Yahoo Rolls Out End-To-End Encryption For Email

Yahoo Rolls Out End-To-End Encryption For Email

Back in 2012 (pre-Snowden!), we wrote about why Google should encrypt everyone's emails using end-to-end encryption (inspired by a post by Julian Sanchez saying the same thing. Since then, securing private communications has become increasingly important. That's why we were happy to see Google announce that it was, in fact, working on a project to enable end-to-end encryption on Gmail, though it was still in the early stages. In December of last year, Google moved that project to Github, showing that it was advancing nicely. As we noted at the time, one interesting sidenote on this was that Yahoo's Chief Security Officer, Alex Stamos, was contributing to the project as well.

Thus it's not surprising, but still great to see, that Stamos has now announced the availability of an end-to-end encryption extension for Yahoo Mail (also posted to Yahoo's Github repository). It appears to function similarly to existing third-party extensions (like Mailvelope), but it's still good to see the big webmail providers like Yahoo and Google taking this issue more seriously. It's still not ready for prime time, and it's unlikely that either provider is going to make this a default option any time soon, but offering more, better (and more user friendly) options to give everyone at least the option of doing end-to-end encryption is a very good sign.

It also raises a separate issue that I think is important: many have argued that companies like Yahoo and especially Google would never actually push for end-to-end encryption of emails, because it takes away the ability of those companies to do contextual advertising within those emails. But that's an exceptionally short-sighted view. If Google, Yahoo and others don't do enough to protect their users' privacy, those users will go elsewhere, and then it won't matter whether or not the emails are encrypted, because they won't see them anyway. Focusing on the user first is always going to be the right solution, and that includes encrypting emails, even if it means slightly less ad revenue in the short term. Hopefully, Google, Yahoo and others remember this simple fact.


Google and Yahoo Encrypting Ad Network Connections

Google and Yahoo in separate announcements said they will individually encrypt ad network connections to reduce bot traffic and other types of ad fraud. The news coincides with the release of Malwarebytes Labs findings last week. Researchers found malvertising in Flash ads involving the DoubleClick ad network. The two companies have support. The Interactive Advertising ...

Tired of forgetting your password? Yahoo says you don't need one any more

Passwords: easily forgotten, but also easily guessed. It’s a bitter irony that minutes can be spent racking brains trying to remember whether a required security question answer is a pet’s name, first school or place of birth – meanwhile a cyber-criminal is merrily typing in a person’s favourite colour and relieving bank accounts of hard-earned ...

Yahoo puts email encryption plugin source code up for review

Yahoo released the source code for a plugin that will enable end-to-end encryption of email messages, a planned data-security improvement prompted by disclosures of U.S. National Security Agency snooping. The company is asking security experts to look at its code, published on GitHub, and report vulnerabilities, wrote Alex Stamos, Yahoo’s chief information security officer, in ...

Iran blocks encrypted messaging apps amid nationwide protests

For the past six days, citizens have taken to the streets across Iran, protesting government oppression and the rising cost of goods. Video broadcasts from the country have shown increasingly intense clashes between protesters and riot police, with as many as 21 people estimated to have died since the protests began. But a complex fight ...