Google adds client-side encryption to Gmail and Calendar

Share post:

Google has added an additional layer of security to Gmail and Calendar services by introducing client-side encryption. This means that when you send an email or create a calendar event, the information is encrypted on your device before being sent to Google’s servers. This way, even if the data is intercepted during transmission, no one will be able to read it.

End-to-end encryption is provided by this new feature to protect user data from potential data breaches and unauthorized access. It is important to note, however, that this feature is not enabled by default and must be activated manually by the user.

Data is encrypted on the client device before being sent to Google (via HTTPS). Only on an endpoint machine with the same key as the sender can the data be decrypted. This provides an additional benefit because the data will be rendered unreadable by any malicious Google insiders or hackers who manage to compromise Google servers.

Client-side encryption, abbreviated as CSE, was already available for Google Drive, Docs, Slides, Sheets, and Meet for users of Google Workspace, which the company sells to businesses. Google will begin rolling it out to Gmail and Calendar Workspace customers on Tuesday.

Client-side encryption is a catch-all term for any type of encryption used on data before it is sent from a user device to a server. In contrast, with server-side encryption, the client device sends the data to a central server, which then encrypts it while it is stored using keys in its possession.

While client-side encryption adds an extra layer of security, it may limit some Gmail and Calendar features. Searching for specific emails or events, for example, may be difficult because the data is encrypted on the user’s device. It may also be incompatible with third-party apps that require access to unencrypted data.

The sources for this piece include an article in ArsTechnica.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways