Yahoo promises to implement end-to-end PGP encryption by 2015
Yahoo is planning to introduce end-to-end encryption and advanced privacy features into its email service by 2015, helping customers avoid both cyber criminals and government surveillance. The company will collaborate with Google, which detailed its efforts in June after contributing its encryption implementation to the open source community.
According to the Wall Street Journal, Yahoo’s email encryption will rely on the Pretty Good Privacy (PGP) standard developed by Phil Zimmerman, currently the president of secure communications provider Silent Circle. This means even Yahoo itself won’t be able to access the contents of the messages.
The sudden popularity of encrypted messaging services is seen as a response to the mass surveillance practices employed by government agencies such as US National Security Agency (NSA) and UK’s GCHQ, revealed by Edward Snowden last year.
Yahoo, Google, Microsoft and Facebook had all announced plans to encrypt their traffic after it emerged that the NSA might have tapped the fibre optic channels connecting data centres owned by some of America’s largest Internet companies.
But while PGP encryption is considered virtually unbreakable, it demands a lot of resources and is somewhat difficult to implement at scale.
Engineers from both Yahoo and Google are cooperating on encryption projects – an unusual step for two companies which compete directly at almost every turn. They hope that such a collaboration will eventually make PGP much easier to use.
More importantly, since the encryption keys will be stored on the end-user device, both Yahoo and Google will be able to ignore government requests for content of email messages as there’s no way they can access such content. Somewhat disappointingly, the encryption services will be optional and switched off by default.
“It won’t mean a lot to the average user but anyone who wants to protect their emails when using these providers will be able to do so by using these browser extensions,” commented Mark James, security specialist at ESET.
“So what does it actually mean? Well once the browser extension is added and configured you will be able to send an email with the contents completely scrambled to anyone except the sender and receiver. No one will be able to read the content. There are many encryption tools available for those that want to install and use them but for the average user they are often scary to set up. I for one welcome any type of “easy” security.”
There’s also a downside to end-to-end encryption – earlier this week, Google alerted the police in Texas after its systems detected child abuse images hidden inside the emails of a Gmail user. If the messages were encrypted, the alleged paedophile would have walked away free.
Yesterday, Google announced it would start rating websites that use encryption higher in its search results.
What do you know about famous hackers? Take our quiz!