In light of NSA surveillance reports and privacy concerns from internet users worldwide following the recent Heartbleed vulnerability, Google has started researching ways to increase the security of its Gmail service.
According to a new VentureBeat report, Google is trying to simplify implementation of PGP (Pretty Good Privacy) for end-to-end communication in Gmail. The company acknowledged that, although PGP is a formidable end-to-end encryption solution, it is rather complex to implement and can reduce performance of web applications.
The Electronic Frontier Foundation who provided a comment to VentureBeat, believes that, "(PGP) offers stronger protection than SSL/TLS because private user data cannot generally be decrypted by the company or by any third parties, including government agencies."
It will be interesting to see how Gmail tackles the difficulties involved in large scale implementation of PGP as the technology does not support resetting passwords and users can lose access to accounts in case they forget their passwords. Additionally, security keys need to be centrally stored which would need to be protected as well.
Firms creating GPG Tools and Mailvelope for implementing PGP have revealed that although their tools have been successful, they are not yet popular mainstream solutions. This situation could change if Google manages to implement PGP in Gmail.
Source: VentureBeat | Image via We Fight Censorship