Yahoo is taking yet another step towards tightening security around its email service. By 2015, the company promises end-to-end encryption in its webmail service in an effort to protect people’s content from the prying eyes of agencies such as the NSA who like to collect all data.The company made the announcement during the Black Hat USA 2014, when Alex Stamos, Yahoo’s Chief Information Security Officer said that the service would son deploy a PGP plugin relying on a version of PGP encryption from Google. This particular form of encryption never been cracked because it relies on each user storing their own encryption keys on their computers, tablets and smartphones, rather than the traditional method that involves tech companies holding passwords and usernames for consumers.
Yahoo and Google are basically joining hands in making it impossible for the NSA to do anything with the collected emails it picks up with the help of its dragnet tools, ZDNet reports.
Edward Snowden has been saying for the past year that encryption is the only way to keep the NSA and its partners away from people’s private information. While encrypting things personally is also possible, it’s not something that regular users are likely to do because it requires a bit more knowledge than most Internet users possess. By providing people with a service that is end-to-end encrypted, both Yahoo Mail and Gmail could get an image boost.
Google has expressed its intention to create an email that cannot be spied on back in June, but the fact that Yahoo joined in can’t be anything but encouraging because the two of them are used by a large number of users. For instance, back in December 2012, estimates indicated Yahoo had over 280 million users, while in June of the same year, Gmail had over 425 million users. The numbers have certainly grown quite a bit since then.
However, the encryption tool will not be pushed down the throat of users, but will be, instead, an optional feature that users will have to turn on to access.
PGP does have its shortcomings, however, because it only encrypts the content of messages, not the metadata. This means that the spies could still get information about who sends and receives the messages or the email’s subject line.
Basically, it won’t be a secret that you’re emailing a certain individual, but what you tell them in the message you send will be a secret.