While most online communications have shifted to messaging platforms, lots of people still use emails.
If compared to its younger counterpart, emails can be considered a relic from the past, because it lacks some security and privacy features. For example, marketers have been tracking email recipients using a technique called the pixel tracking, among others.
Then, there is the fact that emails have to go through potentially untrustworthy intermediate computers (email servers, ISPs) before reaching its destination, and that there is no way to verify if it was accessed by an unauthorized entity.
Privacy measures have been introduced.
For example, various types of encryption are available, and that their development can be traced back to the mid-1980s.
While technical workarounds to ensure better privacy in email communications do exist, their adoption is low, and this makes way too many emails being potentially spied on.
Google wants to change that.
Google operates Gmail, the largest email provider in the world.
And this time, a beta for client-side encryption (CSE) for Gmail has been launched by Google, which aims to make sensitive data and attachments unreadable.
With this feature, users are given an extra option while using the web version of Gmail after enabling the feature and setting up the workspace.
When the padlock is clicked, users are allowed to choose to turn on additional encryption for messages.
This feature is not just limited to intra-office communications, because Google said that users should also be able to send encrypted emails outside their domain, and even to users who have other email providers and clients like Apple or Microsoft.
But in return, turning on encryption will prevent some feature to stop working.
For example, users cannot add a signature, and also cannot use emoji and the Smart Compose feature.
What's more, according to its support page, the encryption can only encrypt the email body and attachments, including inline images. What it cannot encrypt, include the header of the email, including subject, timestamps, and recipients lists.
The effort to being end-to-end encryption on Gmail can be traced back to 2014.
At that time, reports suggest that Google was working on an encryption method. It was said that the technology Google was developing, was end-to-end encryption for its email provider.
But here, Google isn't introducing end-to-end encryption. Instead, it wants to encrypt users emails using client-side encryption.
While both of them means that encryption and decryption occur on the source and destination devices always, Gmail's client-side encryption method allows Google to provide administrators the control over the keys and allows them to monitor users’ encrypted files.
This is why the company announced that the feature has been made available to Workspace administrators, and that administrators have the ability to manage the users to encrypt.
Initially, the feature is limited to Google Workspace Enterprise Plus, Education Standard customers and Education Plus.
In an upcoming release Gmail app for Android and iOS will have this client-side encryption, said Google.
At this time, CSE is already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta).