To me, the real question is whether it protects against relevant threat models. For example, it might not protect against an adversary with nation-state resources or the mail provider per se (Google could in fact subvert it via the Chrome store, for example). But it can certainly change the cost-benefit calculation for the attacker, and make it at least *impractical* for certain LEAs (e.g. state / local) or against external attackers who just compromise the account.
It's a start, anyway. On Wed, Jul 24, 2013 at 10:13 PM, Al Billings <[email protected]> wrote: > If it is webmail done in browser, you can't trust that it is fully encrypted > end to end. Too many ways to subvert it through poor design and bugs, as > well as malicious code. > > -- > Al Billings > http://makehacklearn.org > > On Wednesday, July 24, 2013 at 8:02 PM, Rebecca MacKinnon wrote: > > http://blog.kaspersky.com/send-gmails-that-not-even-google-can-read/ > > Interested in people's opinions of this. > > Thanks. > Rebecca > > -- > Rebecca MacKinnon > Author, Consent of the Networked > Project Lead, Ranking Digital Rights > Co-founder, Global Voices > Senior Research Fellow, New America Foundation > Twitter: @rmack > Office: +1-202-596-3343 > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
