Shared publicly  - 
 
If you’re sending confidential information by mail, you wouldn’t put it in a postcard. And if you want your email to be protected from snooping, both you and the people you’re emailing with need to use services that support encryption in transit. Emails sent between Gmail users are encrypted as they move between our data centers—but about 40 percent of emails sent between Gmail and other providers aren’t encrypted. Learn more in a new section of our Transparency Report: g.co/saferemail .
3792
1141
Elizabeth bailey's profile photoOlusola Owoyemi's profile photoNancy Jones's profile photoThaison Tranhuynh (samtron1412)'s profile photo
197 comments
Translate
 
End to end sounds fun. I hope you implement it in gmail without the need for extensions which would again need a specific browser rather than being able to generally use it everywhere gmail runs.

That's the problem of all the pgp things. You need the extra software and can't use it while not home.
 
It is not possible to encrypt end-to-end without a specific software.
 
How about actual encryption with GPG?  I guess it wouldn't work seamlessly because of having to transfer the private key and stuff...
 
If google can read it, then the government can read it.
If google is "scanning content for ads" then they are reading it.
 
+Google Your gmail app is missing the all too important s/mime class. I can encrypt an email that can only be opened by the recipient and include a digital signature. When will gmail have this feature?
 
If you use Google Apps for business, you can even control policies at the domain level.

On a recent project I worked on, I could configure policies that would reject email between our domain (inbound or outbound) and partner companies on the project if it wasn't encrypted. The Google Apps controls allow this to be done globally for all email to/from the domain, or for specific third-party domains, and the policy can be selectively applied for different groups of people.

I will add that, if you are dealing with emails that are sensitive, I recommend implementing such policies for domains you know should support encryption as it guards against email being sent unencrypted in the event the other party accidentally breaks their email encryption setup (e.g. TLS certificate expires).
 
Maybe you can finally add some form of encryption into the Android mail apps as well?
 
I agree more email providers should use tls. As they mentioned it's not a one all perfect solution but it works and encrypting the contents using PGP in addition to transit security is the best solution.

The funny thing is many email providers use tls but they don't use https while viewing emails for example AOL. If you do security don't skimp on any part. 
 
Thank you Google! Now please use G+ for key exchange and Web-of-trust so we can secure our mail from ALL threats.
Marcin W.
+
9
10
9
 
And what if NSA will demand access to email on your servers, heh? You wouldn't even be able to say that you gave those email away.

End to end encryption is not what you think it is. It's not Gmail to Gmail but email client to email client. In short: if you need secure email use PGP. 
 
PGP relies on public key rings right? s/mime with commercial certificate authorities.
 
You actually need to use both PGP/GPG and TLS +Marcin W. 
PGP doesn't encrypt the "metadata" headers, and this can be used to glean an awful lot of information, or even to come up with excuses to get a court order (based on your favourite pizza company's delivery boy's uncle once bought something from a suspected terrorist's friend on eBay...).

Encrypt both the transport and the content, and that makes life hard for abusive abusive Government agencies and other criminals.
Translate
 
That is disconcerting news
 
+John VanRoekel, +Marcin W.  with the end-to-end encryption Google won't have the decryption keys keys and won't be able to scan or otherwise read the e-mail, and can only provide unreadable encrypted data for government requests.
 
Still better to implement signing of e-mails at the very least. I'm making the move to encrypting e-mails myself.
 
+Shawn Willden read carefully.  It is encrypted from you to google, or from google to you.  But not at google.  Google can (and does) still read it in-between, which means that the government can read it whenever they want.
 
Incredible to think the bad guys would look to analyze meta data. But hey, if that's the current state where they are, then yeah, encrypt it all...
Kevin W
+
7
8
7
 
Would be nice if Gmail fully supported GPG in-browser. 
 
Sorry, +John VanRoekel, I was talking about the end-to-end encryption extension which Google just announced, but which isn't mentioned in this article. This article is just about TLS encryption of mail in transport between SMTP servers -- which is a good thing, and which Google is doing good work in pushing -- but it isn't end to end.

Here's the article about the end-to-end extension: http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html
 
So, do you allow the gov to read our email between gmail users?
 
All good with Gmail, but it would be Great if Google itself stop reading Emails to deliver relevant advertisement.
 
