Did you know half of emails Google received in early June 2014 were sent in plain text rather than encrypted? Luckily, they are trying to make OpenPGP easier to use for Gmail users. Well, sorta. Earlier this month, the search engine giant released Google End-to-End, which is an open source plugin for the Chrome web browser. It makes it super easy to implement OpenPGP in the browser when using products like Gmail.
According to Naked Security, “It isn’t available as a plugin to the public yet, so you have to check out the source code and compile it yourself (including working out typos in the instructions and using an old version of Python).”
Still, the fact that they’re moving forward with this is a good idea if it helps more people use encryption technology that is currently available. While the bad guys and/or government spies may not like emails becoming protected, making it easier to use OpenPGP is going to help protect the privacy of many.
As mentioned, the plugin is very much in Alpha stage. Case in point is the fact that it will only generate elliptic curve (EC) keys. If you know anything about PGP, you know most people use RSA keys. You can still use End to End by generating your RSA key elsewhere and cutting and pasting it into the configuration screen.
Once the plugin is up and running, you’ll have a small icon in the Chrome toolbar. Clicking it will allow you to sign your messages and encrypt them if you want. Signing a message lets the receiver know that it was absolutely you that wrote the message, but it won’t protect it. If you want to encrypt your message, you need to be sure that you and the recipient have swapped keys in the past.
If you were wondering, encrypting your messages means Google can’t “read” them in order to decide what ads to display on your Gmail page. Even better, only the person you send the message to will be able to read it. PGP has been around since the very early days of the internet, but it’s not used by a lot of people because it can be a bit tricky for some people to set-up and use.
While the plugin needs quite a bit of work – especially with the UI not being super intuitive – with internet companies like Google trying to make it easier to use PGP, the future may be brighter and a bit more secure. Additionally, Google’s End to End may spur other companies to step up and try to make using PGP easier for the masses.