5 Things Google has Done for Gmail Privacy and Security

1303

4

2016-03-29 22:43

5 Things Google has Done for Gmail Privacy and Security
Enhanced State-Sponsored Attack Warnings
Apple vs. FBI case urged every company to beef up the security parameters to prevent their services from not just hackers but also the law enforcement.

Google for a while now has the capability to identify government-backed hackers, and notify potentially affected Gmail users so they can take action as soon as possible.

Google recently announced on its blog postthat it will alert Gmail users about the possibility of any state-sponsored attack by showing them a full-page warning with instructions about how to stay safe — very hard to miss or neglect.

Meanwhile, the company revealed that over 1 Million Gmail accounts may have been targeted by government-backed hackers so far.

Although Google has warned Gmail users of state-sponsored attackers since 2012, the company neither disclosed the exact number nor explained how it knows of such hacking attacks.

However, Google said that it knows who the targets are – the list often includes "activists, journalists, and policy-makers taking bold stands around the world."

2. SMTP Strict Transport Security (SMTP STS)
A new security feature dubbed "SMTP STS" has been on the bench of the Internet Engineering Task Force (IETF) to obtain a green signal.

This new email standard is developed in a joint effort by the engineers of top email services including Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development.

SMTP STS has been designed to enhance theemail security by preventing Man-in-the-Middle (MitM) and encryption downgrade attacks that have compromised past efforts like STARTTLS at making SMTP a more secure protocol.

SMTP Strict Transport Security (SMTP STS) runs on top of the STARTTLS feature to strengthen SMTP standard.

SMTP STS will check if recipient supports SMTP STS and has valid and up-to-date encryption certificate. If everything goes well, it allows your message to go through. Otherwise, it will stop the email from sending and will notify you of the reason.

3. End-to-End Encryption (via Chrome Extension Only)
Google announced the End-To-End encryptionfor its users almost two years ago, but still, the novel feature is yet to release.

The idea is to develop a browser extension that ensures its users Privacy by implementing the complex, yet secure PGP (Pretty Good Privacy) encryption in an attempt to fully encrypt messages that even Google can not read, nor anyone else other than the users exchanging the emails.

With this goal in mind, the browser extension will let users create their private and public encryption keys within their browsers. The public key will be uploaded to Google's servers, while the private key will be stored locally in the browser.

How the End-to-End Chrome Extension Works:
When a user sends an email to the other user with a PGP key, his or her browser will automatically download the other user's public key from the server and encrypt the content of the email.

However, the work is still in progress, and the company has not revealed that when it is planning to release the browser extension.

Although Google made the source code for its End-to-End Chrome extension open source via GitHub almost a year ago, so that researchers can review it, the stable version is yet to release.

For now, you can try an alternative method to send encrypted emails. We have written a step-by-step tutorial article on how to send end-to-end encrypted emails to others.

If difficult, you can try a Swiss-based,ProtonMail, a free, open source and end-to-end encrypted email service that offers the simplest and best way to maintain secure communications to keep user's personal data safe.
4. Gmail's Red Padlock Alert
Previously there was no method to ensure whether the received email had been traversed via an encrypted channel or not, which could be subjected to scrambling orMan-in-the-Middle (MiTM) attacks.

But last month, Google introduced a security measure in Gmail service in the form of a smallRed Padlock next to a sender's email address in an effort to highlight users if the message has been sent through an unencrypted channel.
Source
Play news stand