Recruited for the project is (now former) EFF staff technologist Yan Zhu.
In the Thursday talk, Stamos told attendees that Yahoo is using the end-to-end encryption plugin that Google released a few months ago, with the plan of having both Yahoo Mail and Gmail able to exchange encrypted mail between the services seamlessly and easily.
The move is a step in the right direction for security teams endeavoring to bring encryption to consumers, which faces challenges around ease of use for the ordinary user.
Encryption has followed security's traditional quandary of easy versus secure. Basically, if anything [in tech] is easy to use, lots of people will use it -- but security and simplicity seldom go hand-in-hand.
Stamos directly referenced the 'post-Snowden era' of consumer privacy and security as the impetus for his push at Yahoo to his Black Hat audience.
Post-Snowden, we have a strain of nihilism that’s keeping us from focusing on what’s real.
We as an industry have failed. We’ve failed to keep users safe.
If we can’t build systems that our users in the twenty-fifth percentile can use, we’re failing. And we are failing. We don’t build systems that normal people can use.
Stamos' talk was the best-liked and most talked about briefing at Black Hat USA Las Vegas 2014.
Our profession has never been so (potentially) impactful as it is today. @alexstamos#BHUSA
The move to encrypted mail brings Yahoo Mail into the forefront of user privacy in mail services among web giants, joining Google and Microsoft in the race to protect customers in the post-Snowden era of security.