Google announced that end-to-end encryption would be coming to Gmail.
What a sweet day!
Finally Google does something good.
Is it a new protocol to exchange public keys?
Maybe some way to fetch public key from destination server?
Oh sweet summer child.
The way Big G did it, is in the most annoying way.
The sender encrypts the message with her own key, an email with link is sent to receiver and if he wants to read it, he needs to open something they call “minimal gmail”.
Yes, you’ve got that right.
To read an email sent from Gmail, one needs to use Gmail, even he never had any Google account.
I’m not going into how much this is not E2E, as this has already been proven.
But what I annoyed me the most is how Google assumes that only Gmail is worthy to read email from Gmail.
Until recently, there were basically three subcategories of email:
- Normal email
- Gmail
- Outlook
While the underlying exchange protocol is standardized,the later two have enough big market share to add custom behavior.
And no one cared, because if you’re using G or O, you have no one else to blame but yourself (or your employee).
All we care about is being able to send email to the big two, which can be pain in the ass (I’ve heard).
But this power move is different.
If I receive an “e2e” encrypted email from gmail, I will not be able to read it without going to a Google service.
This means browser, javascript, tracking and all that crap.
“IT teams also have the option to require all external recipients (even if they are Gmail users) to use the restricted version of Gmail. This helps ensure that their organization’s data does not end up stored on third-party servers and devices. It also makes it easier for organizations to protect their data by having the ability to apply security policies and revoke access to emails, no matter how long ago they were sent. Essentially, the E2EE email becomes like a document in Google Drive, allowing the IT team to control its access.”
— Google’s documentation
This makes Google the actual owner of the sent message.
I can not read it (I will not open gmail!), I can not search for the email, I can not do anything.
My Email becomes just a notification channel I pay for.
“The recipient can then use a guest Google Workspace account to securely view and reply to the email” my ass.
Ergo: such emails go directly into spam list.
