Google will begin warning
users "in the coming months" of emails from providers that are sent
through unencrypted connections.
Gmail will soon tell you if
an incoming email has traversed the internet over an unencrypted connection.
The hope is that the company will
convince other email providers into bolstering encryption and security for its
own users and for those using other email providers.
The email
provider already uses HTTPS to encrypt a user's connection between their
browser and the server, but after that it's widely out of a user's control.
That's why
Gmail, like many other email providers -- including Comcast, Microsoft, and
Yahoo -- have started encrypting that onward connection with STARTTLS, which
prevents snooping from government agencies and attackers who try to tap into
those messages as they travel the pipes of the internet.
But there's
a problem. A lot of providers don't support STARTTLS, meaning that any email
encrypted by the sender can't be read when it's received on the other end. This
so-called opportunistic encryption works when both email providers support
STARTTLS. If one doesn't, then the other provider falls back to an unencrypted
form.
The more
email providers that use STARTTLS, the greater number of emails that will be
encrypted by default as they traverse the internet.
Google said
this kind of encryption will help not only prevent snooping but also those who
aim to restrict the free flow of information or attack machines, it said in a blog post.
It's not
clear when this will start, but the company said these warnings will appear
"in the coming months."
The company
also informs users if they are being targeted by state-sponsored attacks,
something it knows all too well after it withdrew from China in 2011 after it
was reportedly attacked by the government.
0 comments:
Post a Comment