Wednesday, March 30, 2016

5 things Google has done for Privacy & Security


Over the past few years, Google has increasingly improved the online security and protections of its Gmail users.

Besides two-factor authentication and HTTPS, Google has added new tools and features to Gmail that ensures users security and privacy, preventing cyber criminals and intelligence agencies to hack email accounts.


1. Enhanced State-Sponsored Attack Warnings


Apple vs. FBI case urged every company to beef up the security parameters to prevent their services from not just hackers but also the law enforcement.

Google for a while now has the capability to identify government-backed hackers, and notify potentially affected Gmail users so they can take action as soon as possible.

Google recently announced on its blog post that it will alert Gmail users about the possibility of any state-sponsored attack by showing them a full-page warning with instructions about how to stay safe — very hard to miss or neglect.

Meanwhile, the company revealed that over 1 Million Gmail accounts may have been targeted by government-backed hackers so far.

Although Google has warned Gmail users of state-sponsored attackers since 2012, the company neither disclosed the exact number nor explained how it knows of such hacking attacks.

However, Google said that it knows who the targets are – the list often includes "activists, journalists, and policy-makers taking bold stands around the world."

2. SMTP Strict Transport Security (SMTP STS)


A new security feature dubbed "SMTP STS" has been on the bench of the Internet Engineering Task Force (IETF) to obtain a green signal.

This new email standard is developed in a joint effort by the engineers of top email services including Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development.

SMTP STS has been designed to enhance the email security by preventing Man-in-the-Middle (MitM) and encryption downgrade attacks that have compromised past efforts like STARTTLS at making SMTP a more secure protocol.

SMTP Strict Transport Security (SMTP STS) runs on top of the STARTTLS feature to strengthen SMTP standard.

SMTP STS will check if recipient supports SMTP STS and has valid and up-to-date encryption certificate. If everything goes well, it allows your message to go through. Otherwise, it will stop the email from sending and will notify you of the reason.

3. End-to-End Encryption (via Chrome Extension Only)


Google announced the End-To-End encryption for its users almost two years ago, but still, the novel feature is yet to release.

The idea is to develop a browser extension that ensures its users Privacy by implementing the complex, yet secure PGP (Pretty Good Privacy) encryption in an attempt to fully encrypt messages that even Google can not read, nor anyone else other than the users exchanging the emails.

With this goal in mind, the browser extension will let users create their private and public encryption keys within their browsers. The public key will be uploaded to Google's servers, while the private key will be stored locally in the browser.

How the End-to-End Chrome Extension Works:


When a user sends an email to the other user with a PGP key, his or her browser will automatically download the other user's public key from the server and encrypt the content of the email.

However, the work is still in progress, and the company has not revealed that when it is planning to release the browser extension.

Although Google made the source code for its End-to-End Chrome extension open source via GitHub almost a year ago, so that researchers can review it, the stable version is yet to release.

For now, you can try an alternative method to send encrypted emails. We have written a step-by-step tutorial article on how to send end-to-end encrypted emails to others.

If difficult, you can try a Swiss-based, ProtonMail, a free, open source and end-to-end encrypted email service that offers the simplest and best way to maintain secure communications to keep user's personal data safe.

4. Gmail's Red Padlock Alert

gmail-red-padlock-alert
Previously there was no method to ensure whether the received email had been traversed via an encrypted channel or not, which could be subjected to scrambling or Man-in-the-Middle (MiTM) attacks.

But last month, Google introduced a security measure in Gmail service in the form of a small Red Padlock next to a sender's email address in an effort to highlight users if the message has been sent through an unencrypted channel.

If a Gmail user receives an email from other services that don't support TLS encryption, the feature gives warning by showing an open red lock next to the sender’s email address (as shown).

These unencrypted emails then went to spam, increasing Gmail security of its users.

5. Google Safe Browsing For A Quick Malware Check

One of Google's recent changes is the expansion of its 'Safe Browsing' notifications.

The malicious links spread via emails are an easy hit method to infect a large number of users after forcing them to visit malicious web pages controlled by hackers.

However, the Safe Browsing feature protects Gmail users by identifying potentially dangerous links in emails.

The automated agents in the mail scan the content of emails for spam and malware detection. And before opening the link, Gmail inspects the complete mail and prevents the user to open the malicious links in the main upon a quick scan.

The features that are being added by Google helps the privacy of Gmail users and stricken the email confidential policies.

No comments:

Post a Comment