Google mocks the NSA with an Easter egg found in email encryption plugin

[Exterminator]

Content source

http://www.neowin.net/news/google-mocks-the-nsa-with-an-easter-egg-found-in-email-encryption-plugin

Last October, the Washington Post reported that leaked slides from the NSA's top secret MUSCULAR data interception program detailed how the agency could potentially intercept data from Google's cloud servers by exploiting an SSL gap. The slide, shown below, proved very controversial -- especially amongst Google employees, who the Washington Post said "exploded in profanity" when they saw it.

The snide "SSL added and removed here " comment didn't sit well with Google employees (via Washington Post)

Although the slides were leaked over six months ago, Google still remembers them fondly. A keen user on Twitter discovered that the recently-released source code for Google's new End-To-End email encryption plugin, which heightens encryption for emails sent and received on the Chrome browser, contained a small dig directed towards the NSA for their attempts to infiltrate Google's servers.

See the similarity? (via @zenalbatross)

We don't expect the NSA to comment on Google's Easter egg any time soon, but the hidden message confirms that Google has been paying attention to (and possibly working to counteract) the NSA's attempts to access their infrastructure.

Source: @zenalbatross via TechCrunch | Top image via Shutterstock - Google Mountain View complex

 

[Moose]

If Google does not trust the NSA. Then why does Google spy on us? Strange?

 

[Dima007]

Google is famous for its Easter Eggs, including web pages that do barrel rolls or blink or hide video games—but rarely do Google's bits of fun take a political tone. Showing just unhappy the company or at least its engineers are with the National Security Agency's surveillance activities Google included a jab at America's spooks in a new Chrome browser extension.

The code for Google's upcoming email encryption extension for Chrome called End-to-End includes the words, "--SSL-added-and-removed-here-;-)."

That line's a quote from an October 2013 report detailing the NSA's efforts to tap into the internal network links of major companies such as Google and Yahoo.

Known as the MUSCULAR program, the report in the Washington Post said the NSA in cooperation with Britain's GCHQ spy agency was collecting massive amounts of data pulled directly from Google and Yahoo servers located outside the U.S

In a slide published by the Post the NSA created a quick overview sketch of how it obtains data from Google's servers. At the bottom the drawing, the NSA wrote "SSL added and removed here! ." The NSA was capitalizing on the fact that Google, at the time, was stripping encryption from data as it flowed from the public Internet into Google's internal network.

When two Google engineers first saw the drawing they "exploded in profanity," according to the Post.

Nearly eight months later, Google is taking its revenge or at least the company hopes it is.

Google's End-to-End extension promises to make it easier to use OpenPGP email encryption in the browser. Currently, the easiest option for email encryption is to use a mail client like Mozilla Thunderbird with the Enigmail add-on. A number of other non-Google tools aiming to make email encryption easier are also in development such as Mailvelope, Dark Mail, and Mailpile.

End-to-End is currently in an early Alpha phase. The extension is effectively open only to developers and power users, since you must first compile the code into a working extension before using it.

During the testing period Google is inviting comments from the public to make sure the extension is as secure as possible before going mainstream. That's a key point since the biggest problem with encryption tools typically isn't the type of encryption they use, but mistakes in how the encryption is implemented. A fact about software development that was made all too clear recently with the OpenSSL Heartbleed bug.

After the testing period, Google plans to make End-to-End available in the Chrome Web Store.