising drive), but an interactive map showing the spying on a nation-by-nation basis is up and running, and there's a page showing the press reportage on the map.
Today the Sunlight Foundation launched Inbox Influence, a tool for Gmail that instantly shows you the political giving and lobbying history of the people and organizations mentioned in emails you receive. The easy-to-use tool can be used as a first step in researching influence background on corporate correspondence, adding context to newspaper headlines or discovering whom is behind political fundraising solicitations.
Inbox Influence works by tapping into Influence Explorer, Sunlight's library of federal and state data of political contributions, lobbying records and more. It provides details on any identified entity in the body of the email, plus information on both the sender of the email and the company from which it was sent. With it, you can even see how your friends and family have given to political campaigns.
Someone called Joester is purporting to show us how to block out gmail ads by using magic words in email messages, such as 9/11 or "suicide." In other words, the ads that appear when your email is catastrophe-free:
...are gone when the email you receive contains trigger words:
But it's not as easy as it sounds. Putting the key words in a signature file doesn't work; the ads return. Also, writes Joester:
If the message runs long google turns the ads back on. However, if you add another "sensitive" word they go off again. After extensive testing I've discovered you need 1 catastrophic event or tragedy for every 167 words in the rest of the email.
Questions remain. What are all the trigger words? How do you avoid scaring the people who receive your emails with your seemingly pointless references to incest and gang rape? More importantly, shouldn't this be more accurately described as a method for helping the people who you email who have gmail avoid ads?