Tuesday, February 28, 2023

Google adds client-side encryption to Gmail and Calendar. Should you care?


Google adds client-side encryption to Gmail and Calendar. Should you care?

Enlarge (credit: Google)

On Tuesday, Google made client-side encryption available to a limited set of Gmail and Calendar users in a move designed to give them more control over who sees sensitive communications and schedules.

Client-side encryption is a generic term for any sort of encryption that’s applied to data before it’s sent from a user device to a server. With server-side encryption, by contrast, the client device sends the data to a central server, which then uses keys in its possession to encrypt it while it’s stored. This is what Google does today. (To be clear, the data is sent encrypted through HTTPS, but it's decrypted as soon as Google receives it.)

Google’s client-side encryption occupies a middle ground between the two. Data is encrypted on the client device before being sent (by HTTPS) to Google. The data can only be decrypted on an endpoint machine with the same key used by the sender. This provides an incremental benefit since the data will remain unreadable to any malicious Google insiders or hackers who manage to compromise Google servers.

Read 11 remaining paragraphs | Comments

Reference : https://ift.tt/goteC8x

No comments:

Post a Comment

NATO’s Emergency Plan for an Orbital Backup Internet

On 18 February 2024, a missile attack from the Houthi militants in Yemen hit the cargo ship Rubymar in the Red Sea. With the crew evacu...