The web needs to be more secure and safe. That’s a fact, never in all human history have we seen such a playground of poorly secured personal data and freely available spying tools. The World Wide Web has changed our life, now is the time we secure it and make it safer to use.
Days after Google addressed the need for security by implementing HTTPS into their search rankings, Yahoo have joined the security bandwagon and announced they will be securing their webmail. Alex Stamos, CISO at Yahoo, announced they will implement end-to-end encryption for its users web mail users. Though sadly not until next year.
The crowd at the Black Hat conference in Las Vegas were the first to hear about this new mail security system from Yahoo. In a collaboration to the efforts made by Google already, they will jointly implement complete end-to-end security for Yahoo and Gmail users. Admitting the move is a long time coming “We as an industry have failed…to keep users safe,” Stamos added.
More Snowden Effect
Google have been looking into incorporating PGP security into their Gmail service for some time now, choosing ‘Pretty Good Privacy’ as the most user friendly approach to securing webmail. They’ve been working to make users safe since the level of government intrusion become known thanks to Edward Snowden.
PGP has been around since the early 90s, remaining exclusive to advanced users due to the complexity of implementation. However since encryption is more relevant now, Google are working to make it more approachable. The PGP platform is also very difficult to break.
“[PGP] offers stronger protection than SSL/TLS because private user data cannot generally be decrypted by the company or by any third parties, including government agencies.” The Electronic Frontier Foundation (EFF)
Such third party tools already exist for Gmail, and Apple mail such as GPG Tools and Mailvelope. The GPG tools maker spoke to VentureBeat about the spike in downloads following the Edward Snowdon leaks. However they are still seeing 13,000 downloads each month.
Yahoo and Google are moving in the right direction. Both companies have been very outspoken about the NSA and GCHQ intrusions. However even with the HTTPS and PGP inclusion end users are not the only ones that have access to mail. There is another ‘person’ and that is Google.
They will still need to monetize your Email, scanning for spam, viruses and of cause to serve you its adverts. Google scans your email for all sorts of nastiness, and the last thing they will want is to work tirelessly to implement these features only for it to be exploited by criminals.
So expect any implemented PGP system to still allow your mail to be scanned. Most importantly allowing Google to collect its big data you signed up for. Yahoo are making big moves and opening services that will rival Google, does increased security make the service any more attractive? Hit us up on Google Plus or Twitter and let us know.