SHARE

‘Google is making progression on the NSA-blocking Chrome Extension with an aid of Yahoo’s chief security.’

Google updates its End-to End encryption venture combining several posts Snowden contributions from Alex Stamos, Yahoo’s chief security officer.

Google has initially revealed an End-to-End encryption in June, which is a coding project aiming to create End-to-End message encryption less complicated compared to the existing tools such as GnuPG and PGP for the average users.

This End-to-End is a Google Chrome extension based from the OpenPGP that is making sure that data that will leave the browser will remain encrypted up until the data reaches the recipient. This will help to improve the user’s privacy once they use services such as Gmail that encrypts the messages from the browser ‘til it reaches the Google servers. However, when the message reaches the server, it is still vulnerable to get exposed to the government access request.
According to the Google blog published on Tuesday, this End-to-End can help the users to “encrypt, decrypt, sign or verify signed messages just within the browser with the use of OpenGRP.

One of the major updates on this project revealed this week is “Google has moved the codes for the project from its own Google Code repository GitHub.” These codes were released so that researchers can review them, as the New Wiki delivers complete description of End-to-End for the security developers and researchers to examine further.
To add more on this interesting project, Stamos of Yahoo is also officially working on this End-to-End project. Stamos announced from the Blackhat conference last August that he will contribute on this project, which is prioritized by Yahoo because of the government intrusions with End-User privacy publicized by Edward Snowden, formerly NSA contractor.

Although it’s not pointed out what is the exact contribution of Stamos, he exposed that Yahoo is also using Google’s extension internally and he said that the company is working to support the encrypt message-exchange of Gmail and Yahoo Mail.

According to Google, when the project is unveiled, End-to-End will be included in their program, which pays the researchers in disclosing the bugs from the company. According to Stephan Somogyi, Google’s product manager for security and privacy team, “Two bugs submitted have resulted in payments.”

Somogyi did not tell what these bugs are all about but said that Google has not yet received report regarding End-to-End’s currently developed JavaScript-based crypto library.

This End-to-End product is presently in alpha, but when it becomes more stable, the plan is to release it in Chrome Web Store. Somogyi added that the huge challenge in this project lies ahead, like developing the suitable system in handling key management and the key distribution.

“Key management and key distribution are the hardest usability problems with cryptography-related products, and we won’t release End-to-End in non-alpha form until we have solution we’re content with.” Samogyi noted.

NO COMMENTS

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.