Google hypocrisy

Some weeks ago Google started a campaign for email encryption in transit. That is encrypt the transport layer between servers. That's very good. Email transport is done with the old SMTP protocol which got encryption later in its existence but never required it.

Encryption of emails in transit is very important to prevent "anybody" along the way to read them (keep in mind that at least the sender, the sender's email provider, the recipient's email provider and the recipient are still able to read them).

Why am I talking about hypocrisy? Guess who is not doing chat encryption in transit… Google. Google, via it's GTalk (aka Google Talk, aka Google Chat), does not encrypt in transit XMPP messages. XMPP being the chat protocol (as SMTP is for emails).

For quite a while, administrators of instant messaging services wanted to turn on mandatory encryption but they didn't because Google was not doing encryption. In the light of recent revelations about massive spying, on May 19th, they finally decided to turn on mandatory encryption… but Google did not.

So what happened? Before May 19th, chat messages where sent unencrypted between Google and the rest of the world, since May 19th, Google has been cut out of the rest of the world. If Google did that for their email service, what would have happen is that GMail users could send emails only to GMail users and non-GMail users could not send emails to GMail users.

I contacted Google support about that issue and in summary their answer was that they have decided not to support encryption!!!

Links:

• Mandatory encryption day
• Ubiquitous Encryption on the XMPP Network manifesto