Google, Yahoo Partner to Create Encrypted Email System

Alex Co

New member
Dec 11, 2013
1,183
0
0
Google, Yahoo Partner to Create Encrypted Email System


Rivals Google and Yahoo are pairing up to develop a secured email service by 2015, that could make it impossible for hackers or even the government to read users' messages.

With Google [http://www.escapistmagazine.com/news/view/136677-Russian-Hackers-Have-Stolen-Over-A-Billion-Internet-Passwords]states it has over 42.5 million unique Gmail users, with Yahoo sitting at over 110 million. Yahoo and Google say this encryption tool will be an optional feature that users will have to enable, and it will rely on a version of PGP encryption, which is a long-tested way of scrambling data that has yet to be cracked. It also won't be like traditional webmail services that rely on tech firms in holding passwords and usernames for user accounts, as PGP relies on consumer accounts having their own encryption key stored on their laptops, smartphones, tablets and other devices.

However, before you toggle this on the moment it becomes available, it won't be that easy to use, unfortunately. For starters, you cannot forget your password as there's no "password reset" feature; and users will have to go through several steps using less-than-desirable (read: clunky) software just to send short email messages. Christopher Soghoian, security and privacy researcher at the American Civil Liberties Union claims, "How do you get children to eat their spinach?...PGP is even less tasty than spinach." Soghoian adds that both Google and Yahoo are taking steps to make the technology easier to use for normal users.

In a Black Hat security conference held last week, Yahoo chief information security officer Alex Stamos says that Yahoo has to explain to users how PGP works, and that it isn't the one-stop cure for privacy issues. One example Stamos has given is that while it encrypts the contents of emails, it wont' provide encryption on who sends and receives the messages or the subject line. "We have to make it to clear to people it is not secret you're emailing your priest...But the content of what you're emailing him is secret," Stamos notes.

Possibly the most intriguing aspect of it (aside from protecting emails from hackers) is bandied by Bruce Schneier, longtime cybersecurity researcher and chief technology officer at Co3 Systems, when he said: "What's going to happen when the FBI goes to Google or Yahoo and says, 'I want the email from this guy,' and Google or Yahoo says, 'We can't give it to you?'"

Are you willing to adapt Google and Yahoo's new email system [http://www.escapistmagazine.com/tag/view/email?from_search=1] to protect your privacy? Or will this new encryption method just make it easier for people with bad intentions to communicate without being caught?

Source: The Australian [http://www.theaustralian.com.au/business/wall-street-journal/yahoo-google-partner-to-create-encrypted-email-system-by-2015/story-fnay3ubk-1227017941677?nk=079216bda1e207c72f5fa524d15ed018]

Permalink
 

The Hungry Samurai

Hungry for Truth
Apr 1, 2004
453
0
0
Yes it's a tool that will be used by criminals and the like, but it's a sad state of affairs that our Government proved themselves to be so irresponsible and nosy, that such a thing is desired so badly that Google and Yahoo would team up to make it happen.

I won't use it, because I really don't have anything to hide, but I'm glad I have the option.

I give it less than a month before hackers tear it to pieces.
 

Mr.Mattress

Level 2 Lumberjack
Jul 17, 2009
3,645
0
0
Color me intrigued, especially since I have both a Yahoo Email (My Main) and a Google+ Email (As a Requirement to use Youtube).

I'll keep an eye on this. Maybe I could use this new Yahoogle (I trademarked it) Email as my Main instead...
 

vdrandom

fsck
Dec 18, 2013
61
0
0
Tbh, client-to-client (aka OTR) encryption is not a very fresh idea. Any decent mail client can do that today, just in case anyone is unaware. (And most of them use PGP/GPG.)

For example, Thunderbird: https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/

But I guess it is about the web-app part of their services, so it seems interesting.
 

Kieve

New member
Jan 4, 2011
128
0
0
The Hungry Samurai said:
Yes it's a tool that will be used by criminals and the like, but it's a sad state of affairs that our Government proved themselves to be so irresponsible and nosy, that such a thing is desired so badly that Google and Yahoo would team up to make it happen.
What's sad is, I'm more concerned about the criminals in charge of our country than the ones they're supposedly "protecting" us from. I have nothing in particular to hide from them either, but I would use this on principle simply to give a giant middle finger to the FBI and NSA.

captcha: carry a towel
You know something I don't, Captcha...?
 