Thanks for the update, this is all good information to be aware of.
 
I'm not sure I understand the question, +giuseppe andrioli. The ads are what pay for the service.

BTW, I should mention that although I work for Google I am not representing Google. I'm speaking only for myself.
 
Sucks so many people have so much to hide
Just living lies.creating chaos.

 
+giuseppe andrioli, I think if you paid Google for Gmail without ads, Google would not scan your email for advertising information. Of course, Google doesn't currently offer that option. My question was a hypothetical. It's one worth thinking about, though... suppose Google makes $10 per month from showing you ads. Would you rather see the ads, or pay the $10?
Paul M
 
Excellent. 
Piero G
+
1
2
1
 
+Shawn Willden I sincerely doubt that the amount of money that google makes by profiling its Users is less then 10$/month. Also, those big-data they gather are extremely tasty for their AI experiments, so..I'm with +giuseppe andrioli on this. Luckly there are several european companies that offer nsa-free encrypted email services. 
 
What use of an encryption if at the end of each datacenter would share our data with the evil fed?
 
Likely better than the "postcard" approach.
 
If you had native GPG support you could make the claim that you give a damn much more seriously. 
 
I was wondering if anyone here has had bad things happen to them due to the NSA spying on their email?
 
i don't get why everyone is so scared of the NSA snooping on their email, i mean, if your a normal American citizen, they probably don't give 2 shits about who you are.
 
The only fully secure way is tor...
 
Now if you'd only allow TLS on your S2S XMPP connections.
 
Gmail has been blocked since May 27 by GFW in China, as well as all Google service. Fight back, Google!
Translate
 
People need to relax. +Arie Chen has the right idea. Seriously, they could give a rats ass about people that are not on their radar. And what exactly are you sending in email that is so secret that if someone that you will never meet or even know exists might happen to glance at it if it even ever gets displayed anywhere but the recipient. Second, google targeting ads is basically them just using the mail servers, which can already see your email and its contents anyway, in a way to generate revenue. Its not a person reading your email, its an automated system, a machine made of plastic and metal running a script. Stop being so paranoid. Unless you have something to be paranoid about 
 
I don't think anyone my communications aren't addressed to has any right to access to them. We have courts and subpoenas under the constitution. 
 
I agree with +Kevin W in that I would like to see gmail natively support PGP/GPG. Plain-text support for gmail on Android would be nice too. 
Translate
 
Thanks to the evildoers, put emails have been postcards. In fact, so has the rest of the Web lololololol
 
thats why i am using it more than two years i guess or almost three years
 
por mais que falamos os nosso e-mail sera sempre lidos porque o homen nuca fez coisa perfeita
Translate
 
+Cory Capps then you have to upload your private key to the Google servers. If you of course want to encrypt in the Gmail cloud?
 
Forget encryption. I agree that we should start with simply digital signatures as routine in emails. Imagine the reduction in spam! That alone should be motivation enough. To do that, though, would require S/MIME support as previously pointed out.
 
What about Google "scanning" my gmail to deliver "relevant" targeted Ads to my inbox ?
 
I'm very fond of Google products and services, but I just can't trust them for cyphering my private datas.There's long existing and efficient and trustworthy alternative as GnuPG, and I'll stay with it.
 
I wonder why the weekly trend --- on weekends more mail to Gmail and less mail from Gmail is encrypted; it's a clearly visible when you look at the 90 days period. Very interesting.

Also: Sure, PGP is a better option against NSA, but what Gmail does is pretty enough for protecting emails from your bank and such stuff from your wanna-be-hacker neighbours if you use WiFi.
 
1. Google doesn't "read" your email, period.

2. Google does "scan" your email and that is used for targeted ads, but is also used for filters, mailbox searching, anti-spam, antivirus, and phishing protection

3. If you don't want targeted ads from scanning your email, pay for Google Apps where it is an option +Piero G

4. Expecting Google to provide PGP or S/MIME encryption within Gmail is dumb, especially if you believe Google routinely give your emails to the NSA (there's no credible evidence they do, but tin-foil hat wearers and Microsoft apologists will believe what they need to ).To do this would require you to upload your private keys to Google which would defeat the point. This sort of encryption only makes sense if you keep the keys locally, and private. There are plans for an open source browser plugin for this which makes much more sense. Otherwise use a POP3/IMAP client with local PGP. PGP encryption is your responsibility, not Google's.

