As reported on The Verge.
By Russell Brandom
Google wants to make it easier for Gmail users to encrypt their emails, according to a report in VentureBeat. PGP has been an open-source encryption standard for nearly 20 years, but the protocol has been dogged with usability issues that many claim have kept it from broader use. As a result, engineers at Google are working on ways to make PGP easier for users, as part of a larger push for stronger user security in the wake of the NSA revelations. It’s still unclear exactly what form the measures will take, and the details of the implementation will make a huge difference in the security of the final product.
The biggest concern is whether users will be able to hold their own keys, or whether the keys will be kept on Google networks where they could be vulnerable to NSA attacks. By its nature, PGP doesn’t allow for a password reset, and only the end user has the capability to decrypt a message. That makes life difficult for many users, who expect to be able to reset their password if they lose it. It presents an even bigger problem for Google’s business, since it means the company would not be able to use the encrypted text to target ads. Reached by The Verge, Google declined to comment on the company’s plans, or when the service might be available to Gmail users.