Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> does Google own all the keys, or does Google secretly own all the keys

The keys are generated by you, stored on your browser's localStorage, preferably encrypted (their words, not mine). Since it's open source and distributed by Google, I bet many eyeballs will look for bugs, much more than alternatives such as Mailvelope or WebPG. So, no, I don't think Google will ever have access to your private key through this mean.

My theory:

- We're talking about PGP. This will only impact geeks.

- Google prefers keeping the trust of said geeks by willingly revoking its capability to read their conversations. One of the primary support of Google success is said geeks, and it wants to keep it that way.

- PGP only encrypts the body of an email. The header (ie the metadata) is still here for Google to collect, in plaintext



> This will only impact geeks.

Geeks email non-geeks. If the non-geeks don't decrypt the messages it's going to be all greek to them.

So the more easy they make it for geeks, the more they are pushing non-geeks to adopt as well.


It's not really possible to send encrypted messages to people who aren't already using OpenPGP, since you need to get their public key, before you can encrypt the message. You could presumably encrypt it with some symmetric cipher ahead of time, then send them the encrypted junk and say, "Send me a PGP key and I'll send you the passphrase for the message!", but I dunno that anyone's going to do that.

That said, pretty much every message I send to someone who doesn't have a key on the keyservers includes, "Hey, send me your PGP key, I don't do plaintext."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: