-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



We're the End-To-End team at Google.

We will answer questions this Thursday, 19 Jun 2014 for about an hour,
starting at 9:30 PDT / 16:30 GMT / 18:30 CEST.

The proof is in the signature.

https://services.google.com/corporate/publickey.txt
-----BEGIN PGP SIGNATURE-----
Version: End-To-End v0.3.1337

wv8AAAIkBAABCAAY/wAAAAWCU6C+BP8AAAAJkMeJoW9vTWUZAADZwg/9Hzoz5+fF
pk1M30LlvNCejcwhdufnJJuLRX3TfREZkiGwY8AOYBmJVHz7hsrgHPSnKY+6m7jW
G0hYRaMnANiYXV6VqBrLkS3WoXyIeUZkJ1mp4zeRNJuWmiguJD2CVRpDcQdj7+Dg
DgrHLyV6MGt9UGAWjLLxHYk7Mr8FuK/QQfnDbU9Cix/+3lbdmLBSYIR1R6vgDkoJ
nlvPrkWQlJvhjSe1GYDfRzoJb/sceczbJwyxdVy9AhSe1H5qbMK3TEb3MO55YdSw
a/Unxz/+PJXoM4zcRwsGL7Qj3y9Q+wEiqllUWKWnN+gzemhUr9I5YtVmmlP+d1yl
Q5qFKma6FENkgfgn1rrsczznIHRfCyBsFlKW8rO/bbHvVZ03wsXpbaA/1Y8S24oG
Ocs6kVlpUBA2Bw5pEt6ytReoppDe1vn7P/MnwjRaNroqyodf4i1fKSK7Lfkni1fY
E0AvZqb5IaDgUdzSODQGgxXwXxr1bg+2BtrWLDSDy+cNNoJ8XQxuiab1S4hlpoJb
IUVsnTIwpvulZLTskq2rj0Lac4kixTNOsI2id8iBEo5KnkUJoAFHP2tZmWGbp49y
2LaRhZ37k9zUn/Bf9kbwyvr5wkuU1BCgPLkdQ9sfoms9Hgu9gB1+XuoqMgdgB4bP
9CjU4gD3dXBB5m2yQTtUyjxxCt2G0E7T1PE=
=tVKT
-----END PGP SIGNATURE-----

Edit: Even more context: http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html

Edit: It's 10:45 PDT and we're done. Many thanks for everyone's questions!

Comments: 137 • Responses: 23  • Date: 

Amartellnow50 karma

If End-to End becomes popular and say 80% of the gmail users adopt it, which means 80% of the email traffic is going to be encrypted, Is't this against Google's interest? How can Google do targeted adds and search if emails cannot be scanned? Why would Google want to support such a flawless End-to-End security ?

EndToEndTeam80 karma

We said this above, but we'll say it again:

Focus on the user, and all else will follow.

ChayesFSS44 karma

Sorry if it's been explained but how will I find your public key to encrypt a message to you, or to a group of people? How can I move my private key to different computers. What's the process to revoke a cert?

EndToEndTeam28 karma

Key management is hard. Doing it well is even harder.

We’re working on it.

mrpuppet29 karma

It seems that there is a consencus "Do not make crypto in JS" among security experts.

Since you are limited to the Chrome platform, why did you choose to program this extension in JS and not in plain C (with Nacl for the safety belt) ?

EndToEndTeam18 karma

We developed the library within End-To-End to be a high-quality JavaScript crypto implementation for all browsers, not just for Chrome.

Please also see our FAQ at https://code.google.com/p/end-to-end/ for more details.

thamvirkalsi26 karma

When will be end to end encryption service made available to people?

EndToEndTeam40 karma

Just to make sure there’re no misunderstanding: End-To-End isn’t a service, it’s a Chrome Extension.

Our plan is to make it available in the Chrome Web Store once we feel that it’s had enough time to mature and the community has had enough time to make sure we didn’t overlook anything important.

