Become a fan of Slashdot on Facebook


Forgot your password?
Yahoo! Encryption

Yahoo To Add PGP Encryption For Email 175

Bismillah (993337) writes Yahoo is working on an easy to use PGP interface for webmail, the company's chief information security officer Alex Stamos said at Black Hat 2014. This could lead to some interesting standoffs with governments and law enforcement wanting to read people's messages. From the article: "'We are working to design a key server architecture that allows for automatic discovery of public keys within and other participating mail providers and to integrate encryption into the normal mail flow,' Stamos said."
This discussion has been archived. No new comments can be posted.

Yahoo To Add PGP Encryption For Email

Comments Filter:
  • If they can lead the way on this it shouldn't be long before others follow - gmail, live, etc. Does Yahoo still have a large enough user base to really make others take notice and react if they pull this off?

    • Re:Great (Score:5, Insightful)

      by KermodeBear ( 738243 ) on Friday August 08, 2014 @09:27AM (#47629551) Homepage

      This kind of functionality would be enough for me to switch mail providers.

      Yes, yes, it can always be done manually, but I have a lot of friends that aren't as tech savvy as I am. Generating a key, keeping the private one somewhere safe, copying text from the PGP application, pasting it correctly, copying incoming text, pasting, decrypting, etc., etc., it's all a pain in the butt for the typical computer user.

      If Yahoo can manage to implement this correctly so that it is safe AND easy to use that's a big deal.

      • by anagama ( 611277 )

        Is there a reason you don't let your email client and a GPG plugin handled the encryption/decryption?

      • The problem is that just switching yourself doesn't solve anything. You have to convince all your friends to switch so that they can send and receive encrypted messages too. That might actually be their plan. Get the techies to go for it, and they'll tell all their friends to go for it. It may possibly work but most people don't use email for anything confidential. Nobody cares if somebody else is reading the marketing emails or plans with family that are being sent to them. Plus, as pointed out by other
      • If Yahoo can manage to implement this correctly so that it is safe AND easy to use that's a big deal.

        Except they can't. Yahoo Mail is webmail which leaves you with two options:

        1. They have the keys. In what way is this any better than simply using SSL between mail servers? If you don't manually provide the key or manage your own key then it implies that Yahoo is holding your private key, otherwise webmail wouldn't work.

        2. You have the keys, and we're back to complicated key management by end users, manually uploading them when you fire up your browser session, etc.

        Public key cryptography is not something t

  • Can you imagine Google doing this? It would ruin their business model entirely as they could not use keyword based ads.

    • by Anonymous Coward

      google is doing this (

    • by 2fuf ( 993808 )

      Well, they would of course have access to the content before it's encrypted. I don't trust someone else to perform the encryption for me, even on the client side, after everything that happened. But then, even your own OS, all the software that's on your machine, there are sooo many parties involved with so many affiliations, objectives, incentives. If it's not NSA that's peeking through your SSL connection, then it's probably China that bought off your antivirus manufacturer or a Russian hacker who injecte

      • by mlts ( 1038732 )

        There are always ways to ensure data is encrypted and stays encrypted. The simplest is to have an offline computer with a SD card slot, and read/sign sensitive stuff on that machine. Of course, this isn't 100%, but it forces someone to have "boots on the ground" in order to obtain data.

        One can get fancy with an offline setup (only boots from a "trusted" USB flash drive only on a keychain, then requires a long passphrase to mount /home, etc), but the idea is to have an air gap, which will block 99.999% of

        • You can't trust USB devices these days either [].

          How about an offline machine that encrypts and prints the encrypted email either as text or as an easy-to-scan graphic and a scanner on the sending computer to scan it in as a graphic, mail the graphic to the recipient, and let him do the de-rasterizing and decrypting?

          For receiving mail, have a 3rd computer that is air-gapped from the other two that has a scanner attached to it.

          Yeah, it's hard, and yeah, it paints a target on your back about as much as using TOR

    • by Jahta ( 1141213 )

      Can you imagine Google doing this? It would ruin their business model entirely as they could not use keyword based ads.

