Your Tech Story

End to end encryption

end-to-end encryption

Google announced end-to-end encryption for Gmail web

To render its emails more difficult to hack, Google is deploying a new update. According to a Google announcement, Gmail will soon support end-to-end encryption in web browsers. The capability, which is presently in beta, enables customers to send and get encrypted emails both inside and outside of their domain, according to a blog post from the company.

end-to-end encryption
Image Source: gizmodo.com.au

The new technology, which Google describes as client-side encryption, will make sure that important information in the body of the email and attachments is unreadable by Google servers. Additionally, it will provide customers access to the encryption keys while allowing the identity service to access them.

Google noted, “Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs.”

Client-side encryption (CSE) in Google Workspace enables the processing of data encryption in the client’s browser prior to data transmission or cloud-based storage in Drive. The company emphasized will not be able to access users’ encryption keys. It noted, “You can use your own encryption keys to encrypt your organization’s data, in addition to using the default encryption that Google Workspace provides.

Read More: 15.5-Inch MacBook Air Expected to unveil in Spring 2023

With Google Workspace Client-side encryption (CSE), content encryption is handled in the client’s browser before any data is transmitted or stored in Drive’s cloud-based storage. That way, Google servers can’t access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally.”

Gmail’s end-to-end encryption will make sure that all email communications sent by users are encrypted by the sender and can only be decoded on the device of the intended receiver.

The emails and attachments transmitted with them cannot be decrypted or read by any organization or third party, including Google’s own email server. The fact that Google already offers client-side encryption on Google Drive, Sheets, Docs, Google Meet, Slides, Google Calendar and Google is noteworthy.

According to Google, customers with Google Workspace Enterprise Plus, Education Plus, or Education Standard are eligible to sign up for the Gmail client-side encryption (CSE) beta program. The beta program is accepting applications through January 2023. Users must submit a Gmail CSE Beta Test Application, which must include details like their email id, test group domain, and Project ID.

Users of Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as older G Suite Basic and Business customers, will not be able to use the new feature as of now. According to Google, the public release will be made available at a later time in 2023.

Google has made it clear that the new functionality would encrypt both the email content and all attachments, including embedded photos. Google, however, will not encrypt the email’s header, which contains the topic, timestamps, and recipient lists.

Additionally, Google has stated that “in an upcoming release” it will add client-side encryption to its Gmail application for iOS and Android devices.

Facebook Messenger

Facebook Messenger Added End-To-End Encryption For Voice And Video Calls.

As the name suggests, Facebook Messenger is an app that allows users to communicate via chat, voice, and video between Facebook’s web-based messaging and smartphones. User’s device and geographic location determine specific capabilities.) Mobile data plans and Wi-Fi connections are available for users of the Messenger app on iOS, Android, Windows 10, and Blackberry.
SMS texting is also integrated into the Android app so users don’t have to switch between different communication interfaces to communicate with their friends and family. Users can access text messages and Facebook chat through the interface once Messenger is selected as the default SMS client. A purple color code is used to distinguish between SMS and Facebook messages.

Facebook Messenger
Image source: i.gadgets360cdn.com

Messenger will now support end-to-end encryption for voice and video calls. On its blog, the company announced that it is implementing the change as well as new controls for its disappearing messages. It’s possible that some users will also notice some new encryption test features.
With the addition of the “secret conversation” option to Facebook Messenger’s app, text messages were encrypted from beginning to end in 2016. Now, that mode also allows for the use of a telephone. Because Messenger is now receiving more than 150 million video calls per day, Facebook says the feature is being added to keep up with the growing popularity of voice and video calls.
It was already possible to make calls with E2EE, which prevents anyone but the sender and receiver from seeing the encrypted data, on the Facebook chat app WhatsApp. And so do others like Zoom, Signal, and Apple’s FaceTime video calling app. E2EE, according to Facebook, is “becoming the industry standard” for messaging apps. Before now, there was speculation that Facebook might roll out an encrypted messaging system across WhatsApp, Messenger, and Instagram.
Smaller changes will be made to text conversations. To make a message disappear, you can choose from a range of time frames from five seconds to 24 hours. When it first launched, it offered one-minute increments as well as one-hour, four-hours, and 24-hours.
However, Facebook is running a limited beta test of other features that will be visible to everyone. “Friends and family that already have a chat thread or are already connected” end-to-end encrypted group chats and calls will be available for some users. As well, Facebook’s existing non-E2EE controls on who can contact them on Messenger will be supported. For those who use Instagram, a “limited test” is offering opt-in E2EE for that app’s direct messages.