We take our responsibilities here, particularly to our at-risk users like journalists and human rights workers, very seriously. We won’t release it before we think it’s ready.

orangejulius18 karma

Hey guys!

What kind of efforts are you putting into the end-to-end encryption to make it more user friendly?

Does making a user friendly product sacrifice some security, and if so, is it something that's negligible?

Julian Assange just wrapped up an AMA - what kind of effect do you think encrypted communication will have on leaks from governments and corporations - will it stem leaks - or will those with access to that information whistle blow just as easily as in the past?

How do you address timing attacks?

EndToEndTeam15 karma

A multi-question deserves a multi-answer:

  • The looking glass feature in End-To-End is the most visible example of how we’re looking at usability. It finds OpenPGP content within Gmail and tries to do the right thing.

OpenPGP software today forces the user to do way too much manual work, which is particularly unfun for less technical users. Wherever possible we want to reduce the number of required interactions between the user and the code, and let the user focus on what they’re trying to get done, not on operating their encryption software.

  • We spend very real effort to make sure we don’t wind up sacrificing security for usability. Our user experience researchers help us with this, but we’re very mindful of the dangers here and our goal is not to make this kind of tradeoff.

We’re also very actively soliciting feedback about what we have. If anyone thinks we made a bad tradeoff somewhere in End-To-End, let us know!

  • We don’t see any inherent impact on whistleblowers, but we’re absolutely aware that at-risk users will be using End-To-End, so we want to make sure we’ve done our best to protect them and their communications. (To be clear, though; email encrypted with OpenPGP still has cleartext RFC 2821 headers, eg who the email is going to and what the subject line is; users have to remain aware of that.)

  • Our crypto primitives are algorithmically implemented so that they in theory run in constant time; the runtime may, of course, cause that to change in a way that’s out of our control. We also made sure to run all crypto operations in a separate process, and End-To-End requires user interaction for all timing-sensitive operations, and throttle the ones that aren't.

Vissago15 karma

Do you think that if end-to-end is successful, it may be morphed/augmented to suit components within android? like, hangouts/gchat, for example? Or sms? Will end-to-end work on chrome for android?

EndToEndTeam10 karma

End-To-End doesn’t work in Chrome for Android today because Chrome Extensions aren’t supported on that platform. (And this is not the place for us to speculate about the future.)

As far as integration elsewhere goes, we’re always looking for ways to usefully protect our users and their data across all our products.

lwh14 karma

Will you release supported IE, Safari, Firefox versions or will they be second-class?

EndToEndTeam13 karma

End-To-End is an open source release and we encourage feedback. Our implementation focus is on Chrome, but we intend in the future to accept contributions, and have no intention of automatically rejecting patches that improve support for other browsers (or other web mail services, for that matter).

mrpuppet13 karma

Are you confident enough in its security to import your GnuPG key and use it daily on your gmail account?

Thumbell11 karma

How do you plan to avoid loosing business in the area of personalized advertising if the content of messages sent between users (and in the future perhaps also machines) isn't visible to you anymore?

EndToEndTeam10 karma

For context: https://www.google.com/intl/en-US/about/company/philosophy/

Our focus is on protecting our users and their data.

_spr0cket_9 karma

First - it's awesome to see you guys putting E2EE out there. Looking forward to seeing where this goes. Kudos.

What does E2EE bring to the party that previous bolt-on PGP clients don't?

It still looks like a lot of Why Johnny Can't Encrypt is still in play. Are there fundamental issues with PGP, and crypto in general, that we can't get get around? Do we set a point where we expect people who need to rely on this kind of tech simply need to get educated on how to use it?

I noticed E2EE doesn't have web of trust. It doesn't even sign its own key. Is this something the team decided wasn't part of the use scenario? Is it too complex? Does it get tackled at some other time or replaced with something else?

EndToEndTeam12 karma

  • Thanks!

  • We like to think that our focus on usability is going to make the biggest difference.

  • There’s more than a kernel of truth to that. Pubkey crypto is hard to explain to non-engineers; which door in the world requires two differently-shaped keys to open? The metaphors are pretty broken. In general, though, we think we can do even better, and that’s our plan.

