Google has taken several steps this week to improve the security of its Gmail application and Chrome web browser. Gmail is set to support Content Security Policy (CSP) and has also published preliminary code for end-to-end email encryption. Content Security Policy (CSP) is an idea that has been around since at least 2010, when Mozilla […]
Google has taken several steps this week to improve the security of its Gmail application and Chrome web browser. Gmail is set to support Content Security Policy (CSP) and has also published preliminary code for end-to-end email encryption.
Content Security Policy (CSP) is an idea that has been around since at least 2010, when Mozilla implemented the technology in its Firefox 4 web browser. The basic idea behind CSP is to limit the risk of Cross Site Scripting (XSS) security flaws. CSP provides policies for a browser about what scripts from sites can run.
In a blog post, Danesh Irani, software engineer for Gmail security at Google, noted that there are many great extensions for Gmail.
“Unfortunately, there are also some extensions that behave badly, loading code which interferes with your Gmail session, or malware which compromises your email’s security,” Irani wrote. “Gmail’s CSP protects you, by stopping these extensions from loading unsafe code.”
Google is also advancing its vision for end-to-end email encryption. The promise of end-to-end is a fully encrypted email mechanism that is interoperable with other online webmail services. At Black Hat USA 2014, Yahoo CISO announced that Yahoo would also be building a full email encryption service for its Yahoo mail users.
The Google effort is known at the ‘End to End’ project and it is now at its alpha development stage with the code now being migrated to Github.
“End-To-End is a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP,” the End-to-End project page on Github states.
While End-to-End now has alpha code available, it is not yet considered to be ready for public consumption. Stephan Somogyi, Product Manager, Security and Privacy at Google wrote in a blog post that Google doesn’t yet feel that End-to-End is as usable as it needs to be.
“Indeed, those looking through the source code will see references to our key server, and it should come as no surprise that we’re working on one,” Somogyi wrote. “Key distribution and management is one of the hardest usability problems with cryptography-related products, and we won’t release End-To-End in non-alpha form until we have a solution we’re content with.”
Looking beyond just Gmail, Google is now also considering a strategy that would see it label non-SSL/HTTPS sites as being insecure.
“We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure,” a Chromium proposal states. “We intend to devise and begin deploying a transition plan for Chrome in 2015.”
Sean Michael Kerner is a senior editor at Datamation and InternetNews.com. Follow him on Twitter @TechJournalist
Photo courtesy of Shutterstock.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
