Yahoo Rolls Out End-To-End Encryption For Email
from the good-move! dept
Back in 2012 (pre-Snowden!), we wrote about why Google should encrypt everyone's emails using end-to-end encryption (inspired by a post by Julian Sanchez saying the same thing). Since then, securing private communications has become increasingly important. That's why we were happy to see Google announce that it was, in fact, working on a project to enable end-to-end encryption on Gmail, though it was still in the early stages. In December of last year, Google moved that project to Github, showing that it was advancing nicely. As we noted at the time, one interesting sidenote on this was that Yahoo's Chief Security Officer, Alex Stamos, was contributing to the project as well.Thus it's not surprising, but still great to see, that Stamos has now announced the availability of an end-to-end encryption extension for Yahoo Mail (also posted to Yahoo's Github repository). It appears to function similarly to existing third-party extensions (like Mailvelope), but it's still good to see the big webmail providers like Yahoo and Google taking this issue more seriously. It's still not ready for prime time, and it's unlikely that either provider is going to make this a default option any time soon, but offering more, better (and more user friendly) options to give everyone at least the option of doing end-to-end encryption is a very good sign.
It also raises a separate issue that I think is important: many have argued that companies like Yahoo and especially Google would never actually push for end-to-end encryption of emails, because it takes away the ability of those companies to do contextual advertising within those emails. But that's an exceptionally short-sighted view. If Google, Yahoo and others don't do enough to protect their users' privacy, those users will go elsewhere, and then it won't matter whether or not the emails are encrypted, because they won't see them anyway. Focusing on the user first is always going to be the right solution, and that includes encrypting emails, even if it means slightly less ad revenue in the short term. Hopefully, Google, Yahoo and others remember this simple fact.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: email, encryption, end to end, end to end encryption
Companies: yahoo
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
My threat model includes everyone but the intended recipient.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Google and Yahoo efforts really advance the situation by attempting a solution easy enough that everyone can put it in place. The 'easy for everyone to use by default' will mean it will not be bullet-proof. It doesn't have to be to put a stop to bulk privacy invasions into personal information. We need this default universal protection with as little delay as possible.
Once universally in place, work can proceed to eventually reduce inevitable early vulnerabilities exposed to the sufficiently-determined and sufficiently-financed.
[ link to this | view in chronology ]
Re: Re:
Hmm, "security through insecurity". How very Orwellian.
[ link to this | view in chronology ]
Re: Re: Re:
Also, there's no such thing as "bulletproof" security anyway.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Right now, I have no email security beyond using a non-invasive email host, even though I would be willing to work to achieve it. The problem is that no one I communicate with would be willing or able to put in a similar effort.
If a trivially-installed encryption framework can be worked out that can be incrementally improved, then we would reach the critical mass to make everyone's private communications more secure.
Of course, many will not handle their private keys properly, and any communication with them could be hacked. But it would take an effort to do many such individual hackings, and people can learn to improve defenses over time if it can be done in small increments.
Until that basic framework is in place, honest private email conversations will remain choked and guarded. Freedom of private speech is very difficult under such conditions.
[ link to this | view in chronology ]
Re:
Make it a big enough pain, and mass-spying suddenly becomes a lot less enticing to the voyeurs staffing those agencies, ideally either making them spend time and money cracking the encryption to people's communications, or not bothering at all and shifting their focus back on targeted investigations.
[ link to this | view in chronology ]
Re: End-to-end encryption
[ link to this | view in chronology ]
Yet
I might use the encryption if I felt there was a need (have to see how it works, like how does the recipient get the code?) but would NEVER use a cellphone number as a password (the fact that I no longer own a cellphone not withstanding).
I don't like passwords and keep hoping for a better (and secure (iris scans and finger prints don't seem like solutions as once the 'image' is made it is emanatly copy-able)) solution. I use PasswordManager (Bruce Schneier originated) and could not possibly tell you what my passwords are (with the exception of PasswordManager and two computer logins), the other two or three dozen are created by PasswordManager, and it does the typing for me. Without PasswordManager I could not log into my email accounts.
[ link to this | view in chronology ]
Re: Yet
I'd argue that you could make things safer if there was a standalone device that would act solely as the key generator instead of bundling it with a computer (cellphone) but it's at least a start.
[ link to this | view in chronology ]
I'll believe Yahoo Mail is secure, right after Hillary
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Nobody of value uses Yahoo -- and nobody should
Yahoo is completely overrun with spammers and phishers. Yahoo has massive security holes -- it wouldn't surprise me if attackers have gained control of parts of their infrastructure. Yahoo not only doesn't act on mail sent from network peers to role accounts (e.g., postmaster, hostmaster, abuse, etc.) but responses -- if any -- are incoherent and illiterate. (I have a file full of them, including some that show their inability to look at mail headers and recognize their own users on their own systems on their own network.) Yahoo stupidly enabled DMARC a year ago, ostensibly to deal with forgery, thus breaking every mailing list on the Internet and doing NOTHING about the tens of millions of compromised accounts that send traffic dutifully marked by DMARC as authentic.
More briefly: Yahoo is a shithole of spam, abuse, phishing, kiddie porn, scams, hacks, and forgery -- and if it closed down tomorrow, this would be a huge benefit for the rest of the Internet. Yahoo could try to fix this of course but it apparently prefers to spend its money on $500M acquisitions rather than behaving as a responsible, professional, competent, ethical member of the community.
And Stamos? A shill. A mouthpiece. A front. No more. Why do you think he's blathering about this utterly worthless project rather than attacking the core problems? It's a PR stunt designed to distract attention and it's working.
[ link to this | view in chronology ]
Re: Nobody of value uses Yahoo -- and nobody should
So my point is, do you have articles and sources that provide facts and proper explanations to your assertions? I'm not mocking you or anything, it's an honest question.
[ link to this | view in chronology ]
Re: Re: Nobody of value uses Yahoo -- and nobody should
[ link to this | view in chronology ]
I wonder...
It seems to me that people who are concerned about privacy already avoid using mail services that do contextual advertising, so I wonder how strong that effect would be.
[ link to this | view in chronology ]
How to block porn sent from an encrypted email!!!!
[ link to this | view in chronology ]
Yahoo google time to time try to update security policies to secure their user's account, end to end encryption of emails data makes yahoo more secure and easy to access
[ link to this | view in chronology ]
[ link to this | view in chronology ]
outlook services
[ link to this | view in chronology ]
Sanskaar Kids Kingdom is a play gruop school
Our Pedagogy is researched and different form all other methodology. Sanskaar has developed Sanskaar Unique Method (SUM) .It is very much scientific, psychology and practical. We not work on learning but also on learning habits. SUM is based on Involvement of Dramaturgy in Education Application (IDEA). Realism, Simple to Complex and known to Unknown are key mantras of pedagogy.
http://www.sanskaarkidskingdom.com/
[ link to this | view in chronology ]
How to add Yahoo email account to Outlook
[ link to this | view in chronology ]
POP Access Settings and Instructions for Yahoo Mail
[ link to this | view in chronology ]
Indian Business Directory, Local Search Engine in India
[ link to this | view in chronology ]
Yahoo Support
[ link to this | view in chronology ]
how to contact yahoo for help
awesome article thanks alot
[ link to this | view in chronology ]
yahoo mail help
nice post
https://helpsyahoo.com/
[ link to this | view in chronology ]