Tamayo

New member
May 16, 2014
40
0
0
I will use it. I will use it [em]exclusively[/em]. I will expect all my correspondents to use it too, if it's easy enough to use. I'd encrypt everything I send with GPG already if I could convince them to do so. Sadly, not everyone is neither-too-old-nor-too-young to use command-line interfaces.

A lot of people say, "if guns are criminalized, then only criminals will have guns". This is actually true, whether or not you like the corollaries. (In particular, I personally think that most guns should be criminalized, but of course that's not the point of the discussion.) A similar statement is true of strong encryption, and the corollaries are much less in the favour of the people not being permitted the facility in question. Whereas allowing ordinary citizens to have powerful weapons is one thing, allowing ordinary citizens to conceal their business from everyone else [em]is the point of being a citizen.[/em]

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
 

Queen Michael

has read 4,010 manga books
Jun 9, 2009
10,400
0
0
If I were a gambling man, I'd bet £1,000 right now that it'll be completely figured out and broken through by hackers within a year of its release.
 

Somethingfake

New member
Oct 22, 2008
316
0
0
Queen Michael said:
If I were a gambling man, I'd bet £1,000 right now that it'll be completely figured out and broken through by hackers within a year of its release.
A year? My friend, you give them *fair* too little credit.
 

008Zulu_v1legacy

New member
Sep 6, 2009
6,019
0
0
All the government has to do is spout it's usual Patriot Act-Terrorists propaganda, and Google/Yahoo will be forced to hand over the encryption keys.
 

RicoADF

Welcome back Commander
Jun 2, 2009
3,147
0
0
008Zulu said:
All the government has to do is spout it's usual Patriot Act-Terrorists propaganda, and Google/Yahoo will be forced to hand over the encryption keys.
The thing is that those keys will be on the users computers not their servers, so Google and Yahoo will literally be unable to comply.

OT: I think it's good their doing this, I don't care much for the FBI/NSA even though their criminals the ones I'd be protecting myself from are the real ones which steal etc, encrypting emails would be a good way to help keep my details safe from the real trouble makers.
 

Queen Michael

has read 4,010 manga books
Jun 9, 2009
10,400
0
0
Somethingfake said:
Queen Michael said:
If I were a gambling man, I'd bet £1,000 right now that it'll be completely figured out and broken through by hackers within a year of its release.
A year? My friend, you give them *fair* too little credit.
I'm better off financially than most people, but even I don't want to lose 1,000 quid if I can help it.
 

jpoon

New member
Mar 26, 2009
1,995
0
0
I'd certainly use this if it's not some ridiculous scam. Fuck our nosy ass government and all the douchebag hackers for making this bullshit hoop jumping necessary. I hope you all fucking trip and horribly break your legs.

What's sad is, I'm more concerned about the criminals in charge of our country than the ones they're supposedly "protecting" us from. I have nothing in particular to hide from them either, but I would use this on principle simply to give a giant middle finger to the FBI and NSA.
Bingo!
 

Raziel

New member
Jul 20, 2013
243
0
0
How does this work if the person sending the email uses encryption but the receivers don't? I might be willing to give this a try but there is no way my family will. I can't even get them to stop using birthdays as passwords.
 

Strazdas

Robots will replace your job
May 28, 2011
8,407
0
0
Tamayo said:
I will use it. I will use it [em]exclusively[/em]. I will expect all my correspondents to use it too, if it's easy enough to use. I'd encrypt everything I send with GPG already if I could convince them to do so. Sadly, not everyone is neither-too-old-nor-too-young to use command-line interfaces.
not sure if 24 fits in your timeframe, but i remmeber using command-line interfaces. i will fight tooth and nail for a regular user to never ever ever having to see them again. there is aboslutely no reason to have no GUI in this day and age.

Mr.Tea said:
PGP encryption hasn't been broken in ~20 years, so I guess you already lose...
all encryption is a matter of effort. if the gains for breaking it starts exceeding the effort needed to break it - it will be broken. there is no unbreakable encryptions.
 

008Zulu_v1legacy

New member
Sep 6, 2009
6,019
0
0
RicoADF said:
The thing is that those keys will be on the users computers not their servers, so Google and Yahoo will literally be unable to comply.
They would be able to force them to hand over the means by which the keys are generated, so they can generate their own skeleton key.
 

RA92

New member
Jan 1, 2011
3,079
0
0
If Google can't decrypt my mail, how are they supposed to display ads based on the contents of my mail?