5. This post is describing transport encryption which is at least as important as using something like PGP to encrypt the email contents. Transport encryption protects your whole email conversation from prying eyes, whether that is the NSA or other Governments, competitive companies, Russian/Chinese Mafia, or random extortionists. PGP alone will not do this. Transport encryption also work for every email, whereas PGP can only be used if you have exchanged security keys/certificates with other people in the conversation. For most people, and for most emails that means PGP cannot be used. Personally I believe transport encryption is more important than PGP. Obviously using both is best, but if I had a choice I would want transport encryption over PGP as it gives the widest protection.


 
IM SAFE IM SAFE IM SAFE ERR WHATS THAT??? UHH OH, BUT HOW  DID U KNOW THAT????
 - JUST WHEN I THAT SHADOW WAS MINE??
 
Easy. Support S/MIME without all that nasty third party outdated browser Penango crap.
 
+Pereira Braga Hence I said "There are plans for an open source browser plugin for this which makes much more sense.". It was this I was referring to.
 
I hate to open any mail,  you never know who to believe any more :(
 
+Ronny Terhuerne the problem with encryption IS that it takes effort on the part of both parties, but that is the nature of the beast. If it is important to us we will make the effort. If we consider it to be too much work we will get the security that we will have earned. To some extent the days of holding your hand the whole way are over. Take some responsibility.
 
+Keith Milner :-) Yeah my point is that "there are plans" and "code ready/functional" are very far apart. ;-)
 
I think we are close to arguing semantics +Pereira Braga . I suspect we are basically in broad agreement.
 
+Google  this is an illusive poste.
i know #Google read, analyse and collect all sort of informations about  the users of google services even their personal mails.
 
+Hemza Kheribot all online services do that. That's technically impossible to create a mail server which won't "read" mail. Even without search.
 
+Anton Derbenev but why google keep all sort of information 30 years even after account delete ????
infos = money
 
"I personally believe" or "I suspect" is not the same as "We all know"  +Garratt Campton 

Unless you have firm and unequivocal proof of your claims, then you don't know at all.

As for nothing being private in Gmail, the same applies to pretty much every email system in existence. Gmail is, however, a lot more private than most, and that's what this post is about.

And, clearly +Garratt Campton  I know a damn sight more about it than you.

Unlike you I'm rather more than some half-assed SEO shyster who read a few badly written opinion pieces on the Internet and thinks he knows everything. 

I have spent the last 20 years of my career designing, building, securing and running large parts of the Internet infrastructure around the world, including working on systems for legal intercept.

I'm not going to bother arguing about it any more with you though. It's pointless and, as Mark Twain said, you will drag me down to your level and beat me with experience.
 
Está tudo dito e discutido por muitos usuários desta rede social, mas eu fico ma hipótese de que tudo merece mais cuidado!
Translate
 
+Arie Chen It's about the precedent it sets. If we don't take steps to guard our rights to privacy, then those rights erode over time by the consistent trampling of them and lack of will to protect. Government power tends to want to expand. And with expansion the prospects for abuse expand as well. This is why our forefathers intended to have limited government. But now technology is creating more and more ways and excuses to infringe on our right to privacy. And that right has to constantly be affirmed otherwise it will be lost to us. On the other hand the NSA has to have the ability to protect us. There needs to be balance. So we need better checks on its power. 
 
+Shawn Willden Ah, thank you for the clarification.  I had not seen that.  A pity that it is chrome only.  Of course it has the same problem that all PGP has.  It only works if you first get a key into the hands of all of the thousands of people you interact with, without using electronic communication.
This is the real problem with all existing encryption technologies.  If you truly need security, it is relatively easy to set up relatively secure communication between two people.  But if you simply believe that people (other than the intended recipient) shouldn't be reading your mail, you still have no real solution.
Translate
 
+John VanRoekel, yes secure connections between random people are hard. Really, impossible without a trusted third party to act as introducer. S/MIME uses a CA in that role, but that requires users to buy certificates. I suppose Google could play that role with OpenPGP keys (and perhaps will), but that would again put them in the position of being able to subvert the security.
Elena P
 
Замечательно!
Translate
 
Google could support S/MIME and GPG in the web based interface, and on mobile devices. That would protect data more effectively than TLS use in transit between mail servers.
 
