Transparency Report: Protecting emails as they travel across the web
When you mail a letter to your friend, you hope she’ll be the only person who reads it. But a lot could happen to that letter on its way from you to her, and prying eyes might try to take a look. That’s why we send important messages in sealed envelopes, rather than on postcards.
Email works in a similar way. Emails that are encrypted as they’re routed from sender to receiver are like sealed envelopes, and less vulnerable to snooping—whether by bad actors or through government surveillance—than postcards.
But some email is more secure than others. So to help you better understand whether your emails are protected by encryption, we’re launching a new section in the Transparency Report.
Gmail has always supported encryption in transit by using Transport Layer Security (TLS), and will automatically encrypt your incoming and outgoing emails if it can. The important thing is that both sides of an email exchange need to support encryption for it to work; Gmail can't do it alone.
Our data show that approximately 40 to 50 percent of emails sent between Gmail and other email providers aren’t encrypted. Many providers have turned on encryption, and others have said they’re going to, which is great news. As they do, more and more emails will be shielded from snooping.
For people looking for even stronger email security, end-to-end encryption is a good option—but it’s been hard to use. So today we’re making available the source code for End-to-End, a Chrome extension. It's currently in testing, and once it's ready for general use it will make this technology easier for those who choose to use it.
We encourage you to find tips about choosing strong passwords and adding another layer of protection to your account in our Safety Center. And check out Reset the Net, a broad coalition of organizations, companies and individuals coming together this week to promote stronger security practices on the web; we’re happy to be a participant in that effort.