UPDATE: it’s the former. Google says: “When the recipient has S/MIME configured, Gmail sends an #E2EE email via #SMIME (just like it does today).” 
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses
Obviously, #Google (under order from the US government) could serve compromised “updates” at any time to individual users.
It would be technically possible to enable users to compare a “fingerprint” (hash) of security-critical plugins they are running, such as the one supporting Gmail’s #E2EE capability. If I can see I’m getting a different plugin for my OS/CPU to 99% of other users on the same platform, that’s a big warning sign. But I haven’t seen such software widely deployed (yet) 
This is useful further detail on Google’s new system for spreading the benefits of end-to-end encrypted e-mail via #gmail to more message recipients. I have further thoughts 
#E2EE
https://arstechnica.com/security/2025/04/are-new-google-e2ee-emails-really-end-to-end-encrypted-kinda-but-not-really/
pretty sure this can work for #e2ee private mentions... worst case it just obfuscates text search.
- verifying key: [86,10,27,184,67,57,76,92,187,198,164,56,154,224,189,35,72,85,79,149,217,241,238,155,33,64,193,202,178,136,183,50]
- exchange key: [222,204,53,153,33,212,247,174,180,162,45,216,108,13,79,187,183,21,57,109,201,247,102,189,30,155,165,169,213,33,100,78]
Google's new #Gmail feature allows businesses to send end-to-end encrypted emails, but it's not true end-to-end encryption.
The #encryption and decryption occur on the user's device, but the keys are managed by the organization.
Because the organization retains custody of the keys, they can easily snoop on communications.
@michel42
Gerade als Antwort in eine andere Diskussion geschickt:-)
Schon mal #deltachat in Betracht gezogen?
Bietet ähnlichen Funktionsumfang wie #Whatsapp #Signal #SignalApp und nutzt dafür aber Standard Internet Protokolle (Email Standards) für #E2EE über sog. chat relays. Diese speichern nur kurzfristig die (immer verschlüsselten) Nachrichten.
#deltachat läuft nicht nur auf #Android oder #iOS sondern auch unter #linux #macos #ubuntutouch oder wer unbedingt will auch #windoof
Man kann es gleichzeitig auf mehreren Geräten nutzen. Außerdem unterstützt es mehrere Profile.
@debacle @sturmsucht @urbanprivacy @xmpp
Schon mal #deltachat in Betracht gezogen?
Bietet ähnlichen Funktionsumfang wie #Whatsapp #Signal #SignalApp und nutzt dafür aber Standard Internet Protokolle (Email Standards) für #E2EE über sog. chat relays. Diese speichern nur kurzfristig die (immer verschlüsselten) Nachrichten.
#deltachat läuft nicht nur auf #Android oder #iOS sondern auch unter #linux #macos #ubuntutouch oder wer unbedingt will auch #windoof
Man kann es gleichzeitig auf mehreren Geräten nutzen. Außerdem unterstützt es mehrere Profile.
#Google will Ende-zu-Ende-#Verschlüsselung in #Gmail vereinfachen | Security https://www.heise.de/news/Google-will-Ende-zu-Ende-Verschluesselung-in-Gmail-vereinfachen-10337502.html #encryption #EndToEndEncryption #End2EndEncryption #E2EE
#Google acaba de llamar #E2EE a un recién estrenado método de cifrado en #GMail que de hecho es la muestra más evidente de lo que podrían querer quienes apoyan #ChatControl.
Las claves de cifrado quedan en mano de los administradores, y quien tenga acceso a ellas puede husmear en las comunicaciones de cualquiera bajo su paraguas. Venden su gestor de contraseñas igual.
Si las llaves de tu coche las custodia otro, no es tu coche.
Con las claves de cifrado sucede lo mismo.
@EUCommission
"Safer society" according EU: https://geeknews.chat/@theregister/114273779933475778
Es ist naiv, ein Risiko durch zu starke Abhängigkeit von einem Oligopol nicht als solches zu erkennen.
Es ist dumm, dann auch noch auf #e2ee zu verzichten, wenn man diese Anbieter benutzt (ist es sonst natürlich auch).
Man kann seinen Aktenschrank auch gleich offen auf die Straße stellen...
[Edit: neuer Link]
I said it before on Mastodon. I'm reposting this again. Comparing #DeltaChat and #Matrix together, if you want hassle free and consistent messenger for private #E2EE chats, don't go for Matrix. DeltaChat is way better.
However, if you want something like a public forum, or a public chatroom, don't go for DeltaChat. Matrix is way better suited for that. And DeltaChat does not support public groups at all. In DeltaChat groups, there is no admin or moderator and everyone have got permission to remove or add the others.
I think I have to write a longer post on my personal blog about these two, comparing them together.
PS: Another Matrix encryption bug few minutes ago triggered repost of this.
#EuropeanCommission takes aim at end-to-end #encryption & proposes #Europol become an #EU #FBI
The European Commission announced on Tues its intention to join the ongoing debate about lawful access to data & end-to-end encryption while unveiling a new internal #security strategy
#ProtectEU , as the strategy has been named, describes the general areas that the bloc’s executive would like to address … although …does not offer any detailed policy proposals
#e2ee
https://therecord.media/european-commission-takes-aim-encryption-europol-fbi-proposal
Ei jumalauta. #ChatControl tapettiin taas kerran mutta #EU ei lopeta #E2EE salauksen estämisen yrittämistä. Ny ne sanoo että tää on kansallisen turvallisuuden vuoksi ja Venäjältä suojautumiseen. Voi vittu mitä paskaa. #ProtectEU
https://therecord.media/european-commission-takes-aim-encryption-europol-fbi-proposal
@bontchev
From the "on ProtectEU: a European Internal Security Strategy" document:
"[...] a framework for access to data which responds to the needs to enforce our laws and protect our values is essential. At the same time, ensuring digital systems remain secure from unauthorised access is equally vital to preserve cybersecurity and protect against emerging security threats. Such access frameworks must also respect fundamental rights, ensuring inter alia that privacy and personal data are adequately protected."
and
"the preparation of a Technology Roadmap on encryption, to identify and assess technological solutions that would enable law enforcement authorities to access encrypted data in a lawful manner, safeguarding cybersecurity and fundamental rights."
--> this roadmap should be published in the first half of 2025.
Crypto wars reloaded
We would like to endorse what @kuketzblog writes about the inclusion of an “AI assistant” into an instant messenger that is still widely used:
It is unfortunate that many journalists do not realise how dangerous the new AI in WhatsApp really is. Der Spiegel, for example, writes in a recent article: “Meta AI does not have access to users' private chats, however, thanks to end-to-end encryption.” As a matter of fact, the AI does have access as it is used in the context of private chats or group chats. Sadly, this misinformation lulls users into a false sense of security.
Source (in German): https://social.tchncs.de/@kuketzblog/114267998218207258
