All Gmail Traffic Now Encrypted to Thwart NSA

All Gmail Traffic Now Encrypted to Thwart NSA

gmail logo

As of now, Gmail will "always use an encrypted HTTPS connection" whenever a user checks or sends mail.

Back in July, 2013, something called Prism was unveiled by NSA whistleblowers, revealing that the NSA has been harvesting user data from the likes of Gmail, Facebook, Apple and more. In direct response to that, Google has been hard at work making Gmail secure enough to withstand future harvesting attempts. It has now announced that from today, Gmail will "always use an encrypted HTTPS connection" whenever a user checks or sends mail.

"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers-no matter if you're using public WiFi or logging in from your computer, phone or tablet," Google explained.

"In addition, every single email message you send or receive-100% of them-is encrypted while moving internally," it added. "This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers."

Google says that securing its customers Gmail emails was "made a top priority" after "last summer's revelations," stressing that "Our commitment to the security and reliability of your email is absolute, and we're constantly working on ways to improve."

The company also announced that Gmail had a 99.978% up-time for 2013, meaning that the average user was only unable to access their account for just two hours in the whole year. "Our engineering experts look after Google's services 24x7 and if a problem ever arises, they're on the case immediately."

Source: Google via TechCrunch

Permalink

I find this news of this being hilarious seeing as one, I think the NSA will just try to find a way around it, and two (this one more so) because College Humor just released this video 2 days ago. XD

Right... The company with ties to the government, who's head honchos are all fervent supporters of the government, who are tied to them at the hip, and who are archiving just as much (if not more) data on every person who uses their site as the US government is trying to make sure we're safe from the NSA's spying. Yeah, I'll believe that when Satan starts giving sleigh rides.

I just feel as if this is for show. Especially because, well, how can we know? How can we trust anything either Google or the NSA tells us? As far as we know the NSA can just ring up Google, tell them to give them info on x many hundreds of thousands of users a day because their BFFs.

Is this true? Is this false? I don't know because we have no way to know and I'm sure as hell not going to trust them.

According to US laws, google is not even allowed to tell us if the NSA is using them, let alone fight it. So whether NSA use or dont use this system we wouldnt even know anyway. Besides, its a simple widely used encryption. how hard is it to crack it?

LysanderNemoinis:
Right... The company with ties to the government, who's head honchos are all fervent supporters of the government, who are tied to them at the hip, and who are archiving just as much (if not more) data on every person who uses their site as the US government is trying to make sure we're safe from the NSA's spying. Yeah, I'll believe that when Satan starts giving sleigh rides.

Itsp erfectly believable. Google hates competition. It wants to be the only company that knows everything about you. so everyone would be forced to pay them tons of money for the information.

Strazdas:
Besides, its a simple widely used encryption. how hard is it to crack it?

Pretty hard actually. It's probably easier for NSA to aquire the private keys to decrypt content rather than try to crack it. They've admitted to such practices in the Snowden leaks.

Except that this doesn't mean anything if they willingly give your data to government agencies, or are ordered to by courts, nor does it preclude side-channel attacks.

Google WORKS for the NSA according to the leaks. It's all PR

Nurb:
Google WORKS for the NSA according to the leaks. It's all PR

Neronium:
I find this news of this being hilarious seeing as one, I think the NSA will just try to find a way around it

http://www.digitaltrends.com/web/nsa-has-cracked-the-encryption-protecting-your-bank-account-gmail-and-more/

Apparently they did crack most of the ssl encryption. So I do think this may well be a PR stunt really, cause if it's cracked then its useless. That said, we don't know if they figured out a general key for the ssl algorithms, or if their super computers are brute-forcing the encrypted files. In the latter case it would take far too many resources to check on everyone, ad they'd only use it on "persons of interest".

Of course I really am changing my mind about how much of an issue this is. If some government want to watch everything I do, they're welcome to. The only thing I lose is the fantasy that I could commit heinous crimes if I wanted to, not that I, or 98% of the population will... but that fantasy I think is important in some way.

So now only Google will read my emails? Great! Well, until the NSA ask nicely anyway.

I seem to recall reading somewhere (one of the Snowden files I think it was) that NSA has all the HTTPS protocols already cracked... so this is most likely just a PR stunt.

Bke:

Nurb:
Google WORKS for the NSA according to the leaks. It's all PR

Neronium:
I find this news of this being hilarious seeing as one, I think the NSA will just try to find a way around it

http://www.digitaltrends.com/web/nsa-has-cracked-the-encryption-protecting-your-bank-account-gmail-and-more/

Apparently they did crack most of the ssl encryption. So I do think this may well be a PR stunt really, cause if it's cracked then its useless. That said, we don't know if they figured out a general key for the ssl algorithms, or if their super computers are brute-forcing the encrypted files. In the latter case it would take far too many resources to check on everyone, ad they'd only use it on "persons of interest".

Of course I really am changing my mind about how much of an issue this is. If some government want to watch everything I do, they're welcome to. The only thing I lose is the fantasy that I could commit heinous crimes if I wanted to, not that I, or 98% of the population will... but that fantasy I think is important in some way.

The issue with privacy vs the government isn't really about heinous crimes, it's about small crimes. When there are so many laws and regulations that congress does not even bother to read the new ones they pass beyond the broad strokes, it criminalizes everyone. The fear isn't that you'll lose the ability to get away with murder, but that selectively enforced laws will be used to target whoever the government does not like. This is why we have the search and seizure protections built into the constitution since this is exactly what oppressive governments do.

Gorrath:
The issue with privacy vs the government isn't really about heinous crimes, it's about small crimes. When there are so many laws and regulations that congress does not even bother to read the new ones they pass beyond the broad strokes, it criminalizes everyone. The fear isn't that you'll lose the ability to get away with murder, but that selectively enforced laws will be used to target whoever the government does not like. This is why we have the search and seizure protections built into the constitution since this is exactly what oppressive governments do.

Good point. However even small crimes still harm people, we really shouldn't want to commit those either.

However your point about governments becoming oppressive does hold true. I mean many of the jokes about communist Russia were based on this (in communist Russia, TV watches you!). But I don't get that feeling of malevolence from governments; bureaucracies are too inefficient to utterly control things like that. Mind, I do still think that additional laws need to be passed so that the people of a country can watch the government right back. The internet goes a long way to performing this function, but it needs to be formalized, we can't just have leaks providing us with info, people need to be able to directly access this stuff.

The watched watching the watchers. (what a mouthful)

^ there are so many law regulations and well in the new age of 9 11 they dont even need a reason to arrest you or hold you indefinately or get a court order to do anything. that is near impossible to not be breaking a federal law regulation or statute.

we are living in a police state for all intents and purposes, in all but official recognition.

obama is already using the irs the fbi the nsa to go after his opponents lol. its all illegal but he is doing it. its all godd until a republican gets int here starts going after liberals and pothead instead of tea partiers and christians.

If you can view it on your screen, the NSA can read it.

http://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html

So unless you can crack encryption in your head, there are ins available for spying.

Bke:

Gorrath:
The issue with privacy vs the government isn't really about heinous crimes, it's about small crimes. When there are so many laws and regulations that congress does not even bother to read the new ones they pass beyond the broad strokes, it criminalizes everyone. The fear isn't that you'll lose the ability to get away with murder, but that selectively enforced laws will be used to target whoever the government does not like. This is why we have the search and seizure protections built into the constitution since this is exactly what oppressive governments do.

Good point. However even small crimes still harm people, we really shouldn't want to commit those either.

However your point about governments becoming oppressive does hold true. I mean many of the jokes about communist Russia were based on this (in communist Russia, TV watches you!). But I don't get that feeling of malevolence from governments; bureaucracies are too inefficient to utterly control things like that. Mind, I do still think that additional laws need to be passed so that the people of a country can watch the government right back. The internet goes a long way to performing this function, but it needs to be formalized, we can't just have leaks providing us with info, people need to be able to directly access this stuff.

The watched watching the watchers. (what a mouthful)

Small crimes might harm people, or they might just be overly broad reaches of badly written legislation that criminalize even the most mundane things. The issue we have in the U.S. today is that our legislation is passed with very little oversight by the people or even by the people passing the legislation. There are so many laws that interact in so many different ways that you and I likely violate at least a few of them every single day. The laws aren't meant to go after us of course, they are meant to go after heinous abuses and proving that you or I have committed some small infraction that we aren't aware of would be damned difficult. That is unless of course the government is spying on all your correspondence, records you constantly and passively watches almost everything you do. Then it becomes easy for some trumped up charges to be brought against you based on some obscure rule meant to prosecute some major abuse.

I'm not a conspiracy theorist and I don't believe the NSA is after us all. What I'm worried about is the ability of select government officials to abuse what power they have, power that has grown and grown over the past decade, for personal or political gain. I also worry that outspoken people who the government deem dissenters will be watched like hawks as the government looks for any tiny reason to imprison the person. I also worry that in situations of crisis, when the government is looking for a distraction from begin caught with its hand in the cookie jar, they'll grab some sap and make an example out of him or her. Some big sex scandal in congress? Look, we nabbed a whole ring of people sharing Japanese loli mangas! We're not sexual deviants, we're here to put perverts in prison! All of these things that I mention have and do happen, not because the government itself is some kind of evil behemoth, but because government is made up of individuals who have their own agendas.

