Jun 24 2015

Why Isn’t PGP Built Into Gmail?

An increasing number of companies that I work with are using PGP to encrypt certain email. While they are comfortable sending a lot of email unencrypted, there are periodic threads that different people want to have encrypted for a variety of reasons, some rational and some not.

Each company is dealing with this a different way. Suddenly I find myself managing a bunch of public keys in different PGP tools on different computers. I started by going with the recommendation of each company and predictably found myself managing multiple solutions that sort of worked some of the time.

Last night I was on a hangout with one of the CEOs trying to troubleshoot the problem we were having with the implementation his company was using. After 15 minutes of fighting with a Chrome plugin, we gave up. Of course, when I went to a different computer, it worked just fine.

This seems like such a simple thing for Google (and Yahoo and Microsoft) to build into their email clients, especially the browser based ones. Keep the keys locally (or even in Dropbox or iCloud). Encrypt and decrypt from within the browser. Only transmit encrypted email. Only display the decrypted email.

Why hasn’t this been done yet? Am I missing something obvious?