No More Messing Around: Gmail Adds New Level of Security

As the debate over government access to personal data continues, Google seems to be focusing on helping its customers maintain their privacy. The company this week rolled out new features in Gmail, its free e-mail application, that are aimed at preventing malware, phishing and hacking, as well as warnings of government-sanctioned intrusions.

A new feature offers an updated warning system on links sent via Gmail that might lead to unsafe sites. If users happen to click on a dangerous link in Gmail, they will be warned about it before connecting and greeted with a full-page warning if they decide to click anyway. The new feature also provides users with access at that point to more information about how to protect their computers. The feature, called Safe Browsing, existed before, but only as a single warning before the user clicked on a dodgy link.

Are You Being Watched?

Google also is providing a more thorough warning in the relatively unlikely event of a state-sponsored hacking attempt. Such intrusions happen to fewer than 0.1 percent of Gmail users — usually such people as activists, journalists and policy-makers, according to Google. Nevertheless, if Gmail detects that an account holder might be a target of such an attack, it will issue a full-page warning. The warning will include instructions on how to protect the account, along with the previously used warning, which put a red strip on top of the Gmail page with a link to further information.

“Government-backed attackers may be trying to steal your password,” reads the warning, in part. “If they succeed, they can spy on you, access your data, or do other activities. We recommend: Enable two-factor authorization and set up a Security Key.”

As with Safe Browsing, the warning of government intrusion in Gmail isn’t new, but has been enhanced. Gmail has been notifying users of possible state-sponsored hacking attempts since 2012, but the warning previously only appeared as a bar on top of the Gmail Web site.

Encouraging Security

For Safer Internet Day in February, Google debuted a new visual cue, a broken red lock icon, that lets users know when they’re corresponding with an account that doesn’t support encryption. Since rolling out that feature, Google said, the amount of inbound mail sent using encryption has increased by 25 percent.

“Given the relative ease of implementing encryption and its significant benefits for users, we expect to see this progress continue,” wrote Nicolas Lidzborski, Gmail security engineering lead, and Jonathan Pevarnek, engineer with Google tech incubator Jigsaw.

Earlier this week, it was announced that Google was part of a consortium of engineers that helped develop a new standard for better securing email. SMTP Strict Transport Security (SMTP STS) would protect users against attackers trying to intercept or modify email in transit either by impersonating the destination server or by breaking through the Secure Sockets Layer (SSL), the standard security technology for establishing an encrypted link between a web server and a browser.

Source: Top Tech News