Today at Black Hat 2014 hacking conference, Yahoo! Chief Information Security Officer Alex Stamos announced that the company will start giving its consumers the option of end-to-end encryption in its Mail service by next year.
Google showed off a PGP-based encryption plugin for Gmail back in June. The Purple-hued company will offer encryption via a modified version of the same End-to-End browser plug-in that Google uses for PGP in Gmail, Alex Stamos told the audience at his talk titled Building Safe Systems at Scale - Lessons from Six Months at Yahoo.
The PGP plugin will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email. Infact, the email providers themselves won’t be able to decrypt messages exchanged between its users. Only senders and recipients will be able to read the messages.
In short, it means that Yahoo email users can reportedly send safe and secure messages between Yahoo users and also Gmail adherents without fear, which makes almost impossible for cyber criminals and well-resourced spying by the US government and its Five Eyes allies to read their private messages.
In a talk today, Stamos said, “If an activist in Sudan wants to email a human rights organization’s Gmail address and they have encryption set up for it, it will automatically detect that and offer them the option to encrypt.”
Stamos (@alexstamos) said that this project has been a priority since he joined one of the world's largest web providers, Yahoo six months ago. He stressed that Yahoo email encryption will be easy to use, with little or no efforts.
The announcement was tweeted by Yan Zhu, who has reportedly been hired to assist in the project. Yan Zhu formerly worked as an engineer at the Electronic Frontier Foundation (EFF), a non-profit organization that has consistently been outspoken in its call for the widespread use of encryption across the Web and the Internet, and he is apparently no friend of the NSA.
But as said earlier, use of encryption will require some amount of education for users also, to make sure their privacy expectations are set appropriately. In an interview with the Wall Street Journal, Stamos explained that PGP encryption won’t cloak the destination of your e-mail.
"We have to make it clear to people it is not [a] secret you’re emailing your priest, but the content of what you’re e-mailing him is secret," Stamos said.
The move to encrypted mail will bring Yahoo! in the list of the most secure technology companies in mail services among web giants, Google and Microsoft that protect their customers in the post-Snowden era of security.