In the past few months, Google and Gmail users have seen the search engine roll out a range of new security features in an attempt to ensure that phishing, malware and hacking are prevented as much as possible. Along with updated warning pages for unsafe links, changes to the search bar when a user visits an unencrypted site and more tools and features to improve user security, Google is also teaming up with other huge names in the internet world to improve protection for users against government-backed email hacking attacks.
Recently, Google has announced a major collaboration with a range of other major companies, including Comcast, Yahoo and Microsoft. This new collaboration will see the implementation of a new security protocol that will ensure all email messages sent are encrypted whilst in transit. Google has also introduced a new page in its Safe Browsing system which encourages users who are under attack by governments to increase their browsing and email security using either a physical Security Key or SMS-based two-factor authentication.
Earlier this year, Google rolled out security alerts for users that provide users with notifications in Gmail before sending an email to another address which does not use encryption. Since, Google has reported that this update alone has increased the amount of email sent over encrypted connections by 25% so far.
However, recent research carried out by Google along with the Universities of Michigan and Illinois discovered that it was still possible for attackers to tamper with email encryption. Because of this, Google collaborated with Comcast, Yahoo and Microsoft to create the Strict Transport Security Standard for email, making sure that all email only travels via encrypted channels. Any issues with this encryption should be reported to the relevant provider in order to provide companies with information that helps them to better understand where and how attacks are happening.
Google began warning users to state-sponsored attacks back in 2012. Although the company reports that only 0.1% of its users have been subject to such attacks, when you take into consideration that Google has hundreds of millions of users, 0.1% is still a large number of attacked users. Typically, the targets will include activists, policy-makers and journalists.
If you are subject to a state-sponsored attack, Google has launched a new warning page that alerts users to a possible attack as well as provides instructions for beefing up security. By using this page, users can further increase their email security by setting up two-factor authentication via SMS or creating a physical security key to make it more difficult for attackers to hack into their emails or email account.
Although these new security features should play a huge part in making encryption and security stronger, end-to-end encryption remains a state-of-the-art feature. This type of encryption is generally seen used by PGP-based tools. Ultimately, however, many of the companies that are currently working on the new protocol for email encryption rely on advertising for revenue, something which implies data mining the email content of their users.
Because of this, it is in direct conflict with end-to-end encryption as this level of security means that only the users who are communicating with each other via email could see the content of an email. Google has reported that it is working on a new browser plugin for End-to-End encryption, but so far, progress on that front has been rather slow. Many users and tech specialists believe that even if the plugin is eventually finished and released, it’s highly likely that it will not be used or promoted as a direct solution for the majority of Gmail users.
*Feature Image – Credit Pressureua | Dreamstime.com