At the moment, end-to-end is NOT production ready, and will likely undergo further hardening in the coming months. Use at your own risk.

I agree that it's not yet ready for general use, but what hardening do you expect to happen in the coming months?

I'm one of the original end-to-end authors, but haven't worked on it recently.

I'm an developer on E2E team as well and can confirm that there's no 'hardening' going on. E2E is, to the best of our knowledge and we have expressed what that exactly means in our threat model: https://github.com/google/end-to-end/wiki/Threat-model. E2E is under Google VRP (https://www.google.ch/about/appsecurity/reward-program/), so if you're aware of any vulnerabilities, let us know.

E2E extension is not production ready, but I myself am using the compiled version as it is, in my biased opinion, the most secure of existing PGP-in-the-browser extensions.

> end-to-end is NOT production ready

This sounds wrong, given that "end-to-end encryption" as a concept is very much production ready.

For better or worse, "End-To-End" is the specific Google Chrome extension being discussed in the article: https://github.com/google/end-to-end/

Proper capitalization would help; Google choosing a less overloaded name in the first place would have helped more.

Agreed. I was refering to the ambiguous name of the project.

We're going to have a very hard time talking about end-to-end crypto to consumers without at least one person confusing this with googles addon. (Thanks google)

If you know a librarian who might be interested in participating in the future, consider encouraging him or her to fill out this questionnaire:

https://libraryfreedomproject.org/questionnaire/