Google has announced the development of a new encryption tool, End-to-End, for their Chrome web browser. Although still under construction, once ready it will be available for download through the Chrome Web Store as a Chrome extension.

End-to-End is intended for users who for their own reasons need security measures for their email beyond those that are already built into Chrome. End-to-End will help protect against malware and phishing and against government surveillance and other privacy intrusions.

Put simply, sending an unencrypted email is like mailing a postcard. It becomes readable to anyone who sees it in transit. Encrypting email is like sending the postcard in an envelope, safe from visual perusal.

The extension will encrypt data leaving the Chrome browser until the message's intended recipient decrypts it. Incoming messages will be decrypted upon receipt in Chrome. End-to-End will work with any web-based email provider. End-to-End will not operate on mobile devices, since Chrome for mobile devices doesn't support extensions.

Google is releasing the code for End-to-End to developers for evaluation and testing. End-to-End is also included in Google's Vulnerability Reward Program, which offers financial rewards for those finding and reporting security flaws in Google products.

Encryption tools already exist in abundance, but most of them are difficult to understand and use. In End-to-End, Google will be using OpenPGP, an easier to use open standard supported by many existing encryption tools.

Basic encryption services are currently in place within Gmail, Google's email platform. Gmail uses Transport Layer Security (TLS) and will automatically encrypt incoming and outgoing emails if it can. Unfortunately, it still takes two to tango, and the recipient of Gmail messages must also support encryption.

According to Google, about 50% of emails sent to Gmail are not encrypted. However, as more providers strengthen their own commitment to encryption, that percentage should rise accordingly. Internet provider Comcast today announced that they will also now encrypt their customers' email.

End-to-End will serve as an enhancement to Chrome's basic email encryption methods and provide an additional layer of protection. It will pick up where TLS leaves off. Messages encrypted via TLS remain that way until delivered to the recipient's server. End-to-End ensures that the message will remain encrypted on its journey from server to the recipient.

In committing to End-to-End, Google may be sabotaging its own practice of gathering information from emails within its servers for marketing and advertising purposes. It remains to be seen if Google has an alternative in mind.

ⓒ 2021 All rights reserved. Do not reproduce without permission.