Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
New in Gmail: Making E2E encrypted emails easy to use for all organizations (workspace.google.com)
77 points by skim 11 months ago | hide | past | favorite | 21 comments


https://support.google.com/a/answer/14309952

> Users with a consumer Google Account (such as Gmail users) can't access client-side encrypted content, send encrypted email, or participate in client-side encrypted meetings.

> To view or edit client-side encrypted content, users must use either the Google Chrome or Microsoft Edge (Chromium) browser.


That's just absurd. Requiring both a specific (paid) email provider and specific (both funded by ads) browsers is a joke.


Why?


Email exists between providers in its current form because there weren't people trying to figure out how to insert themselves in between so they can make money. Justify needing a better reason


Thought this was an April Fools joke - please tell me it is! That UI looks exactly like a phishing email. And then to make users login once they click it? Exactly like a phishing email.


Here's a better one: Breaking: Gmail starts using the whitelabel version of Tuta Mail so that 2.5 billion users will get automatic encryption.

https://mastodon.social/@Tutanota/114262092716832489


Google have a history of releasing products on april 1st, gmail itself was right?


> When the recipient is a Gmail user (enterprise or personal), Gmail sends an E2EE email. The email is automatically decrypted in the recipient's inbox, and the recipient can use Gmail in a familiar way.

So what happens with Search?


Random unpolished idea: a (local) search engine that runs when seeing the email and stores the keywords encrypted in its index..

So if you're looking for "Nigerian prince" it will look up "Avtrevna cevapr" and return references to the emails containing that term.


Is that an April fools joke? Proper encryption suites don't produce something that looks like a Caesar cipher, it's just a solid block of seemingly random data. You can't really index something like the words inside an email unless you first decrypt it.


Reading all parts of

https://esl.cs.brown.edu/blog/how-to-search-on-encrypted-dat...

might allow for some options to solve this problem.


Right, I do understand that with some setup involved, there are ways to search against encrypted messages but simply being given a brand new chunk of encrypted data with no prior knowledge of the contents would be impossible for anyone to index other than the recipient using the key. There would definitely be a way for the client-side to automatically download an encrypted email, decrypt it, index it, and keep an index database using whatever method while simultaneously keeping the originally encrypted email secure on the server.


ProtonMail downloads the whole mailbox to browser storage to support fulltext search.


Whew!


Judging from the screencast, this UX is going to be a great gift for scammers.


I mean, this is almost the same as the external Office 365 screens for encrypted mail just with Google’s design language, so maybe it doesn’t happen as often in practice?


Google and privacy is like Zuckerberg and moral or JD Vance and self-reflection. Only on april 1.


This is like their 3rd or 4th attempt to do encrypted email.


Is this a .gov selling feature they are letting us mere mortal corporations play with?


April Fool's!


Ummmmm, E2E on a JavaScript-infested website?

No thanks. Just, no.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: