Black Hat security conference yesterday saw Yahoo announcing that end-to-end encryption is scheduled to be implemented for their email service. Yahoo has effectively joined Google in an effort to protect user privacy from spying agencies (and other spying entities). Email encryption has been an issue recently and Yahoo took responsibility on fixing the issue on it’s own end.
Google has made the same announcement earlier this year. Alex Stamos, chief information security officer at Yahoo declared in a statement that Yahoo is working closely with Google to ensure that their end-to-end encryptions are compatible. This growing trend might motivate other providers to do the same. A good sign indeed, as general security will increase significantly if this type of encryption becomes supported on a larger scale. And it comes as no surprise really, since Google and Yahoo have previously declared that they intend to take measures following the Snowden revelations on how the NSA is intercepting traffic (while having defeated the SSL encryption used for cloud connection). Public confidence has been reduced significantly and it is only natural to take steps in improving general privacy.
Yahoo has also announced in April this year that it made steps for strengthening it’s in house web service encryption, along with Yahoo Messenger. Also all partner companies that can’t meet Yahoo’s standards of encryption, including ad providers, have been set aside. Yet, this move is to provide more of a broad protection. If any agency would like to target a specific individual for surveillance purposes, it would likely succeed; Although gathering data on a large scale would not. Alex Stamos believes that all major technologies should include data encryption for both, front-end and back-end.
Currently yahoo will follow Google’s example and publish the source code for end-to-end email encryption later this year. Stick to carrier pigeons in the meantime and hope we won’t be needing mnemonic couriers any time soon.