Back in 2012 (pre-Snowden!), we wrote about why Google should encrypt everyone’s emails using end-to-end encryption (inspired by a post by Julian Sanchez saying the same thing. Since then, securing private communications has become increasingly important. That’s why we were happy to see Google announce that it was, in fact, working on a project to enable end-to-end encryption on Gmail, though it was still in the early stages. In December of last year, Google moved that project to Github, showing that it was advancing nicely. As we noted at the time, one interesting sidenote on this was that Yahoo’s Chief Security Officer, Alex Stamos, was contributing to the project as well.
Thus it’s not surprising, but still great to see, that Stamos has now announced the availability of an end-to-end encryption extension for Yahoo Mail (also posted to Yahoo’s Github repository). It appears to function similarly to existing third-party extensions (like Mailvelope), but it’s still good to see the big webmail providers like Yahoo and Google taking this issue more seriously. It’s still not ready for prime time, and it’s unlikely that either provider is going to make this a default option any time soon, but offering more, better (and more user friendly) options to give everyone at least the option of doing end-to-end encryption is a very good sign.
It also raises a separate issue that I think is important: many have argued that companies like Yahoo and especially Google would never actually push for end-to-end encryption of emails, because it takes away the ability of those companies to do contextual advertising within those emails. But that’s an exceptionally short-sighted view. If Google, Yahoo and others don’t do enough to protect their users’ privacy, those users will go elsewhere, and then it won’t matter whether or not the emails are encrypted, because they won’t see them anyway. Focusing on the user first is always going to be the right solution, and that includes encrypting emails, even if it means slightly less ad revenue in the short term. Hopefully, Google, Yahoo and others remember this simple fact.