+Shawn Willden Exactly.
At the end of the day, my complaint isn't so much that people are gathering information on me.  It is that people, from federal agencies to major corporations, are lying to me about gathering information on me.  If you are going to gather information on me, while denying it, and allowing me no access to it, then I am:
(A) going to be annoyed. 
And (B) do everything within my power, technological ability, and time I am willing to spend, pissing in your data pool.
 
+John VanRoekel, Google, at least tells you what they're gathering, what they're using it for, and gives you a dashboard to let you see and/or delete it. Not to mention offering tools to make it easy for you to opt out if that's your preference.
 
+Shawn Willden not really.
There are two levels of information that google admits to gathering about you* "Stuff you tell us" and "Stuff we figure out on our own" google it pretty good about demonstrating some level of control over the first** but they give effectively zero control over the second.  For example, they do admit that they use effectively any technology available to them to identify you and your devices and track your location. 
Check the dashboard and find where they make that information available to you, or where you can request its removal.  The dashboard is a joke because it effectively allows you to see the stuff that you already know about, without allowing you to see the info they gather on you that might actually be interesting.


*And they have been caught in the past gathering information that they said that they weren't
**Without any outside audits.  So, our "delete" command could just be a "move to google archive" command.  Again, they have been caught with their hand in the cookie-jar before.

http://www.google.com/policies/privacy/
 
Now if they would only add gpg support to gmail in a browser.
 
buena nota,para tener en cuenta y ponerlo en practica
Translate
 
+John VanRoekel, you're claiming that Google keeps a separate, more detailed profile on users than what they admit to. Do you have any evidence for that claim? Or that Google has been "caught" in the past gathering information they said they weren't?

I can't prove Google doesn't keep a separate profile on you, of course, though I can tell you that as a Google engineer who works on security infrastructure, I've certainly never seen any evidence of any such thing, and I think I would see it if it existed. I'll also point out that the Buzz consent decree means that Google's privacy practices are audited regularly, so the FTC's auditors would call out deviations from the published privacy policy.
 
i forced all my friends to use Gmail. 
 
+Shawn Willden As for getting caught gathering "extra" data:
After reluctantly agreeing to "Do not Track" google then bypassed Safari user's settings to track them anyhow.  When caught, they immediately stated that they only had the purist intentions and never intended to use that data.
Then there were the packet-sniffers on the street-view cars.  Again, they never intended to use that data.
These are public knowledge so yeah, they have been caught.

As for a separate file:
When I made the mistake of agreeing to a personalized + URL, google made my phone-number reverse-searchable, and non-editable (by me).  Something that I was not happy about.  When I pointed this out, and insisted that I be able to edit or remove this information, I was effectively  told that the reason the field was not editable was that it was never intended to be seen by me, and had been included by mistake.  That field came from somewhere, and that somewhere is a place I cannot access.  The part visible to me was eventually fixed, I have no doubt that google still has that number on file.
https://plus.google.com/+JohnVanRoekel/posts/derpwx2EdEG

As for location tracking.  Google admits that they do it in the privacy policy, and they do let you see a bit of it if you scroll all the way to the bottom of gmail and click on "Details" for account activity.  Now show me in the dashboard where that same information can be accessed or removed.

I am happy to hear that the FTC is taking a look at some of google's privacy claims, however google's track-record is not impressive in the area.
 
+John VanRoekel Your home computer has complete read privileges to your data. Do I care if computers at google are reading my data? No human can read it.
 
+Isaac Leonard I have control over data on my computer.
google and their employees have control over the data on their computers.
And, yes, humans can read it.  They do so every time they hand information over under a warrant (which I have no problem with by the way.  I like legal process)
(Edit for typo)
 
+John VanRoekel, first I should clarify that I am speaking as a private person, not a representative of Google. In fact, company policy actually discourages me from making comments like these, and I have to tread carefully to avoid getting myself in trouble here.

On the Safari thing, that was a mistake, and it was also (IMO) overblown. The workaround was used to make the G+ +1 button work for users that had opted in. It was wrong, and if the privacy team -- much less higher management -- had heard about it, it wouldn't have happened.

