How Google’s New “End-To-End” Email Privacy Push Will Protect You — Even From Google

Google’s out with two big privacy pushes when it comes to Gmail today, aimed at protecting your email from prying eyes. Wait, isn’t Google one of the biggest prying eyes, reading emails for ad targeting and other purposes? Yes, but Google’s new push will even protect you from Google itself. Below, an explainer about what’s […]

Chat with MarTechBot

Gmail Privacy

Google’s out with two big privacy pushes when it comes to Gmail today, aimed at protecting your email from prying eyes. Wait, isn’t Google one of the biggest prying eyes, reading emails for ad targeting and other purposes? Yes, but Google’s new push will even protect you from Google itself. Below, an explainer about what’s happening.

I thought Google already encrypted email?

Google provides what’s called transit encryption, where the transmission of email is protected but the contents are not.

Tell me more about this “transit encryption” stuff!

Think of it like sending regular mail. Without encryption, it’s like you’re sending a letter without putting it inside of an envelope, to use Google’s own metaphor from a post it did today. Anyone who handles that letter can easily read what you’ve written.

With transit encryption, it’s like putting a really strong envelope around your letter. When you mail it, it’s pretty hard for someone to open up that envelope and read what’s inside. For many people, that’s great security.

If Google does transit encryption, why is it saying 40%-50% of mail to Gmail isn’t protected?

Transit encryption only works if both the sending service and the receiving service agree to use it.

When you interact with Gmail, usually you’ll be using what’s called an encrypted or secure connection. That means you and your email client (on your phone, or through the web or another method) may have agreed that you’ll put a protective envelope around the emails you send and receive.

That’s not always the case when Gmail works on your behalf with other email providers.

Those that use encrypted connections effectively agree to use protective envelopes. With those that don’t, it’s like Gmail wants to put an envelope on what it sends to them, but the destination provider doesn’t know how to open these. So, they can’t be used.

It also works the other way, where someone sends email to Gmail without an envelope. Along that journey, the contents of the email are vulnerable to being read.

OMG, How Do I Get My Provider To Start Using Encryption?

Many do already, but you should check with help files and configuration settings to make sure they do — and to make sure you’re using it.

Google’s move today is designed to put pressure on those providers who don’t do this, with a new Email Encryption In Transit report. You can see top domains that are sending and receiving email and the estimated percentage that’s encrypted in transit, like this:

Gmail email encryption report

The report is kind of confusing, and you can’t get a giant ranked list of who’s the worst. It’s ordered by who sends the most. In the example above, “amazonses.com” is a service Amazon uses for sending email, and in the Americas region, 99% of what it sends is deemed to be encrypted.

In contrast, the arrow points to Hotmail, which is a top sender and which Google says encrypts more than half of email but less than 90%. So, Hotmail’s encryption is >50% but <90%. Obviously, 99% or 100% would be better.

The report has a box that lets you search for any provider that sends a lot of email. You can enter your own email provider to do a specific check. Don’t like what you see? Contact them.

What Protects Me If Someone Breaks Encryption?

Breaking encryption is pretty tough. It can be done with the right resources, but for many people — and many types of communications — no one’s going to bother.

But if you have something really sensitive, just putting it into a protective envelope isn’t enough. That’s where content encryption comes in, or what Google’s going to popularize as “end-to-end” encryption.

End-To-End Encryption? I Thought Google Already Provided That?

Google provides transit encryption, which protects your email during transmission from Gmail’s “end” to another provider’s “end,” if it supports transit encryption. But neither Gmail nor the other provider are the real “ends” in the process.

The actual ends are you and the other person you’re sending it to. With transmission encryption, that stops before either of these ends. Gmail and the other provider themselves can read your emails if they want.

Wait, Google Can Read My Emails? Other Providers Can, Too?

