Yahoo Mail

Earlier this year, Google has rolled out end-to-end encryption for Gmail, which encrypts all Gmail traffic moving within Google's servers. Yahoo is undertaking a similar route, and has announced that it will be rolling out an end-to-end encryption service of its own by 2015 that will be compatible with Gmail's encryption.

Yahoo's chief information security officer Alex Stamos announced at the Black Hat conference that Yahoo and Google are working together on the project, and that the added security measures will not only allow Yahoo Mail users to "communicate in an encrypted manner with other Yahoo Mail users, but also with Gmail users and eventually with other email systems that adopt similar methodologies." Stamos also said that source code for the encryption would be made available to the open source community to test and refine the experience for end-users and discover any bugs.

Google is said to be implementing Pretty Good Privacy (PGP) encryption for Gmail, and Yahoo is also looking to offer a service which relies on PGP encryption. While standard email services store user data like login and password information on their servers, PGP relies on unique encryption keys stored on a user's device for information retreival.

Stamos revealed in an interview with the Wall Street Journal that there are challenges for bringing such an encryption tool to the general public. PGP only obscures the content of an email, but not the sender and receiver information. Stamos said, "We have to make it to clear to people it is not secret you're emailing your priest. But the content of what you're emailing him is secret."

With Gmail boasting a userbase of 425 million and Yahoo Mail with an estimated 273 million users, securing the flow of email traffic between both services will be a high priority.

Source: The Wall Street Journal

 

Reader comments

​Yahoo teams up with Google on encrypted email service

13 Comments

But, if the code is open to the public, won't others *cough* government *cough* know how to decrypt the email? Or am I not fully understanding the process?

Posted via Android Central App

That's the thing about encryption: you can't decode the content without knowing the encryption key, even if you know the algorithm behind it.

No. Just because the source code is open doesn't mean anyone can decrypt the messages. Openbsd is an open source os and is considered one of the most secure operating systems out there.

Posted via Android Central App

Glad to see them working together as they are two of the largest email providers. This is good news for everyone.

Posted via Android Central App