Yahoo teams up with Google on encrypted webmail
At the hacker conference Black Hat, Yahoo's new security honcho promises that Yahoo Mail will be encrypted end-to-end in 2015.
LAS VEGAS -- Your webmail will be safer from prying eyes -- at some point next year.
That's the promise that Yahoo and Google are making to their mail service users, who together make up the vast majority of webmail users. More than 425 million people use Gmail, with Yahoo Mail usage estimated at 273 million.
Longtime security industry veteran Alex Stamos, who was named Yahoo's new chief information security officer earlier this year, told attendees of the Black Hat hacker and security conference here on Thursday that at some point in 2015, Yahoo Mail would not only be encrypted end-to-end, but would be compatible with the end-to-end encryption that Google is working on for Gmail.
When that happens, it will create a secure way to email between the two services. The contents of an email protected by end-to-end encryption are hidden and much harder to tamper with. They can not be viewed by any intermediary, including the webmail provider itself.
Yahoo encrypted webmail at the data center level earlier this year, but encrypting emails sent between accounts has proven elusive so far.
Encryption in webmail is difficult to implement for a number of reasons. It's currently extremely difficult for most people to use, and tech titans have concerns about losing customers if their services slow down because of encryption.
Similar to Google's approach, Yahoo will be leveraging the security community to improve the encryption. Stamos said that Yahoo will release the encryption source code sometime this fall, "so that the open source community can help us refine the experience and hunt for bugs."
"We don't have any other providers to talk about yet, but the hope is that this is open and will be adopted by many others in the email ecosystem," said a Yahoo spokeswoman.
How important is webmail encryption to Google and Yahoo? It's a big enough brass ring that Stamos said they're working together on the project.
"What this means is that eventually not only will Yahoo Mail users be able to communicate in an encrypted manner with other Yahoo Mail users, but also with Gmail users and eventually with other email systems that adopt similar methodologies," Stamos said in a statement.
Tech titans are making encryption a bigger priority than before in the aftermath of revelations by former NSA contractor Edward Snowden that the foreign surveillance agency conducted bulk collection of phone and email communications.
Updated at 7:35 p.m. PT with Yahoo comment.