Yahoo releases source code for encryption plugin

16 Mar 2015

Yahoo has released the source code for a plugin that would allow end-to-end encryption of email messages to enhance security following disclosures of snooping by the US National Security Agency.

According to a blog post by Alex Stamos, Yahoo's chief information security officer, Yahoo was asking to look at its code, published on GitHub.

Stamos said at a presentation yesterday, the plugin should be ready by the year end, at the South by Southwest conference in Austin, Texas.

Yahoo and Google had been jointly working towards making their email systems compatible with end-to-end encryption, a technology based on the public-key cryptography standard OpenPGP.

End-to-end encryption being difficult for non-technical users to set up is not widely used.

Using the technology, a message's contents could be so encrypted as to allow only the sender and recipient to read it. A message's subject line was not encrypted, though and neither was the routing metadata, which could not be scrambled since it was needed in order to send a message.

The post by Stamos also included a video that showed how users could set up an encrypted message much faster using the company's plugin as against using GPG Suite, a software package for sending encrypted email on Apple's OS X.

A test or beta version of the encryption software was being released for developers, and was expected to be rolled out to users in the coming months.

Stamos told AFP that the company's goal was to have this available by the end of the year.

He added users who had the ability to write an email should have no problem using the company's email encryption.

According to privacy advocates, encryption was a valuable tool in thwarting unwanted snooping, but many users found the process daunting, with a need to create complex codes or "keys" for both the sender and receiver.

Yahoo had been collaborating with Google and its Gmail service on the encryption, and the standards would be compatible, according to Stamos, so Yahoo and Gmail users would be able to send each other encrypted messages with a single click.

Other online giants had also taken steps to encrypt internet traffic following revelations of vast online surveillance programmes led by the US National Security Agency, and had argued they never allowed unfettered access to their servers.

The email encryption took this further by encrypting the content on both ends of the message.