Anywho, sorry to labor the point as obviously you get what I'm saying. I mostly wrote all that for the benefit of anyone who reeds the thread and wonders what I'm on about.

Bke:

http://www.digitaltrends.com/web/nsa-has-cracked-the-encryption-protecting-your-bank-account-gmail-and-more/

Apparently they did crack most of the ssl encryption.

Interesting, that would mean they either had an SSL-specific flaw or they could reverse SHA-256 with minimal effort (a technique which could also be used to destroy bitcoin).

Meanwhile, in the UK yeah ok all you guys have this NSA crazy surveillance thing to worry about but our Dave tried to block our porn.

I mean, it's totally ineffective, laughable and was used to grab votes from all the bad parents who can't use parental control functions or y'know just not give a smartphone to your 5 year old but it's the principle behind it that counts.

Still I know it's the last thing on you guy's minds but think about the unlucky NSA man who has to sift through hours of mundane shit and porn sites finding nothing remotely worth his time at all. Poor soul.

Cool. Now the NSA can only get whatever information they request which is approved 99.9% of the time. So you don't have to worry about your data being collected for no reason. Just whatever reason the government decides is a good reason. Its revolutionary this here encryption!

The NSA will still get it if they ask nicely, already know the way to decrypt it and/or they can just collect the encrypted material anyways (there is no such thing as unbreakable encryption, it just takes lots of time and resources, the NSA has both).

This is symbolical at best or an outright lie at worst.

The Wykydtron:
Meanwhile, in the UK yeah ok all you guys have this NSA crazy surveillance thing to worry about but our Dave tried to block our porn.

It was a foolish attempt, every true British citizen has a well stocked and reliable wank bank anyway, isolated from the internet. The fools.

Strazdas:
Besides, its a simple widely used encryption. how hard is it to crack it?

Knowing how an encryption system works doesn't make it all that much easier to hack. There's basically only two ways to hack encrypted software that don't involve tricking people into giving you access: brute force using computers to test every possible encryption key until you find the right one, or blind stupid luck that gets you the right one right off the bat. The latter is so unlikely as to approach being impossible. The former is so time consuming for present day hardware that the odds are you and the person you're trying to hack will be dead before you break it. Hell, your children and grandchildren might be dead before you find it.

So outright trying to crack this stuff is too time consuming to ever be of use until people figure out quantum computing. Hacking via social engineering is much easier because getting past the human element of software security is a trivial matter in comparison.

But like I said, if we ever figure out quantum computing, we're going to need much better security in the IT sector. In theory quantum computers can crack encryption that would take your typical computers hundreds of years to crack in a matter of seconds.

Strazdas:
Besides, its a simple widely used encryption. how hard is it to crack it?

At current computing power it will take you from now until the sun dies to crack one encrypted anything.

Bke:

http://www.digitaltrends.com/web/nsa-has-cracked-the-encryption-protecting-your-bank-account-gmail-and-more/

Apparently they did crack most of the ssl encryption. So I do think this may well be a PR stunt really, cause if it's cracked then its useless. That said, we don't know if they figured out a general key for the ssl algorithms, or if their super computers are brute-forcing the encrypted files. In the latter case it would take far too many resources to check on everyone, ad they'd only use it on "persons of interest".

Of course I really am changing my mind about how much of an issue this is. If some government want to watch everything I do, they're welcome to. The only thing I lose is the fantasy that I could commit heinous crimes if I wanted to, not that I, or 98% of the population will... but that fantasy I think is important in some way.

https://www.schneier.com/blog/archives/2013/10/nsa_harvesting.html

The biggest lesson of the leaks is that if the NSA wants your data they will get it, no matter how much effort it takes. But if you want to prevent general snooping, SSL seems to still do a pretty good job.

I'm curious if Google is doing anything to help encrypt traffic going between them and other email providers; the email standard is inherently unsecure, and everything is sent in plaintext by default (this is why you should never send passwords by email). If they were to work out a deal with Yahoo to encrypt all mail traveling between the two companies, that would have a significant impact.

And it's also why more sites should allow SSL connections. Escapist, please add support for SSL! :-D

"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers-no matter if you're using public WiFi or logging in from your computer, phone or tablet," Google explained.

image

Pic just about sums it up. Do they seriously expect us to believe that the NSA can't crack their encryption? Or forget that the courts can order them to release access to files? Honestly, I would rather have the NSA snooping in my files than Google. At least the NSA doesn't sell my information to third party companies...

