The footsteps of Google are being followed by Yahoo and it has plans of implementing end-to-end encryption to its Yahoo Mail by next year. Just like Google, Yahoo has plans of using OpenPGP encryption standard for encrypting messages. This is a gold standard for encryption of email and public-private keypair scheme is used for protecting the messages of the users.
For getting the encryption done, modified version of Alpha stage end-to-end chrome extension of Google would be used. However, this version of Yahoo would work with Yahoo Mail interface and not with Gmail.
Yahoo also has plans to make encryption a native part of Yahoo Mail mobile applications, as per a tweet by the chief information security officer of Yahoo, Alex Stamos. The email encryption plans of Yahoo were announced by Stamos during Black Hat USA, a security conference which ended on Thursday.
As a part of this encryption effort, a new privacy engineering team will be created by Yahoo for working on the project. Yan Zhu was the first one to be hired. He is a staff technologist for Electronic Frontier Foundation who worked on projects like Privacy Badger and HTTPS Everywhere. Zhu was also the person by whom the security flaw in WordPress login cookies were discovered.
The news of another webmail service wanting to build encryption tools is really encouraging. However, there is no clarity as to how many people wish to use this new option. Key management is an important issue. It is worth seeing how Yahoo would help the users to manage the keys and at the same time prevent the company from getting access to that. If everyone’s keys are stuck on the server of the company, Yahoo would be compelled to hand them over to law enforcement.
Tackling the issues like managing key pairs as well as decrypted messages is quite important. However, if Yahoo gets it right, it could definitely go a long way in maintaining the privacy of sensitive emails.