Yahoo Announces End-to-End Encryption Plugin For Mail Service

Less than a year ago, Google announced that it's going to develop a browser extension that uses PGP encryption and is easier to use than current PGP tools so that more people can benefit from end-to-end encryption for email. Not long after that, Yahoo's new Chief Information Security Officer (CISO), Alex Stamos, announced that Yahoo is going to join the project and develop the extension to work for Yahoo Mail, as well.

Today, the company unveiled how the End-to-End plugin will work with Yahoo Mail and compared it to GPG Tools, which is a GPG application for Mac OS X. GPG is the "free" (as in freedom) alternative to the proprietary PGP program.

"Just a few years ago, e2e encryption was not widely discussed, nor widely understood," said Alex Stamos, Yahoo's CISO. "Today, our users are much more conscious of the need to stay secure online. There is a wide spectrum of use for e2e encryption, ranging from the straightforward (sharing tax forms with an accountant), to the potentially life-threatening (emailing in a country that does not respect freedom of expression). Wherever you land on the spectrum, we've heard you loud and clear: We're building the best products to ensure a more secure user experience and overall digital ecosystem."

Setting up the Yahoo Mail End-to-End plugin seems to be quite a straightforward process, despite the relatively high number of initial steps:

  1. Install the Yahoo Mail End-to-End plugin from the Chrome web store.
  2. Choose whether to generate a new private key or restore an old one (yes, if a new user).
  3. Enter the email address you intend to use for encrypted email.
  4. Save the backup code somewhere safe (preferably printed or written down on paper).
  5. Set a password for your private key.
  6. You can click on the extension icon and then "Lock keying" to block anyone else that uses or hacks your computer from getting your private key.
  7. Open the Compose window.
  8. Click the Lock icon.
  9. Write your email in the encrypted Compose window.
  10. Click to encrypt.

After the setup process has finished, it's even easier to use the plugin:

  1. Click Compose.
  2. Write contact name or email address in the appropriate field.
  3. Send protected message.

It's important to remember that only the message content is encrypted, but not who's sending or receiving the email. The subject of the email is also sent unencrypted.

Yahoo hasn't released the plugin for use by regular users yet, as it's still in preview mode. However, the source code is available on Yahoo's Github account, where other developers can contribute. The company also hopes other email providers will build compatible solutions so that when a Yahoo Mail user sends an encrypted email to other email providers, the users of those services can read what the Yahoo Mail user sent.

Until then, the new plugin works only with Yahoo Mail addresses, and it may also work with Gmail in the future, as both come from the same source code. All it needs to enjoy relatively wide adoption is good collaboration between Yahoo and Google.

Yahoo Mail End-to-End vs GPGTools

Follow us @tomshardware, on Facebook and on Google+.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
5 comments
Comment from the forums
    Your comment
  • firefoxx04
    Does it matter? Yahoo itself has gone completely down hill. Made the switch to Gmail late last year and I am not sure why I waited so long.

    The majority of users care more about how many stupid ads and clickboxes you throw in their face than they do encryption (mostly because they are uneducated on the matter)

    Speaking of ads in my face. I refuse to go to Toms with my phone because of that ridiculous Tmobile (or some crap phone company) add that forces me to scroll it across my entire screen EVERYTIME I go to to a different page on Tomshardware. Sure, everyone needs to make a buck but that add is terrible. I have better luck on porn sites with adds coming at me (no pun intended). Thats pretty sad.
  • Urzu1000
    Quote:
    Does it matter? Yahoo itself has gone completely down hill. Made the switch to Gmail late last year and I am not sure why I waited so long.

    The majority of users care more about how many stupid ads and clickboxes you throw in their face than they do encryption (mostly because they are uneducated on the matter)

    Speaking of ads in my face. I refuse to go to Toms with my phone because of that ridiculous Tmobile (or some crap phone company) add that forces me to scroll it across my entire screen EVERYTIME I go to to a different page on Tomshardware. Sure, everyone needs to make a buck but that add is terrible. I have better luck on porn sites with adds coming at me (no pun intended). Thats pretty sad.


    You need to Google "adblock plus" my friend.
  • f-14
    they can encrypt all they want, according to u.s. law signed by serial rapist pot smoker slippery willy pedophile clinton, any company doing business in the united states has to give the government all the keys or full access on demand.
    the u.k also has similar laws but mandatory access.

    doesn't do any good to encrypt anything when big brother already got the decryptor.