Yahoo to offer end-to-end encryption for mail

Yahoo wants to offer its users end-to-end encryption on its mail service. The company made the announcement at the Black Hat security show in Las Vegas. Google recently released a pgp plugin for Google Chrome.

Yahoo users will be able to send encrypted email from this fall, Yahoo announced at the Black Hat security conference. PGP is used for this, a technique that is de facto the standard for encrypted mail, but has not yet penetrated the average internet user.

Security researcher Alex Stamos, who has been appointed by Yahoo as chief of security since the NSA revelations, told Forbes that pgp will be enabled automatically once the receiver and sender have both configured pgp.

PGP encryption is end-to-end, which means that Yahoo cannot access the content of the email. That also means that Yahoo can’t scan the content of the email, but Stamos isn’t worried about that: the kind of mail that will be encrypted, for example between activists, has little commercial value, according to the security expert.

Yahoo also plans to have its implementation partner with Google’s. Google chooses not to implement pgp directly in Gmail; users must first download a Chrome plug-in to be able to send encrypted mail. The plugin can only be used by testers for the time being, and is not yet available in the Chrome Web Store.

Yahoo says it is not afraid of legal problems, such as Lavabit, the email provider of NSA whistleblower Edward Snowden. Lavabit had to hand over his private keys to the US judge so that Snowden’s emails could be decrypted. “That example is different from a multi-billion dollar company with an army of lawyers looking to take this case to the Supreme Court,” Stamos told The Wall Street Journal.