Earlier this year, Google has rolled out end-to-end encryption for Gmail, which encrypts all Gmail traffic moving within Google‘s servers. Yahoo is undertaking a similar route, and has announced that it will be rolling out an end-to-end encryption service of its own by 2015 that will be compatible with Gmail’s encryption.
Yahoo’s chief information security officer Alex Stamos announced at the Black Hat conference that Yahoo and Google are working together on the project, and that the added security measures will not only allow Yahoo Mail users to “communicate in an encrypted manner with other Yahoo Mail users, but also with Gmail users and eventually with other email systems that adopt similar methodologies.” Stamos also said that source code for the encryption would be made available to the open source community to test and refine the experience for end-users and discover any bugs.
Google is said to be implementing Pretty Good Privacy (PGP) encryption for Gmail, and Yahoo is also looking to offer a service which relies on PGP encryption. While standard email services store user data like login and password information on their servers, PGP relies on unique encryption keys stored on a user’s device for information retreival.
Stamos revealed in an interview with the Wall Street Journal that there are challenges for bringing such an encryption tool to the general public. PGP only obscures the content of an email, but not the sender and receiver information. Stamos said, “We have to make it to clear to people it is not secret you’re emailing your priest. But the content of what you’re emailing him is secret.”
With Gmail boasting a userbase of 425 million and Yahoo Mail with an estimated 273 million users, securing the flow of email traffic between both services will be a high priority.
Source: The Wall Street Journal