Why Isn’t PGP Built Into Gmail?

An increasing number of companies that I work with are using PGP to encrypt certain email. While they are comfortable sending a lot of email unencrypted, there are periodic threads that different people want to have encrypted for a variety of reasons, some rational and some not.

Each company is dealing with this a different way. Suddenly I find myself managing a bunch of public keys in different PGP tools on different computers. I started by going with the recommendation of each company and predictably found myself managing multiple solutions that sort of worked some of the time.

Last night I was on a hangout with one of the CEOs trying to troubleshoot the problem we were having with the implementation his company was using. After 15 minutes of fighting with a Chrome plugin, we gave up. Of course, when I went to a different computer, it worked just fine.

This seems like such a simple thing for Google (and Yahoo and Microsoft) to build into their email clients, especially the browser based ones. Keep the keys locally (or even in Dropbox or iCloud). Encrypt and decrypt from within the browser. Only transmit encrypted email. Only display the decrypted email.

Why hasn’t this been done yet? Am I missing something obvious?

  • Isn’t it because they monetize the email content with targeted advertising?

    I have a friend that created https://lockify.com/

    Other companies that encrypt email and gained traction have been forced to basically shut down by the feds. I think that’s what’s been preventing one from rising to the top and getting widespread adoption.

    • They don’t do this with Google Apps customers.

      • Just because they arent serving ads doesn’t mean they aren’t collecting the data for other purposes.

        They also scan for priority inbox, calendar invites, spam keywords, and whatever else they have going.

        • Yes – but it seems like it would be easy for them to simply ignore the PGP encrypted email, or even put it in a separate tab!

          • Sarah O’Keefe

            It would be, but what’s in it for Google?

    • there’s https://protonmail.ch – based in ch + outside reach of USG.

      • Yes – but then I have to use a completely new email client and service.

        • Yep. That’s been a barrier to me adopting it as well. The change is necessary, but seriously disruptive.

  • Bo Molai

    One word: Search.

    The biggest hindrance is actually the impact on you as a user. Chief among them is the fact that if all your email is PGP/GPG encrypted, email contents can no longer be indexed for search.

    The act of searching would require the decryption of every email you have, performance of the search, and then re-encrypting every email you have.

    This doesn’t just impact your manual searches either – all those convenient tools you’re seeing inline in your inbox list without having to even open the email (like “Hey this email has a tracking number, here’s a direct link to the FedEx tracking page”) all break. Anything that utilizes body content breaks – spam filtration is another example.

    In my case, I think I would just stop using email if I couldn’t search any more – my days of sorting into folders are long dead.

    There are some possible work arounds if you’re willing to give away essentially unrestricted access to your private keys. But at that point I think there is an argument to be made that you just created a more elaborate 2-factor login process, without adding any of the security or identity confirmation benefits that come from encrypting/signing in the first place.

    • You make excellent points here – the fact that encryption has an impact on usability is often overlooked when people complain about the lack of security.

      If you want encryption without compromising on usability, you have to store your e-mail (or an equivalent search index) and your keys in the same place and that is also where any content-based filtering (spam etc.) has to take place. If you reject the idea that a service provider has your keys, which many people would say is the entire point of encryption, then that brings us back to old-fashioned desktop software or in-house servers, self-hosting of data.

      Contrast that with market expectations of zero-install convenience, five 9s of managed service up-time and instant global access from multiple devices…

      My guess is Google haven’t been shirking this just because of business models and ads (although that may be a contributing factor), my guess is they’re not providing PGP support because doing so properly requires they either become stewards of your keys (inviting ridicule from the security community) or ruin the user experience. It’s a lose-lose proposition for them and until Snowden there was almost zero market demand.

      Enter Snowden, and look what they build: Google end-to-end, squarely in the latter category. They won’t have your keys, but it is probably going to be a very poor user experience. So they get geek cred for shipping a secure e-mail tool, but don’t actually expect any but the most dedicated users to use it on a regular basis… 🙂

      (Disclosure: I work on Mailpile, an open source project to build the zero-compromise desktop/home-server solution I allude to above.)

  • Dave Shevett

    I’ve noted this is a tremendous issue in GMail for some time. There was a set of Chrome plugins that did something similar (as you noted) but they have long since stopped working. Similarly with Thunderbird, no native GPG support.

    I recently moved all my mail into GMail for their awesome imap, mobile, and web support, but the constant itch of no encryption is wearing.

  • josh

    about a year ago google released the source to a chrome extension that enables pgp in gmail, appears it’s still actively worked on… “Once we feel that the extension is ready for primetime, we’ll make it available in the Chrome Web Store, and anyone will be able to use it to send and receive end-to-end encrypted emails through their existing web-based email provider.” blog: http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html source: https://github.com/google/end-to-end

  • I don’t think it’s PGP but I believe if you start your subject line with [gsecure] it encrypts it. I think. Not 100% sure on that (that may also be for the business side of things)

  • Beautyon

    “Am I missing something obvious?” Yes. Google do not want people using Gmail encrypted, because they use the content of email to show context generated ads. Microsoft doesn’t want to integrate GPG for similar reasons, and also because they are cosy with NSA. Google could solve their problem by scanning the email after its decrypted of course.

