Yahoo’s Chief Information Security Officer Alex Stamos told Black Hat attendees last week that the company would be rolling out end-to-end encryption for email some time in 2015. The search company is taking a similar approach to Google to tackle enhanced security issues for communications, even down to the details of using OpenPGP. The news was tweeted from the conference by Yan Zhu, a former employee of the Electronic Frontier Foundation known for working on Privacy Badger, who was one of the first hires by Yahoo for its privacy engineering team. The Yahoo encryption appears not only to be similar to what Google is planning with its Chrome extension, but a fork of the project.
.@alexstamos just announced plans to support end-to-end PGP encryption in Yahoo mail at Black Hat pic.twitter.com/9oCpGkzvX3 – Yan! (@bcrypt) August 7, 2014
Stamos confirmed in the tweet stream that Yahoo is using a version that’s compatible with the Yahoo front end. He adds that the mobile app will have a native encryption, while web-based user appear to be following the same extension approach as Google. Drew Hintz, a security engineer for Google, confirmed that it’s the same end-to-end encryption from Google. Yahoo will be working with Google to make its encryption compatible with Gmail. It appears that Yahoo will be requesting the aid of the community to help improve the service later on, as Stamos stated that the code will be released in the fall. The goal is to have security minded users help improve the experience as well as locate bugs Yahoo announced last year that it would be it encrypting all transmissions through data center links as a way to prevent information from being accessed by outside parties, including government agencies like the National Security Agency. The company also stated that it would put 2048-bit SSL encryption into place for Yahoo Mail users by January this year, but later added it would extend to all Yahoo products. By adding Yahoo to the likes of Google, the movement for the use of encryption for everyday users could gain more traction. For many, end-to-end encryption through Pretty Good Privacy (PGP) can be considered too complex to use. However, the complications come from ease of use, as well as proper education. In a time where some companies are struggling to implement any form of mail encryption in transit, the move is a welcome one by Yahoo.
