Yahoo to Enable Email Encryption For All Users by 2015

Following Edward Snowden’s revelations of widespread Internet surveillance, many technologists have been advocating for widespread encryption to counter the NSA, other spy agencies and hackers.

“Encrypt all the things” has been their cry. Google listened, and now Yahoo is the second major email provider to join the movement.

Alex Stamos, the company’s chief information security officer, announced Thursday that Yahoo users will have the option to send end-to-end encrypted emails next year, enabled via a browser plugin.

Yahoo’s move comes a couple of months after Google announced its plans to roll out a Chrome browser extension to let people encrypt their emails.

Yahoo will bootstrap its own plugin by modifying Google’s code, and the two services will be compatible, Stamos said.

Two people with the plugin enabled will be able to send each other emails with the content scrambled, unreadable to anyone but the sender and the receiver. This is already possible using established encryption software such as PGP (Pretty Good Privacy). But such tools are hard for average users. Google and Yahoo want to make it easy.

Even before the Snowden revelations, technologists and hackers around the world had been working on easy-to-use encryption tools like Cryptocat (for browser chat), Signal (for encrypted calls), TextSecure (for encrypted text messages).

Email encryption, however, has historically been harder to do — partly because it’s hard to send an email with the metadata encrypted, since you need that to deliver it.