Yahoo!’s Chief Information Security Officer Alex Stamos announced at the Black Hat 2014 conference this week the company’s plans to release an end-to-end PGP encryption option in its mail service next year.
Only a few months ago Google introduced a PGP-based encryption plugin for Gmail. Now, Yahoo! plans to use a modified version of the same end-to-end browser plugin. Stamos assured the encryption feature will be very easy to use for its customers with “little or no effort.”
According to Stamos, the PGP plugin will be native in mobile apps, allowing Gmail and Yahoo! mail to easily exchange encrypted emails and making it nearly impossible for cybercriminals to snoop into a users’ inbox.
Stamos’ presented a talk titled “Building Safe Systems at Scale—Lessons from Six Months at Yahoo,” where he stated the project has been a top priority for the Internet corporation throughout his tenure.
To assist with the implementation of the new feature, Yahoo! has hired a group of privacy engineers, including Yan Zhu, former engineer at the Electronic Frontier Foundation, where Zhu’s efforts focused on HTTPS Everywhere and Privacy Badger add-ons. Zhu is also recognized for the discovery of a WordPress vulnerability in its login cookies.
Although the end-to-end encryption option offers highly increased protection for users, it is still possible that users unfamiliar with the service will opt-out. Stamos recognized users will need to be educated on what the service aims to do and what it does not, such as hiding the destination of emails.
Read More Here…