Sarge034:
Do they seriously expect us to believe that the NSA can't crack their encryption? .

actually yes they can't crack it, or atleast in any time that it would be useful.

It would require them knowing 2 very large prime numbers for each email session(basically every time you hit f5 the keys change). Something computers absolutely suck at trying to figure out in any reasonable amount of time.

Vivi22:

Strazdas:
Besides, its a simple widely used encryption. how hard is it to crack it?

Knowing how an encryption system works doesn't make it all that much easier to hack. There's basically only two ways to hack encrypted software that don't involve tricking people into giving you access: brute force using computers to test every possible encryption key until you find the right one, or blind stupid luck that gets you the right one right off the bat. The latter is so unlikely as to approach being impossible. The former is so time consuming for present day hardware that the odds are you and the person you're trying to hack will be dead before you break it. Hell, your children and grandchildren might be dead before you find it.

So outright trying to crack this stuff is too time consuming to ever be of use until people figure out quantum computing. Hacking via social engineering is much easier because getting past the human element of software security is a trivial matter in comparison.

But like I said, if we ever figure out quantum computing, we're going to need much better security in the IT sector. In theory quantum computers can crack encryption that would take your typical computers hundreds of years to crack in a matter of seconds.

There is also a third option - knowing the encryption key used. and that can be hacked of google servers now cant it? after all, they have to use the key constnatly to show you the messages, heck, its probably even decrypted on your end or else they would be sending you unprotected info, which defeats the purpose to begin with.
Now i dont know complexity of HTTPS encryption, but some encryptions were bruteforced, so it depends on the complexity i guess.

Yeah quantum computing will be... chaos inducing. i would however love to see such computing power to be available to everyone.

direkiller:

Strazdas:
Besides, its a simple widely used encryption. how hard is it to crack it?

At current computing power it will take you from now until the sun dies to crack one encrypted anything.

depends on encryption and type of cracking doesnt it? bruteforcing a good encrpytion with no knowledge - sure. bruteforcing a poor encryption knowing the key and salt used, heck, its been done. social engineering or outright law requests - no problem at all. besides, who says they cant get thier hands on the decryption key?

Strazdas:

direkiller:

Strazdas:
Besides, its a simple widely used encryption. how hard is it to crack it?

At current computing power it will take you from now until the sun dies to crack one encrypted anything.

depends on encryption and type of cracking doesnt it? bruteforcing a good encrpytion with no knowledge - sure. bruteforcing a poor encryption knowing the key and salt used, heck, its been done. social engineering or outright law requests - no problem at all. besides, who says they cant get thier hands on the decryption key?

well they would need both keys, and the problem is(atleast for them) our ability to use large data keys has far outstriped our ability to compute them.
Brute forcing is simply not an option for keys this large. It works well for 8-10 digit passwords but not 128-264 digit keys.
law requests is the only practical option in this case.

In other news, Google has been caught selling backdoors to NSA.

direkiller:
actually yes they can't crack it, or atleast in any time that it would be useful.

It would require them knowing 2 very large prime numbers for each email session(basically every time you hit f5 the keys change). Something computers absolutely suck at trying to figure out in any reasonable amount of time.

I'm so glad you're a part of the NAS and can accurately tell me what the NSA's capabilities are. There are rumors that the keys are already compromised and, disregarding that, this is the NSA. Their job is to look at things people don't want them to see so it's not like they would just be starting to crack this encryption type. And then there is also the option for the NSA to get a classified court order and just have free access to certain accounts.

So... Thanks for trying to sound smart, but I'm going to laugh at your statement now. AHAHAHAHAHAHAHAHAHAH!!!!

Sarge034:

direkiller:
actually yes they can't crack it, or atleast in any time that it would be useful.

It would require them knowing 2 very large prime numbers for each email session(basically every time you hit f5 the keys change). Something computers absolutely suck at trying to figure out in any reasonable amount of time.

I'm so glad you're a part of the NAS and can accurately tell me what the NSA's capabilities are. There are rumors that the keys are already compromised and, disregarding that, this is the NSA. Their job is to look at things people don't want them to see so it's not like they would just be starting to crack this encryption type. And then there is also the option for the NSA to get a classified court order and just have free access to certain accounts.

So... Thanks for trying to sound smart, but I'm going to laugh at your statement now. AHAHAHAHAHAHAHAHAHAH!!!!

Limitations of every computer ever built is something the NSA can get around, good to know.

"It's not like the world just started to crack this encryption type"
actually yes it is, it's something that has only been possible in the past 10 years or so. Im not saying there is not a way around this, it involves going to there servers, or interacting with the receiving computer in some way both are much more risky or involve courts.

I am simply saying that fishing an email and reading it(Like they are doing now) is not possible.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here