      You don't have to imagine. They are already working on it. []

  • by Henriok ( 6762 ) on Friday August 08, 2014 @08:59AM (#47629379)
    Where is the private key stored? These are web mail services and if that's going to be easy to use, the key must travel with the user, and how is that going to work securely? Or are they going to store people's private keys on their own servers? If so, wouldn't that almost completely defy the purpose? If intelligence agencies or more usual evil does have access to the mail servers, or user accounts wouldn't they also have pretty much access to the key store servers too? Could someone with more knowledge into how this might work please sort this out for me.
    • I had the same thought. I suppose you could store the key encrypted, and then do all the encryption/decryption in the browser. So Yahoo would provide the browser the encrypted key and some Javascript would do the decryption. The article specifically mentions public keys though, which makes me think they must be working on providing a directory of public keys for Yahoo accounts as well. Another option would be using a browser extension. I guess we will find out in time.
    • by BaronM ( 122102 ) on Friday August 08, 2014 @09:10AM (#47629435)

      With any encryption scheme, key management is usually the biggest pain in the ass. No doubt, this is the biggest problem with implementing encryption for webmail.

      Keeping my private key on a USB drive on my keychain could ALMOST work, in that on any desktop or laptop I could insert it to get to the key. For mobile, I think Yahoo will need to release a mail app that supports an easy & secure way to load your key.

      Also - keying a passphrase on a moble device to open/sign/encrypt email will suck big time. This could be a great use for a fingerprint sensor on phones.

    • by PPH ( 736903 )

      PGP uses a public/private key pair. The way it should work: You generate a key pair locally and keep your private (decryption) key to yourself. You can then publish your public key, which other parties can use to encrypt messages to you. Key management would consist of some scheme where the mail service provider would 'sign' your public key to provide authentication and some easy to use public key lookup schemes so other people can securely recieve your key (protect against man-in-the-middle attacks) in ord

    • Email is transmitted unencrypted; anyone relaying the message can read it. With PGP way your email is protected in from everybody while it's in transit, although at the endpoints it's only protected from conventional criminals and not Uncle Sam or John Bull.

    • by AmiMoJo ( 196126 ) *

      The private key can be stored encrypted on their server, and then sent to the client which can decrypt and use it. Decryption uses the user's password. That is similar to how most encryption systems work - the key is itself encrypted with the user's password for storage.

      It isn't a perfect solution but it is infinitely better than having no encryption at all. At the very least it will make bulk collection much more expensive.

      • The private key can be stored encrypted on their server

        Who is in control of that encryption? Who encrypts the encryption around the encryption around the encryption?

        If it's Yahoo, then "At the very least it will make bulk collection much more expensive" becomes patently false, because at some point they'll have the private key in the clear.

        Every layer in here becomes a weak point where it can be broken, exploited, or bypassed.

        And, since this is webmail, you're putting a lot of faith in browsers and various

        • by AmiMoJo ( 196126 ) *

          Who is in control of that encryption? Who encrypts the encryption around the encryption around the encryption?

          It would run in the client, i.e. the browser. Presumably Javascript based and thus open to public scrutiny, so at least in theory it could be audited.

          I agree that it isn't perfect, but if we wait for a perfect solution like we have been there will never be one. Yes, the browser could be compromised, but that adds cost (the attacker has to attack the browser first) and gets a third party involved in defence (the browser developer). At the very least it would make bulk capturing of plain text emails impossibl

          • Under the system you propose, any time Yahoo (or their federal overlords) wants to read your email, all they have to do is slightly modify some of the JS that your browser runs. Since your browser has your decrypted private key in hand, the JS can then upload it to anywhere the JS tells it to. This only needs to happen once; as soon as the attacker has your private key in plaintext they can decrypt all of your stored email (and sign outgoing emails as you).

    • by bmo ( 77928 )

      Where is the private key stored?

      It doesn't matter.

      Yahoo lost control of my login credentials *twice* that I know of. While I have never been to Sweden and Bulgaria, I have apprently sent mail from there. Yahoo is the only service that I have ever used that lost control of my login creds like that - since 1986. Y! mail is now a spamtrap for me. I will never use it again.

      Knowing Yahoo, the private key be stored in plaintext on the user's profile page.


  • by Anonymous Coward

    If you enter your message to be encrypted into a webpage, then unless you trust that webpage (yahoo in this case), you shouldn't trust any encryption method that's out of your control. Just use an open source mail client to contact the email server to send the encrypted message. Safe and secure (except for metadata that is).

  • Awesome!! (Score:5, Funny)

    by hymie! ( 95907 ) on Friday August 08, 2014 @09:05AM (#47629401)

    Now all I have to do is get my father, my mother, my sister, my half-sister, my grandmother, my wife, and my assorted friends to learn what PGP is and how to read the emails I send them.

