Yahoo will be rolling out end-to-end encryption capabilities for all Yahoo Mail users in 2015, the company's chief information security officer, Alex Stamos, announced during a talk at the Black Hat USA conference in Las Vegas Thursday. <\/p>\n
Electronic Frontier Foundation technologist Yan Zhu, who worked on the HTTPS Everywhere and Privacy Badger browser add-ons andserved as a core developer for the anonymous digital leaking tool SecureDrop, wasannounced as the first hire for the project. <\/p>\n
Zhu says that over the past few years she has seen increasedinterest inaccessible end-to-end encryption products, particularly from startups.But Yahoo's established user base could, she says, help make encrypting e-mail more mainstream.The company reports havingmore than abillion Yahoo Mail users. <\/p>\n
\"Yahoo Mail has a lot of users already using it,\" Zhu said in an interview with The Washington Post, \"and mail is pretty sticky.It does take effort for people to change their mail service, so people would prefer to use their Yahoo Mail, or Gmail, or Hotmail with encryption rather than make a new account.\" <\/p>\n
End-to-end encryption creates a sort of digital tunnel between the senders and receivers of e-mails -- helping to keep the prying eyes of everyone from governments to Internet service providers and mail providers themselves from seeing the content of messages. Most major mail providers already provide SSL encryption for webmail users -- Yahoo started the practice earlier this year, afterrevelations that its lack of the encryption gave the National Security Agency greater ability to collect users' address books than from other major providers. But end-to-end encryption is more technically difficult for the average user to implement and hasn't seen as widespread adoption among major services. <\/p>\n
Google released the first version of an extension for its Chrome browser that allows users to send end-to-end encrypted message through Gmail in June. Stamos says Yahoo intends to offerend-to-end encryption to itsYahoo webmail users in a similar way. He added that the company is working with Google to make their implementation compatible with Gmail's. <\/p>\n
Yahoo, Stamossaid, is also working on building end-to-end encryption into theYahoo Mail mobile app. Hesaidhe hopes that capability will be released in 2015, withthe browser plugin for webmail targeted forrelease earlier that year. <\/p>\n
Stamos says that Yahoo does not expect the move to encrypt end-to-end e-mails will have any impact to on its ability to make money from mining information for advertising purposes. <\/p>\n
\"The kind of targeting that happens in e-mail servers does not usually happen against person-to-person e-mails,\" he says, instead coming from commercial marketing e-mails that he says users are unlikely to chose tobe encrypted end-to-end. <\/p>\n
Yahoo has historically been consideredbehind the curve when it came to security best practices, and the company hit a number of security and stability hiccups in the past year. But Yahoo seems to be taking a more rigorous approach to the issue since Stamos joined the company in the spring. <\/p>\n
<\/p>\n