Hacker News new | ask | show | jobs
by megantic 4663 days ago
For sure, but in the case of google this probably doesn't apply.

From what was published recently we know NSA has proven methods for bypassing encryption, namely getting the keys used for encryption (so they can decrypt everything) or getting access to the content before encryption or after decryption.

To me this last move by google is a PR attempt at regaining people's trust
1 comments
hugofirth 4663 days ago
I'm so bored of hearing the accusations of PR stunts.

They crop up in every submission detailing an action taken by Google with regards to the Snowden/Prism/NSA revelations. Is it so ridiculous that a large corporation should seek to ameliorate its image in the eyes of users and shareholders?

PR has become such a dirty word.

Of course it would be best if all these actions were taken earlier, purely as the result of a strongly held principle. However, when presented with the realities of public businesses operating on a global scale - I am glad that such steps as those detailed above are taken: at whatever stage, and for whatever reason.

The tinfoil hat brigade needs to, as the old saying goes, "stop seeing reds under the beds" and occasionally ... just occasionally ... take the facts presented to them.

In times when misinformation and confusion is so wont to proliferate, attempting to discern true motive is almost ridiculous - condemnation on the basis of any such discernment doubly so.

link
mike-cardwell 4663 days ago
When Google does something that makes it impossible for them to hand over certain types of data to the NSA, either by not collecting it, or making it so that only the user is able to decrypt it, wake me up. Until then, it's a PR stunt.
link
hugofirth 4663 days ago
I am not disputing the fact that a major motivation for their actions is PR. I am suggesting that action as a result of PR pressure is still action - vastly preferable to meek acceptance of the status quo.

That being so - dismissing something as "just PR" misrepresents the actual benefits something like this may confer.

link
magicalist 4663 days ago
IMAP/POP3 has always been a gmail option, which allows local PGP use. Chrome sync allows you to set your own encryption passphrase (provided you trust the binary doing the encrypting...). You've been able to share encrypted files on google docs/drive since they added arbitrary file storage. Etc.

Chrome sync is probably the strongest example that I can think of fitting your criteria, since it's built into the product itself, but a lot of this just comes with the territory of web-based apps.

link
mike-cardwell 4662 days ago
They haven't done anything there though... They've just provided a standard IMAP service, and a standard file syncing service...

When they provide an option in GMail for people to upload their public PGP keys, and then start encrypting email on the way in, and don't store any non-encrypted versions of those emails, and build PGP support into Chromium for accessing those emails. Then they will have done something worth noticing.

link
jmillikin 4662 days ago
How would spam filtering or searching work in such a service?
link
mike-cardwell 4661 days ago
Spam filtering:

  Step 1. Spam filter
  Step 2. Encrypt
Searching:

Client side tool which builds a local index as messages are decrypted to be read for the first time. The index is it's self encrypted and incrementally synced between clients.

That took me less than 5 seconds to think up. Google can spend time and money thinking up better solutions if they want to actually do something.

link