Yahoo said Sunday it plans to introduce “end to end encryption” for email this year to boost privacy protection for users concerned about snooping from governments or hackers.
The Internet giant demonstrated new security and safety features for its email service at the South by Southwest festival in Austin, Texas, ramping up efforts to boost privacy since the 2013 revelations about government surveillance.
The new security feature aims to allow non-technical people to use encryption with the click of a button after an initial setup of a few minutes.
A test or beta version of the encryption software is being released for developers, and it is expected to be rolled out to users in the coming months.
“Our goal is to have this available by the end of the year,” Alex Stamos, Yahoo’s chief information security officer, told AFP. “Anybody who has the ability to write an email should have no problem using our email encryption.”
Privacy advocates say encryption is a valuable tool in thwarting unwanted snooping, but many users find the process daunting, with a need to create complex codes or “keys” for both the sender and receiver.
Yahoo has been collaborating with Google and its Gmail service on the encryption, and the standards will be compatible, Stamos said, so Yahoo and Gmail users will be able to send each other encrypted messages with a single click.
“I think anybody who uses email in the center of our life needs encryption,” Stamos said.
“If you send emails to your spouse or your lawyer or family members, you want to have these messages be confidential.”
Yahoo and Google and other online giants took steps to encrypt Internet traffic in the wake of revelations of vast online surveillance programs led by the US National Security Agency, and have argued they never allowed unfettered access to their servers.
The email encryption takes this further by encrypting the content on both ends of the message.
Dumping the password
Yahoo said another feature soon to be introduced would allow users to bypass the standard password, by getting a one-time code sent to a verified phone each time they log in.
The move would help avoid so-called “phishing” attacks and other maneuvers that steal a user’s password, leading to potential identity theft.
The two new measures are expected to improve security and privacy while still being easy to use, Stamos said.
“It’s important for our products to be safe as used by normal people,” said Stamos.
“Our users face a very diverse set of threats. The biggest threat is probably someone stealing their password, and their account taken over.”
He added that encryption and password circumvention may also be important for users living in countries with repressive regimes.
“There are a lot of Yahoo users who live in countries where their freedom of expression and freedom of association is not respected, and where the government is trying to put malware on their computers to track them,” he said.