Yes. In fact, Microsoft has an entire Scroogled campaign that was designed, in part, to raise awareness that Google “reads” email in order to do ad targeting and for other purposes. Of course, Microsoft reads your email too, for reasons like watching for malware.

No humans at Gmail are reading your email. It’s all an automated process, and it’s been in place since Gmail launched ten years ago. For the most part, users haven’t seemed to mind this for the benefits that the service provides.

So How Does End-To-End Encryption Protect Me?

When you use end-to-end encryption, it’s like writing your mail in a special code that is only known to you and the receiving party. Then you put that letter into a protective envelope to send. Say the envelope comes off, because the receiving email provider doesn’t support it. Or say someone managed to break through the envelope. The letter remains in a code they can’t easily read.

Why Doesn’t Everyone Use End-To-End Protection?

It’s relatively hard. Like when Edward Snowden wanted to share information about the NSA’s intelligence gathering to journalist Glenn Greenwald? He had to do a whole video tutorial so Greenwald could learn how to do encrypted email.

It makes things more secure, but for many people, they’re just not that worried that they’re sending anything that needs so much protection.

How Is Google Making End-To-End Protection Easier?

Google’s planning to release an extension to its Chrome browser called “End-To-End” with the goal of allowing anyone to more easily encrypt the contents of their email to send to other designated people. It explains more in this blog post.

Can I Get The End-To-End Extension Now?

Not yet. But likely soon. For the moment, Google is asking people to test the code to find any security flaws.

But Since This Is Google’s Extension, It’ll Still Be Able To Read My Email, Right?

No. Only the people you establish an end-to-end connection with can do that.

So Google Can’t Target Me With Ads?

That’s right. No ad targeting, not for email encrypted end-to-end. Google confirmed to Marketing Land specifically that, as with any end-to-end encryption, it’s unable to read the content of those emails.

What About My Non-Encrypted Email Within Gmail?

Google can still read that, so it will still be used for ads. Only the stuff you send and receive with end-to-end encryption is blocked from Google knowing what it’s about.

So you’ll still get ads (assuming you haven’t paid for this to be turned off), because most of your email will likely not use end-to-end encryption. That’s especially so because you’ll still get email from many people who don’t send that way.

Can I Search In Gmail & Find My End-To-End Encrypted Emails?

No. Google can’t read them for ads, to create Google Now alerts, can’t read them to do anything at all, including even helping you search to find something mentioned in them. As Google explains in its FAQ on email encryption:

When a Gmail user receives [an end-to-end] encrypted email, for example, Gmail is unable to index the content of the email for later searching, because Gmail cannot see the content. This tradeoff of convenience for additional security is especially appropriate for people who are at risk, and adds an additional layer of security not provided by encryption in transit.

When I Open The Email In Gmail, Can Google Read It Then?

No. Google says it will be decrypted in your browser locally, only after it has left its servers.

I’m An Email Marketer — What’s The Impact On Me?

Likely, very little. Those sending emails aren’t going to see any major changes because of this. It’s not anything like when Google introduced auto-unsubscribe or introduced its Gmail inbox tabs. Mail from commercial providers will likely come-and-go as normal.

However, if you or your provider don’t send using encrypted transit, you may wish to reconsider that — especially if you’re sending sensitive material.

I’m An AdSense Advertiser — What About Me?

A tiny, tiny number of ads Google previously displayed on Gmail next to messages will disappear, as some begin to use end-to-end encryption. It’s really unlikely that this will take off for a huge number of messages, so plenty of ads will continue to be shown.


Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.


About the author

Danny Sullivan
Contributor
Danny Sullivan was a journalist and analyst who covered the digital and search marketing space from 1996 through 2017. He was also a cofounder of Third Door Media, which publishes Search Engine Land, MarTech, and produces the SMX: Search Marketing Expo and MarTech events. He retired from journalism and Third Door Media in June 2017. You can learn more about him on his personal site & blog He can also be found on Facebook and Twitter.

Get the must-read newsletter for marketers.