Eleanor Saitta (@Dymaxion) had a few things to say about this on Twitter:
On the one hand, I'm happy Google is trying to make GPG usable within GMail: https://code.google.com/p/end-to-end/ . On the other hand, this leaves many ?s
It sounds like all you get from "end-to-end", other than a name that's going to cause horrible confusion, is a bare mininum of GPG functions.
No TOFU, no pushing users to encrypt by default, no better management of keys, no attempt to stop metadata surveillance.
It's good GMail users will have an easier time with GPG, but if it keeps them on a broken-by-architecture centralized service, we all lose.
This doesn't seem to go far enough in making crypto usable (no indexing solution, for instance) but it will slow development of alternatives.
I admit Google is kind of in a bind here - if they want to help GMail users, they're also necessarily slowing the evolution of a safe net.
Mostly I wish they hadn't called it "end-to-end". Because, you know, words mean things, and like "Off the record", that means something else.
I'm surprised Google weren't willing to spend the internal security resources on end-to-end to be able to stand behind it at time of release.
All told, it pretty much smells like "keep engineers happy" + "win points with the net freedom community as cheaply as possible."
Google, if they wanted to, could do some pretty revolutionary stuff in the secure comms space, but that would cost actual cash.
Ssh, no one wants to talk about how Silicon Valley business models depend on surveillance.
On the one hand, I'm happy Google is trying to make GPG usable within GMail: https://code.google.com/p/end-to-end/ . On the other hand, this leaves many ?s It sounds like all you get from "end-to-end", other than a name that's going to cause horrible confusion, is a bare mininum of GPG functions. No TOFU, no pushing users to encrypt by default, no better management of keys, no attempt to stop metadata surveillance. It's good GMail users will have an easier time with GPG, but if it keeps them on a broken-by-architecture centralized service, we all lose. This doesn't seem to go far enough in making crypto usable (no indexing solution, for instance) but it will slow development of alternatives. I admit Google is kind of in a bind here - if they want to help GMail users, they're also necessarily slowing the evolution of a safe net. Mostly I wish they hadn't called it "end-to-end". Because, you know, words mean things, and like "Off the record", that means something else. I'm surprised Google weren't willing to spend the internal security resources on end-to-end to be able to stand behind it at time of release. All told, it pretty much smells like "keep engineers happy" + "win points with the net freedom community as cheaply as possible." Google, if they wanted to, could do some pretty revolutionary stuff in the secure comms space, but that would cost actual cash. Ssh, no one wants to talk about how Silicon Valley business models depend on surveillance.
https://twitter.com/Dymaxion