On the Wifi packet sniffing, that was also a mistake, and also overblown. When Google discovered what was happening, they volunteered the information to the relevant authorities, then cooperated fully with the investigation. Those aren't the actions of a company trying to secretly collect information, they're the actions of a company that made a mistake and is trying to fix it.

In a company with 20,000 engineers, mostly operating with a great deal of self-direction, mistakes do happen. The fact that Buzz, Safari, and Street View Wifi are the only significant missteps to me indicates an extremely effective focus on user privacy, particularly since all of those predated the establishment of formal privacy reviews. The fact that they happened means that the privacy reviews (a mandatory part of any design review) are necessary, that merely having a culture of respect for user privacy isn't enough, but the fact that the list is so small is ample evidence of the culture of respect.

Also, none of those examples fits your claim, that Google denied collecting data but was then found collecting it. I was fully aware of those when I asked for evidence, and I asked because I wanted to see if you knew of something that actually fit that description.

I don't know what the deal was with your phone number; I strongly doubt that Google made it reverse-searchable. It's possible that the data was stored somewhere and that it had to be cleaned up. I'm aware of cases of user information having been inadvertently collected by teams I work with... and as soon as someone notices it, the privacy team is notified and the data is destroyed. Problems are inevitable, what matters is how they're addressed, and Google does a good job. Of course, that's based on my insider perspective; I can't prove it to you and I could be lying.

On location tracking in Gmail, yes, Google uses your IP address to guess the location of your logins. The information is used for security purposes (to flag when someone from an unusual place logs into your account -- this catches a lot of account compromises) and for localizing searches, etc. All of this is plainly spelled out. There's also Android-based location tracking, which is entirely optional, and if you enable it there's a nice dashboard which you can use to see everywhere you've been. I actually have that on and find it quite useful on the occasions I need to remember where I was at a specific date and time.

Finally, if you're really concerned about Google and privacy, how can this be the first time you've heard of the Buzz consent decree, and the FTC-imposed privacy audits?
 
+Shawn Willden For the Safari and packet-sniffing stuff.  you are asking me to take google's word that they were not intentional.  A lot of google employees take the line of "If only you knew what it was like on the inside, you would believe that we all only want what is best." except that none of us out here can see what it is like on the inside, and (as you point out) you are discouraged from giving a glimpse.  That may be a PR problem rather than an ethics problem.  But when viewed from the outside, it is a very real problem either way.

Most of the folks who I have interacted with from google seem like really good people.  However, history shows that large groups of otherwise good people placed in an echo-chamber can do some pretty terrible things.  The Safari incident, if not evidence of wrongdoing, is clear evidence of just such an echo-chamber effect.

As for the reverse look-up.  That was a "feature" of getting a custom URL. You are surprised that I missed the buzz consent decree, I am surprised that you missed that.
Oddly enough, I can't find mention of it any more, so perhaps it got dropped, or perhaps they are still doing it, but not advertizing it.  Anyhow, if you check the thread I cited above, and skip to +Lea Kissner's reply on Nov 3, she cites it, and points out that there was language stating "People who have this phone number may be able to find you on Google services. Learn More."?  I really wish I could find a better link for that, but if you punched in that number, you got my profile, and that meets my definition of reverse searchable.

For the location.  I simply was using that as a way to point out that google stores and tracks information about us that is not accessible to, or removable by us, and is not on the dashboard.  For me, it is problematic when a company says that we can manage our privacy through a tool, and then declines to put their tracking of our physical location on that tool.

Please understand that I am not saying that you are a dishonest person.  What I am saying is that the visible evidence from the outside is that google is a major profit-driven corporation that pays more lip-service to doing good than they can back-up with proof.  I believe that google is very likely a more moral company than G.E. or Ford.  But neither G.E. or Ford make any extraordinary claims of morality and trustworthiness.  Google makes such claims, so I would like them to visibly live up to them.

(Oh, and supporting CISPA (even through a trade-group dodge) didn't help the case)
 
+John VanRoekel, the funny thing about your comment is that it makes clear that companies who don't bother to try to do the right thing will have fewer PR problems than those who do.
 
