Jump to content
Sign in to follow this  
Reefa

Yahoo to release end to end encryption for email users

Recommended Posts

Reefa

IMG_1555-680x400.jpg

Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use.

Alex Stamos, CISO at Yahoo, said that the project has been a priority since he joined the company a few months ago and will be a key way to make online life safer for millions of users. Yahoo is using the browser plugin Google released in June that enables end-to-end encryption of all data leaving the browser. Stamos said Yahoo is working to ensure that its system works well with Google’s so that encrypted communications between Yahoo Mail and Gmail users will be simple.

“The goal is to have complete compatibility with Gmail,” Stamos said during a talk at the Black Hat USA conference here Thursday.

The email encryption isn’t the only security improvement on the horizon for Yahoo. The company is also working on enabling HSTS on its servers, as well as certificate transparency. HSTS (HTTP strict transport security) allows Web sites to tell users’ browsers that they only want to communicate over an encrypted connection. Thecertificate transparency concept involves a system of public logs that list all certificates issued by cooperating certificate authorities. It requires the CAs to voluntarily submit their certificates, but it would help protect against attacks such as spoofing Web sites or man-in-the-middle.

The security upgrades on the docket at Yahoo are aimed at making it easier for everyday users to use the Internet safely and securely, without needing to be security or privacy experts, Stamos said. The security industry spends a lot of time working out defenses and new products to protect against exotic attacks while users are being targeted by much more mundane attacks that still don’t have effective solutions.

“Post-Snowden, we have a strain of nihilism that’s keeping us from focusing on what’s real,” Stamos said. “We as an industry have failed. We’ve failed to keep users safe.

“If we can’t build systems that our users in the twenty-fifth percentile can use, we’re failing. And we are failing. We don’t build systems that normal people can use.”

Source

Share this post


Link to post
Share on other sites
Airstream_Bill

That would be nice.

Share this post


Link to post
Share on other sites
steven36

It doesn't matter what kind of encryption they use Google and Yahoo made it so they can read it they have the key . You would be much better off using some other encryption for emails if you still use these services.

I dont use gmail or yahoo mail anymore and I dont even chat on yahoo any more . I use a different email for important stuff . Also I use a different chat now with a plugin for encryption RSA/AES .

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...