Jump to content

Yahoo to release end to end encryption for email users


Reefa

Recommended Posts

IMG_1555-680x400.jpg

Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use.

Alex Stamos, CISO at Yahoo, said that the project has been a priority since he joined the company a few months ago and will be a key way to make online life safer for millions of users. Yahoo is using the browser plugin Google released in June that enables end-to-end encryption of all data leaving the browser. Stamos said Yahoo is working to ensure that its system works well with Google’s so that encrypted communications between Yahoo Mail and Gmail users will be simple.

“The goal is to have complete compatibility with Gmail,” Stamos said during a talk at the Black Hat USA conference here Thursday.

The email encryption isn’t the only security improvement on the horizon for Yahoo. The company is also working on enabling HSTS on its servers, as well as certificate transparency. HSTS (HTTP strict transport security) allows Web sites to tell users’ browsers that they only want to communicate over an encrypted connection. Thecertificate transparency concept involves a system of public logs that list all certificates issued by cooperating certificate authorities. It requires the CAs to voluntarily submit their certificates, but it would help protect against attacks such as spoofing Web sites or man-in-the-middle.

The security upgrades on the docket at Yahoo are aimed at making it easier for everyday users to use the Internet safely and securely, without needing to be security or privacy experts, Stamos said. The security industry spends a lot of time working out defenses and new products to protect against exotic attacks while users are being targeted by much more mundane attacks that still don’t have effective solutions.

“Post-Snowden, we have a strain of nihilism that’s keeping us from focusing on what’s real,” Stamos said. “We as an industry have failed. We’ve failed to keep users safe.

“If we can’t build systems that our users in the twenty-fifth percentile can use, we’re failing. And we are failing. We don’t build systems that normal people can use.”

Source

Link to comment
Share on other sites


  • Replies 4
  • Views 1.7k
  • Created
  • Last Reply

Top Posters In This Topic

  • sternog

    1

  • dcs18

    1

  • Airstream_Bill

    1

  • Reefa

    1

Popular Days

Top Posters In This Topic

Airstream_Bill

That would be nice.

Link to comment
Share on other sites


It doesn't matter what kind of encryption they use Google and Yahoo made it so they can read it they have the key . You would be much better off using some other encryption for emails if you still use these services.

I dont use gmail or yahoo mail anymore and I dont even chat on yahoo any more . I use a different email for important stuff . Also I use a different chat now with a plugin for encryption RSA/AES .

Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...