    What is on the table is the opportunity to build a business that breaks the GPG key management problem once and for all. Keybase has the general shape, but its too technical. About.me has the user friendly solved, but completely ignores GPG. A marriage between Keybase and About.me will do it. The question is WHO will do it.

  • Key management is a nightmare for users.
    And wait til crypto-currency wallets and smart contracts enter the mainstream, the nightmare gets bigger unless vendors do a better job at hiding that complexity.

    If anyone ought to develop such a “standard” plugin or capability for Email, maybe Elliptic http://www.elliptictech.com/ is that company.

  • ZekeV

    Of course there’s the cynical reason, that providing client-side encryption would get in the way of cataloging all the world’s information. But assuming the best motives, perhaps providing a PGP tool via gmail is viewed by hardcore security people as an attractive nuisance. What would the casual users assume about the privacy protections of “encrypted” gmail which is likely running within a compromised environment anyway? Such a feature would be an encryption toy, not real security in the sense that a wannabe cypherpunk might expect.

  • Rupen

    Protonmail does it.

  • TedHoward

    Looks like I’ll just be adding my vote to the obvious answer – Google. Asking Google to restrict its access to information is anathema to Google. Your preferences do not matter. Only Google matters.

  • Putting PGP into webmail provides [almost] no security benefit. The major benefit of PGP is that your stored email archive is encrypted and therefore illegible to your service provider administrator or to a criminal who gains control of your service provider’s systems. If your mail-store has your PGP keys (e.g. for webmail use), then this is moot.

    There are two other minor benefits that don’t appear to be worth the effort:
    – The sender doesn’t trust their outbound relay not to keep unauthorised copies. This argues for using a different service provider. Further, where the sender is also using webmail, even this doesn’t apply.
    – The service providers at both ends are trustworthy with respect to stored email, but have failed to correctly implement SMTP-over-TLS to protect email in transit. This is far simpler to address by fixing the actual problem.

    For PGP to be at all useful, it must be implemented in the end devices. For desktop and mobile clients this means enhancing them. For webmail, it means browser plugins or enhancements.

    • But couldn’t you keep your keys separately (not with the webmail provider) and just decrypt in the browser so it’s only a local image when decrypted?

      • This is exactly what the various plugins are doing.

        The essential problems are threefold:

        1) There are no standardised mechanisms for crypto primitives in browsers (think PKCS 11: sign this message, decrypt this message, …). The hand-wringing over Encrypted Media Extensions suggests that it will be a long time before this is resolved.

        2) Implementing crypto directly in JavaScript is heroic, but a terrible idea (direct access to private keys, insufficient entropy available to generate session keys securely, multiple side-channel vulnerabilities, …). Browser support is essential, whether built in or via a plugin.

        3) Even if both of those are solved, webmail code is sent to the browser during each session. An adversary who has compromised your webmail provider can readily have a custom version of the webmail code sent to your browser – and only your browser – at your next login which does bad things on your device, like using your theoretically securely-held keys to decrypt messages and send plaintext back to the attacker, with very little risk of ever being detected (because security analysts are looking at the non-malicious version of the webmail code that their browsers received).

        The current way around this is:

        – browser plugins and explicit support in mobile/desktop clients (S/MIME is built in to Thunderbird for example; note that PGP and S/MIME are converging and are interoperable in certain cases) and

        – browser plugins for webmail. Note that the browser plugins are still problematic in that an adversary may compromise them too (automatic update can be used for evil as well as for good), particularly if the webmail provider and browser plugin provider are the same organisation.

        Long term, some sort of limited PKCS 11 exposure to browser JavaScript seems likely, but it’s not yet clear how problem 3 might ever be addressed. If you need to handle email that you don’t trust your email provider with, then you can’t realistically trust webmail.

  • Are you more asking the question. Should there be a decentralized email protocol?

  • Adam Shostack

    Hi Brad, Google has been experimenting with a browser plugin for PGP, called “end-to-end”. https://github.com/google/end-to-end

  • Brad:

    You might be interested in some recent (open-source) research we have coming out of Princeton, which hides most of the complexity of key management (users don’t even see/think about keys), yet ensures that even your email/key provider can’t be surreptitiously attack you.

    Currently working with some of the big providers to try to standardize this in some of their forthcoming e2e solutions, but additional open-source contributions/interest are very welcome.

    http://www.coniks.org/

  • LA McClubb

    YOU ARE THE PRODUCT – It’s fairly simply gmail is “free” because you are the product, they need to read you emails to target you for ad sales. At the end of the day google is an ad company and encrypted email would hurt ad sales. The same goes for any free / social service.

    If you want secure email then you have to set-up your own environment.

  • Paul Battista

    Maybe Google can live with just growing its user base, the
    more users on the platform, the more emails that never leave a Google “data
    center” to be eavesdropped on by non-monetizing entities.