Facebook is an American company that provides social networking services over the internet. Mark Zuckerberg, Eduardo Saverin, Dustin Moskovitz, and Chris Hughes, all Harvard University students, founded Facebook in 2004. Facebook became the world’s largest social network in 2012, with more than one billion users, half of whom used it daily.
Part of Facebook’s appeal comes from Zuckerberg’s insistence that members be honest about who they are from the start; users are prohibited from adopting fictitious names. The company’s management argued that transparency is necessary for forming personal relationships, sharing ideas and information, and building society as a whole. A peer-to-peer network of Facebook users makes it easier for businesses to connect with consumers.
“Facebook,” as it was called back then, was created to allow Harvard students using their “.edu” email addresses and photos to connect with each other. Zuckerberg saw an opportunity to bring the existing social experience of college into cyberspace when he was a student. He wanted to create a place where college students could come together and socialize.
With a market cap of more than $600 Billion, the social media giant had revenues of $70.7 Billion in 2019. As a result, Zuckerberg is one of the world’s wealthiest men.

Zoom

Zoom is finally rolling out its first phase of End-to-End Encryption offering

On 14th October 2020, Zoom announced that it will be rolling out End-to-End Encryption (E2EE) from next week. From the beginning of the pandemic this year till now, Zoom has experienced both high stiff success and failure simultaneously. In the first few months, the new users in the Zoom platform accelerated at a very high rate. But, after the security system of the Zoom has been compromised, people started withdrawing from the platform as their privacy was at risk. Soon after the Zoombombing, we heard that Zoom launched End-to-End Encryption which was nothing but a hoax. But this time Zoom is genuinely starting E2E for the participants using the platform.

Zoom, in one of its blog posts, said that they are excited to roll out the E2EE in the coming week as a technical preview. For the first 30 days, they will be soliciting feedback from the users both free and paid. Zoom is rolling out the feature across the world and the host can add a maximum of 200 participants in an E2EE meeting and enjoy a more private and secured meeting. This is Phase 1 of the E2EE offering. There are three more on its way. Eric S. Yuan, CEO of Zoom, said that the company is rolling out E2EE to make Zoom the most secure communication platform in the world.

More about the Zoom E2EE offering

In a Zoom meeting, the Zoom cloud generates encryption keys that are distributed among the participants attending the meeting via the Zoom app. But, with the E2EE offering of the platform, the host will generate the encryption keys which will be distributed among other participants using public-key cryptography (generated in the device of the individual participant). This way the encryption keys cannot be decrypted and the content will become less vulnerable to leakage. The E2EE offering provided by Phase 1 is the same as the end-to-end encryption provided by any messaging platform. Zoom is striving to roll out this offering since May as the reputation went down due to compromised security.

Who gets the accessibility? 

At first, the company decided to roll out this feature exclusively for paid users. But, after receiving plenty of criticism the company has decided to make it available for both paid and free users. In this case, the free users need to go through an extra verification process to make sure that the user is genuine and to reduce the chances of any abusive content. To create or join an E2EE meeting, the user might need to verify the phone number or provide any additional piece of information.

Zoom
Image Source: prosyscom.tech

How to enable E2EE?

To participate in an E2EE meeting, the user must enable the E2EE meeting at the account level. Under Encryption select “End-to-end encryption” and opt-in to the same on a per meeting basis. If you are hosting a meeting, you can enable the E2EE setting for account, group, and user-level and the same can be locked at account or group level. The participants can join an E2EE meeting via Zoom desktop client, mobile apps, or Zoom Rooms.

After you enter an E2EE meeting, you can look at the upper left corner where you will find a green shield logo with a padlock in the middle of it. This is the indication that your meeting is E2E encrypted. This is similar to the GCM encryption logo but here the checkmark has been replaced with the padlock. The security code of the host is also visible to the participants so that they can verify if all the participants can see the same code. Before rolling out Phase 2, this is the level of security Zoom will provide to each one of its users.

Accessing Features

Since this encryption is the first phase of the four, there are certain limitations. Some of the limitations are you won’t be able to join before host, you will not have access to cloud recording, no access to streaming, live transcription, Breakout Rooms, polling, private chats, and meeting reaction. Though you will have an option to enable E2EE, one must prioritize if accessing all these features is more important than an extra layer of security. The next phase of the E2EE offering is tentatively scheduled for 2021.