Yahoo Mail will receive end-to-end encryption by 2015

Yahoo’s Chief Information Security Officer Alex Stamos told Black Hat attendees last week that the company would be rolling out end-to-end encryption for email some time in 2015. The search company is taking a similar approach to Google to tackle enhanced security issues for communications, even down to the details of using OpenPGP. The news was tweeted from the conference by Yan Zhu, a former employee of the Electronic Frontier Foundation known for working on Privacy Badger, who was one of the first hires by Yahoo for its privacy engineering team. The Yahoo encryption appears not only to be similar to what Google is planning with its Chrome extension, but a fork of the project.

Yahoo is following in the footsteps of Google and plans to implement end-to-end encryption into Yahoo Mail by 2015. Like Google, Yahoo plans to use the OpenPGP encryption standard to encrypt messages. OpenPGP, which is the gold standard for email encryption, uses a public-private keypair scheme to protect user messages. To get the encryption done, Yahoo will use a modified version of Google’s alpha stage End-to-End Chrome extension. But Yahoo’s version will be designed to work with the Yahoo Mail interface instead of Gmail. Yahoo also plans on making encryption a native part of the Yahoo Mail mobile apps, according to a tweet by Alex Stamos, Yahoo’s chief information security officer. Stamos announced Yahoo’s email encryption plans during Black Hat USA, a security conference that ended on Thursday. As part of the encryption effort, Yahoo will create a new privacy engineering team to work on the project. The team’s first hire was Yan Zhu, a staff technologist for the Electronic Frontier Foundation who worked on projects such as the HTTPS Everywhere and Privacy Badger add-ons. Zhu was also the person who recently discovered a security flaw in WordPress login cookies.