    • I think the idea is that it would fall back to unencrypted messaging transparently (perhaps with a warning) when you're sending it to a mailserver that doesn't talk PGP.

      • Mailservers don't talk PGP. Even being encrypted it's armored in base64 encoding and transmitted as plaintext. And mail client either knows what to do with it, or not. So, nope, no fallback possible, because you can never know if particular person is going to read it through a client that supports encyption or not. But if you have his\her public key, you might as well assume, that client does know ho decrypt it and if you don't - you can't encrypt it anyway.

        • by Aaden42 ( 198257 )

          Yahoo has led the charge before in enhancing email standards where bare SMTP wasn’t adequate. They were fairly early adopters of things like DKIM and helped push the industry to support it. If you want to do something that really does have a fallback route, it wouldn’t even take a standards change to have receiving SMTP servers advertise crypto as part of the SMTP capabilities response.

          Granted, it’s a big hit to security if your message is encrypted or not based on the remote mail server

    • by AmiMoJo ( 196126 ) *

      The whole point of doing it this way is that it is transparent to the user. If Yahoo finds the recipient's public key on a known key server the email gets encrypted automatically. It isn't perfect but it is a massive step up from what we have now.

    • by Sloppy ( 14984 )

      Now all I have to do is get my father, my mother, my sister, my half-sister, my grandmother, my wife, and my assorted friends to learn what PGP is and how to read the emails I send them.

      You jest, but don't you see how popular webmail providers adding insecure PGP implementations to their platforms would be a pretty good first step to doing exactly what you say?

  • At this point, each news story about Yahoo primarily serves to let me know the company isn't quite dead yet.

  • by cpuh0g ( 839926 ) on Friday August 08, 2014 @09:29AM (#47629569)

    Implementing PGP with (yet another) public key database is easy enough to do. The biggest issue will be the management and protection of the private keys needed to sign and decrypt incoming messages. If Yahoo ends up holding the private keys, then it's completely untrustworthy and useless.

    Also, why do they want to create another public key DB? is very nice, and the existing servers have a huge existing database of public keys, though it is nearly impossible to delete a key once its published.

    • That's why you should create a revocation certificate when you create the keypair. If you upload the revocation cert to the DB, the keys get removed.

      But yes... my first keypair that I created something like 17 years ago when I was first learning about gpg are still in the DBs and come up when my name is searched. It gives me a chuckle.

      • by chihowa ( 366380 ) *

        Revoking a keypair shouldn't (and doesn't in most cases) remove a key from the database. If revoking the key removed it from the database, you'd effectively hide the fact that a key was revoked and allow its continued use. You want all of your contacts (current and potential) to know that the particular key has been revoked and is no longer valid.

    • by mlts ( 1038732 )

      Old school keyservers are engineered to make deleting keys impossible (where if one server deletes a key, on the next propagation, the key is re-copied.) So, there is a lot of cruft and lost/abandoned keys in the database. However, an attacker can't delete someone's key (they can make a ton of fake keys though.) It is a trade-off.

      I have been thinking of a keyserver setup similar to that (where keys are not deleted), but keys would have an expiration date. This could be a few years after the key hit the

    • If Yahoo ends up holding the private keys, then it's completely untrustworthy and useless.

      Let's hypothesize that Yahoo does this the worst way possible, so we can play to everyone's fears. Let's say the users aren't even going to have the key on their machines ever, and instead, Yahoo explicitly announces they have your private key, and their server will do all the decryption and signing for you (your machine won't even be doing it in Javascript), and they're under US jurisdiction and therefore subject to

  • We are working to design a key server architecture that allows for automatic discovery of public keys within and other participating mail providers and to integrate encryption into the normal mail flow

    So, let's think about this.

    They can discover your public keys, and then presumably they will need to have your private keys in order to show you the message.

    If you have to enter your private key even once, you have to assume they'll keep it.

    At which point, you are more secure from casual prying eyes,

    • "If you have to enter your private key even once,"

      Show me an encrypted mail solution where you don't enter your private key ever.

      Theoretically, you could save off any encrypted portions to removable media, move it to an unconnected machine and only there apply your private key, and destroy the media afterwards. That's a lot of tinfoil, though.

    • by J'raxis ( 248192 )

      That's what these large corporations all do.

      Look at Google, grandstanding about moving things to HTTPS a few months ago [], making things harder for the NSA [], and so on, and yet at the same time they are now proactively scanning people's data for illegal activity and then handing it over to the government []. Microsoft [] is doing the same thing.

