Less than a year ago, Google announced that it's going to develop a browser extension that uses PGP encryption and is easier to use than current PGP tools so that more people can benefit from end-to-end encryption for email. Not long after that, Yahoo's new Chief Information Security Officer (CISO), Alex Stamos, announced that Yahoo is going to join the project and develop the extension to work for Yahoo Mail, as well.
Today, the company unveiled how the End-to-End plugin will work with Yahoo Mail and compared it to GPG Tools, which is a GPG application for Mac OS X. GPG is the "free" (as in freedom) alternative to the proprietary PGP program.
"Just a few years ago, e2e encryption was not widely discussed, nor widely understood," said Alex Stamos, Yahoo's CISO. "Today, our users are much more conscious of the need to stay secure online. There is a wide spectrum of use for e2e encryption, ranging from the straightforward (sharing tax forms with an accountant), to the potentially life-threatening (emailing in a country that does not respect freedom of expression). Wherever you land on the spectrum, we've heard you loud and clear: We're building the best products to ensure a more secure user experience and overall digital ecosystem."
Setting up the Yahoo Mail End-to-End plugin seems to be quite a straightforward process, despite the relatively high number of initial steps:
- Install the Yahoo Mail End-to-End plugin from the Chrome web store.
- Choose whether to generate a new private key or restore an old one (yes, if a new user).
- Enter the email address you intend to use for encrypted email.
- Save the backup code somewhere safe (preferably printed or written down on paper).
- Set a password for your private key.
- You can click on the extension icon and then "Lock keying" to block anyone else that uses or hacks your computer from getting your private key.
- Open the Compose window.
- Click the Lock icon.
- Write your email in the encrypted Compose window.
- Click to encrypt.
After the setup process has finished, it's even easier to use the plugin:
- Click Compose.
- Write contact name or email address in the appropriate field.
- Send protected message.
It's important to remember that only the message content is encrypted, but not who's sending or receiving the email. The subject of the email is also sent unencrypted.
Yahoo hasn't released the plugin for use by regular users yet, as it's still in preview mode. However, the source code is available on Yahoo's Github account, where other developers can contribute. The company also hopes other email providers will build compatible solutions so that when a Yahoo Mail user sends an encrypted email to other email providers, the users of those services can read what the Yahoo Mail user sent.
Until then, the new plugin works only with Yahoo Mail addresses, and it may also work with Gmail in the future, as both come from the same source code. All it needs to enjoy relatively wide adoption is good collaboration between Yahoo and Google.