+Shawn Willden yeah, it's kind of a crappy catch-22, and I do acknowledge it.
The basic problem is that google's business model is effectively "Trust us with all your personal information, and while we will read* it we won't abuse it"
So they have to appear trustworthy, but the very secrecy that they feel is necessary in order to be trusted with data, makes them appear untrustworthy when viewed from the outside.
Unfortunately, it also breeds the echo-chamber, when causes them to occasionally do things that really are unethical, even if done for reasons that felt ethical at the time (Safari cookies, auto-enrollment in buzz, a lot of opt-out stuff that should have been opt-in etc.)
Really, I am less concerned with privacy, and more concerned with openess and honesty.  Half the things that google gets dinged over, would have been non-issues if they had just been open about them from the beginning.

*to a debatable value of the word "read"
 
+John VanRoekel I actually agree that Google needs to be more open. I think some of it is just growing pains... which isn't surprising considering the company has gone from a tiny startup, extremely concerned about every edge against the competition, to a world-dominating public corporation which doesn't need to win every competitive battle, in just over a decade. Along the way, Google has worked very hard to maintain the positive aspects of its internal culture, but I think some aspects -- like the intense focus on secrecy -- need to change.

I think this is increasingly being recognized within the company, and I have some hope that we'll see a shift in the PR strategy, moving toward a more open approach that is frankly more consistent with how the company actually works and does business. It'll be uncomfortable, because you can't really be open without also revealing some warts, and I doubt Google will go as far in that direction as I personally would prefer, but I think it's moving in that direction.
 
+shawnwillden, You can pay Google for Gmail without ads. It's called Google Apps. Someone else may have already said this, but I couldn't see it. It's also relatively inexpensive - $50/year. 
 
+Fowler Brown I can get "without ads" by using an ad-blocker.  The question is, does it come without google compiling data on you?
Translate
 
I AGREE , AS EVERY GOVERNMENT HAS BECOME  A FASCIST STATE
 
Good, but gmail app is still missing support for PGP and S-mime for proper end-to-end encryption. I still have to use a mail client to be able to do that.
 
my credit card just got cloned
 
This is great can't wait for the finished extension to drop.
 
E-mail monopoly begins
 
Apparently not safe enough to get away from the NSA....
 
You can always use RAR (winrar) to encrypt a text file and send it as an attachment. 
 
Thanks, great but how about S/MIME support in Gmail?
Why is only server-2-server covered, why not make it desk-2-desk secure?
 
Because +Jonas Regmyr desk-2-desk encryption is only secure if the keys are secure, and if gmail manages the encryption as part of the service then you will need to upload your keys to Google, which immediately makes them insecure.

Therefore it's really, really dumb to expect Google to support this within gmail.

To be secure it can only sensibly be done on a client running on the desk. Ultimately this sort of encryption is your responsibility, not Google's, and standard email clients that can use PGP or S/MIME can be used with gmail.

However, Google can help users with this and they are starting to by providing browser-based client code to support PGP encryption for those who wish to use the web interface still. I hope they expand and improve on this. Note that you will lose a lot of the standard gmail capabilities by encrypting email in this way. There's nothing Google can do about that.

It would also be nice if they supported PGP in the Android client with the ability to use local secure keystores.
 
Make no mistake mail in paper form is constitutionaly protected, e-mail is NOT. That simple people. The internet was made to destroy such trusts. We are playing with fire.
 
Would be better if Google would issue digital signatures and support smile then I would trust the encryption. I wouldn't be that hard for google to be a cert provider but smile would even keep them from scanning email for marketing purposes. I'd be willing to pay for this service.
 
<tinfoilhat= on> looks like NSA is spying emails between cuba and florida... </tinfoilhat> 
 
The only way to make email/gmail safe is to use strong end to end encryption that the provider (Google) and their stealth partners (NSA and the like) do not have the keys to.
Translate
 
Great Google!!! It means a lot to us to know that all our emails are safe.

Translate
 
Alex Rodriguez the best way to get it now and again in my head and neck of you who are not an easy way for a while book
 
Ok thacks for the advice but how do we ptotect it?
 
As far as encryption goes, from what I understand the NSA an decrypt just about anything including PGP. Has anyone heard differently, or knows that the NSA isn't that smart? 
Add a comment...