      What makes you think Yahoo will do anything different? The whole plan here is probably to get uninformed users to hand over their PGP keys so they can store them.

  • by Aaden42 ( 198257 ) on Friday August 08, 2014 @09:43AM (#47629669) Homepage

    Key management’s the thing here of course. If it’s on their server, NSA has it, etc. There are ways the key could be encrypted on server, decrypted only locally etc. Most of those have myriad ways the key could be mis-handled, leaked, etc.

    That said, I’m kind of leaning towards this being a good thing, even if its implementation isn’t 100% paranoid geek approved secure. Ultimately if the NSA wants to read YOUR stuff, they’re going to (see: $5 wrench). If we assume Yahoo manages to implement this such that key retrieval is at least inconvenient (for $ufficiently large value$ of inconvenient) to anyone other than the account owner, then it should at least complicate NSA’s blanket “read all the things” approach. If it tips the balance back to the point that they actually have to expend more resources than your grandmother’s chocolate chip cookie recipe is really worth, then *maybe* they go back to only reading very interesting people’s emails without a warrant rather than reading everybody’s. I guess that’s worth half a point?

    More importantly, if it manages to turn the seething mob of luddite Yahell users onto the fact that encryption is a thing, and explains to them why they want this thing, maybe the “winning hearts and minds” gambit is worth something to the world as a whole, even if the individuals’ email isn’t NSA-proof. Right now most mothers & grandmothers either have no clue what encryption is, or think it’s something only used by hackers, ter’ists, pr0n, criminals, etc. “Them” in other words. If Yahoo manages to convince a sizable portion of the voting public that privacy has worth, and encryption is a way to ensure that privacy, I think that’s a worthy outcome even if the encryption has flaws. Maybe that opens the door to conversations about the difference between effective and ineffective encryption. Maybe it even brings it closer to socially “normal” for someone who knows what effective encryption is to encourage others to use it without being assumed to be a nutcase or worse.

    I hate to advocate selling snake oil, but there *are* an awful lot of squeaky snakes around. Maybe the right salesman can convince enough of the populace they need encryption, then we can worry about offering really good encryption for those adequately equipped to work with it.

  • Mailvelope etc. (Score:2, Informative)

    by Anonymous Coward

    The Mailvelope Plugin - - already does that: encrypt webmails a la Gmail, Yahoo, Hotmail or your own Roundcube etc.. It does so in-browser, obviously. Still basic in functionality but works for simply sending messages back and forth. Clear-signing, though available, tends to get screwed up due to message wrapping on the receiving end.

    You may also find a very cool thing. Essentially a simple contact form, that encrypts the message with GPG and sends it on to the

  • Why not S/MIME? (Score:4, Informative)

    by Arkham ( 10779 ) on Friday August 08, 2014 @09:49AM (#47629711)
    Instead of PGP they should use S/MIME. It's functionally the same but is far more widely supported. It's even included in the Exchange ActiveSync protocol via ResolveRecipients to retrieve the public keys of other users. I don't dislike PGP/GPG, but if it were me I'd go with a more standard envelope.
    • Re:Why not S/MIME? (Score:4, Interesting)

      by mlts ( 1038732 ) on Friday August 08, 2014 @11:41AM (#47630453)

      S/MIME is better than nothing. I use it often because of exactly the fact that it is part of most MUAs, and it takes zero effort on the recipient's side for a signature to be validated.

      However, S/MIME is just like SSL/TLS, being one bad CA away from being useless, while PGP's web of trust system is far more robust and can handle a bad key introducer fairly easily.

      If we can get people used to making webs of trust, especially if Yahoo made some type of utility for this, it would go far with security.

  • It sounds like they plan on making the extension open source, which is mandatory or the whole thing is a non starter. Furthermore you better be able to match the checksum of the source version to the addons that might be available from the addon repositories for the browsers. We have to be able to confirm that what they say is the code is in fact what we are running in the browser.

    Personally I'm not interested in anything that involves uploading my private keystore to a third party, encrypted or not,

  • encryption? I seem to recall news about 6 months ago that RSA Security took $10M from the NSA for allegedly tweaking a random number generator or some such thing. I know PGP is open source, but who knows enough about both encryption math and programming to actually verify that the code is safe, and why should anyone trust them?

  • by CBravo ( 35450 )
    And how do presume the spamfilter will work with all the content being encrypted? This is not well thought out.

Trap full -- please empty.