  • Please remember that this is the first release, and it’s deliberately open source-only. There’s still a lot of stuff we plan to implement.

midoge8 karma

Did the recent publication(*) of an quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic influence you to eventually re-evaluate the decision to not exclusively use ec-keys for your project ? Or in other words: Can I haz RSA? ^_^

EndToEndTeam11 karma

We’re keeping an eye on the research, but we use fields with much larger characteristics. The techniques described cannot be applied to the fields that we use.

And you can import your RSA key if you want.

Dabiyyah8 karma

How would you describe your job to someone who had no idea what you do? Also, any words of advice for young people?

EndToEndTeam11 karma

As we said elsewhere, we're engineers who work on security day-to-day. It’s pretty cool.

As far as advice goes, stay in school, eat your vegetables, and floss your teeth are good places to start. Then, once you’re ready, http://google.com/jobs

TrustyTapir7 karma

[deleted]

EndToEndTeam5 karma

Sorry, we're not the YouTube team, and we don't want to answer on their behalf.

As to homomorphic encryption, we keep a close eye on all promising research.

mjftho6 karma

After installing whatever plugin needed, what more would a typical user need to know to keep their emails from being compromised? Things to look out for that would make this ineffective? Spyware/

EndToEndTeam7 karma

A great place to start for this is our Gmail security checklist: https://support.google.com/mail/checklist/2986618?rd=1

You should also take a look at our Google Safety Center: https://www.google.com/safetycenter/

two_cups_of_tea6 karma

Do you see end-to-end ever being implemented directly into the gmail client / ported to different browsers?

How do you guys plan on addressing the challenges of getting a normal user to implement this easily? (if only people who were worried about content used the plugin, it still gives intelligence as to the fact that they are possibly doing something that warrants that secrecy.. you cant be anonymous on your own)

What do you think is the biggest challenge faced by this project?

EndToEndTeam7 karma

  • We plan to keep End-To-End as a Chrome Extension because that provides the greatest amount of security for the user, since everything happens locally on the client browser.

  • Making good security usable is hard. That’s why this is an interesting problem. As we said elsewhere, our looking glass feature is a start in this direction, but we still have a way to go.

  • Making the extension easy to use while remaining secure.

alexsavestheday5 karma

What do you guys do at work on a daily basis?

EndToEndTeam7 karma

The team is a mix of software engineers and product management on Google’s security team; we all have multiple projects that we work on. We’re also currently working our way through two boxes of donuts and a bag of Nuss-Staengeli to fortify ourselves for this AMA.

Eternally655 karma

How would a technologically challenged older person be able to use your encryption?

EndToEndTeam8 karma

Once it's available, we hope that it will be usable by people of all ages who have a need for the additional security that End-To-End provides.

FigmundSreud3 karma

What was your reaction when the Heartbleed vulnerability was first announced? Did it affect your team at all (considering it was openSSL)?

EndToEndTeam4 karma

A Google security researcher, Neel Mehta, first discovered Heartbleed and reported it to the OpenSSL team.

http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to-address.html

manboat3 karma

In your honest opinion, which is better; Pilsner or stout?

EndToEndTeam5 karma

Pilsner when it's warm, stout during the colder months.

dalybear3 karma

How is the food?

EndToEndTeam3 karma

Tasty!

NakedTrooper3 karma

What are you?

EndToEndTeam2 karma

A hive mind :)

We wrote a Chrome Extension that makes it easy to encrypt messages so that others cannot read them: http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html

evilbuffer3 karma

mime types are encrypted or going to be encrypted ?

EndToEndTeam5 karma

MIME types within a message are never encrypted; that’s how the standard works. Not sure if we misunderstood your question, though.

zilEnt_DiaBlo3 karma

What does it take to be one of you?

EndToEndTeam8 karma

Ruthless efficiency.

And an almost fanatical devotion to security.

http://google.com/jobs