Yahoo unveils sneak peek at end-to-end email encryption plugin

The web portal giant wants encryption in everyone's hands by the end of the year.
Written by Zack Whittaker, Contributor

After the company was thrown under the bus by the National Security Agency surveillance disclosures, Yahoo is following up on its promise to fight back.

At SXSW festival in Austin, Texas, Yahoo chief information security officer Alex Stamos confirmed the company will introduce end-to-end encryption to its Yahoo Mail service by the end of this year.

"Our users are much more conscious of the need to stay secure online," Stamos said in a blog post. "We've heard you loud and clear."

Its goal is to simplify encryption for the vast majority by streamlining it as a one-click feature as part of the browser. The encryption plugin allows users to encrypt, decrypt, sign, and verify messages in the browser using existing OpenPGP technology, which has been tried and tested over more than a decade.

OpenPGP remains the most popular (and reportedly uncrackable) email-based encryption service, but it's infamously difficult to use.

Yahoo teamed up with Google to offer a browser-based encryption plugin after both companies were hit by allegations that the US government had intercepted their data by tapping into datacenter links.

The plugin works by encrypting email messages on a person's computer before it travels across Yahoo's networks, foiling any now-public program that allowed messages to be intercepted.

The plugin is now available on code-sharing site Github, and is available for scrutiny by developers and security experts.

Researchers who find bugs or flaws in the software will be eligible to claim rewards as part of its bug bounty program.

Editorial standards