Yahoo has become the second major email provider to signal its intention to offer users fully end-to-end encrypted emails, in a bid to bolster privacy and security.
CISO Alex Stamos announced the news at Black Hat last week, with Yahoo deciding to implement the OpenPGP standard by 2015.
Stamos explained via Twitter that the internet pioneer would be using a forked version of Google’s End-to-End Chrome extension, which allows users to “encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP”.
However, when it comes to the Yahoo Mail mobile app, the encryption functionality will be native, Stamos said.
Yahoo is following Google into the world of end-to-end email encryption after the Mountain View giant announced an alpha version of its End-to-End extension back in June.
The announcements show that both webmail providers are serious about offering customers a way of communicating that government snoops can’t monitor.
However, there are still question marks over how the firms are going to make the services user friendly enough to ensure mass market adoption, without putting themselves in a position where they could be vulnerable to requests from law enforcement to hand over keys - as famously happened to Lavabit.
Full encryption and key management has long been regarded as something only for the tech-savvy, although this year commercial services like Proton Mail and Tutanota have launched with a major focus on usability.
Mark James, security specialist at ESET, welcomed the news, assuming the two web giants can indeed make end-to-end encryption manageable for users.
“Once the browser extension is added and configured you will be able to send an email with the contents completely scrambled to anyone except the sender and receiver. No one will be able to read the content,” he said.
“There are many encryption tools available for those that want to install and use them but for the average user they are often scary to set up. I for one welcome any type of ‘easy’ security."