An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
Hooray! ~~Encryption for everyone~~ Encryption for client-side encryption (CSE) users with Enterprise Plus licenses and the Assured Controls or Assured Controls Plus add-on after admins enable the Android and iOS clients in the CSE admin interface who remember to turn on "additional encryption" option when sending an email.
No mention as to whether it follows any standards or is interoperable with anything else in the world.
Google might build the perfect unbreakable crypto, but as long as it remains closed source, I will press X to doubt.
One of the most annoying things about IT is understanding that for the vast majority of users, even if you have the source code, it is absolutely impossible to verify that a specific program is actually running on your hardware and has not been modified.
Your code may be clean, but then you compile it, how do you verify that the compiler doesn't add secret functions? Ok, so you used an open source compiler, like GCC, but how can you trust the GCC binary, you don't know how that was compiled.
And so on.
So for your own sanity, you lower your security standard to be able to actually get work done.
It sucks, but the best thing to do is to adopt an increased risk, to a point.
E2E encryption on closed source is "encryption"