Tech Giants Envision Spy-Free, Secure, Encrypted Emails By Next Year
Could encrypted messaging—long the province of privacy hawks and conspiracy theorists—go mainstream?
Yahoo Inc. said Thursday it will join an effort by rival Google Inc. to create a secure email system by next year that could make it nearly impossible for hackers or government officials to read users' messages. Even the email providers themselves won't be able to decrypt messages.
Yahoo said Thursday it will join an effort by rival Google to create a secure email system by next year.
Bruce Schneier, a longtime cybersecurity researcher and chief technology officer at Co3 Systems Inc., said the moves are disrupting what had been a "public-private surveillance partnership."
"What's going to happen when the FBI goes to Google or Yahoo and says, 'I want the email from this guy,' and Google or Yahoo says, 'We can't give it to you?'" Mr. Schneier said.
Google in June announced plans to develop spy-proof email. The addition of Yahoo is notable because the two have access to so many email users and Yahoo shed new details on the project. Google counts 425 million unique Gmail users, Yahoo 110 million.
Microsoft, which offers the free Web email service Outlook.com, has previously said it is working to incorporate encryption technologies into the service formerly known as Hotmail. Microsoft says there are more than 400 million active accounts in Hotmail and Outlook.com.
Yahoo and Google say the encryption tool will be an optional feature that users will have to turn on. Engineers at the technology firms—bitter competitors in many fields—frequently talk to each other about the project, people at both companies say.
Yahoo!’s Chief Information Security Officer Alex Stamos announced at the Black Hat 2014 conference this week the company’s plans to release an end-to-end PGP encryption option in its mail service next year.
Only a few months ago Google introduced a PGP-based encryption plugin for Gmail. Now, Yahoo! plans to use a modified version of the same end-to-end browser plugin. Stamos assured the encryption feature will be very easy to use for its customers with “little or no effort.”
According to Stamos, the PGP plugin will be native in mobile apps, allowing Gmail and Yahoo! mail to easily exchange encrypted emails and making it nearly impossible for cybercriminals to snoop into a users’ inbox.
Stamos’ presented a talk titled “Building Safe Systems at Scale—Lessons from Six Months at Yahoo,” where he stated the project has been a top priority for the Internet corporation throughout his tenure.
To assist with the implementation of the new feature, Yahoo! has hired a group of privacy engineers, including Yan Zhu, former engineer at the Electronic Frontier Foundation, where Zhu’s efforts focused on HTTPS Everywhere and Privacy Badger add-ons. Zhu is also recognized for the discovery of a WordPress vulnerability in its login cookies.
Although the end-to-end encryption option offers highly increased protection for users, it is still possible that users unfamiliar with the service will opt-out. Stamos recognized users will need to be educated on what the service aims to do and what it does not, such as hiding the destination of emails.
Google showed off a PGP-based encryption plugin for Gmail back in June. The Purple-hued company will offer encryption via a modified version of the same End-to-End browser plug-in that Google uses for PGP in Gmail, Alex Stamos told the audience at his talk titled Building Safe Systems at Scale - Lessons from Six Months at Yahoo.
The PGP plugin will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email. Infact, the email providers themselves won’t be able to decrypt messages exchanged between its users. Only senders and recipients will be able to read the messages.
In short, it means that Yahoo email users can reportedly send safe and secure messages between Yahoo users and also Gmail adherents without fear, which makes almost impossible for cyber criminals and well-resourced spying by the US government and its Five Eyes allies to read their private messages.
Stamos (@alexstamos) said that this project has been a priority since he joined one of the world's largest web providers, Yahoo six months ago. He stressed that Yahoo email encryption will be easy to use, with little or no efforts.
The announcement was tweeted by Yan Zhu, who has reportedly been hired to assist in the project. Yan Zhu formerly worked as an engineer at the Electronic Frontier Foundation (EFF), a non-profit organization that has consistently been outspoken in its call for the widespread use of encryption across the Web and the Internet, and he is apparently no friend of the NSA.
But as said earlier, use of encryption will require some amount of education for users also, to make sure their privacy expectations are set appropriately. In an interview with the Wall Street Journal, Stamos explained that PGP encryption won’t cloak the destination of your e-mail.
"We have to make it clear to people it is not [a] secret you’re emailing your priest, but the content of what you’re e-mailing him is secret," Stamos said.
The move to encrypted mail will bring Yahoo! in the list of the most secure technology companies in mail services among web giants, Google and Microsoft that protect their customers in the post-Snowden era of security.
"How do you get children to eat their spinach?" asked Christopher Soghoian, a security and privacy researcher at the American Civil Liberties Union. "PGP is even less tasty than spinach."
In an interview at the Black Hat security conference here, Yahoo's chief information security officer, Alex Stamos, acknowledged challenges in bringing such a tool to the general public.
Yahoo also has to explain to users how PGP works and that it isn't a panacea for privacy concerns. For instance, it only encrypts the content of messages—not the data on who sends and receives the messages or the subject line.
The companies could find themselves in legal disputes. Lavabit, Mr. Snowden's old email provider, shuttered itself last year after a court ordered it to hand over its encryption keys. If Google and Yahoo are successful, they will be able to argue that they don't have the keys for their encryption service.
"It's not clear the Lavabit example actually scales up," Mr. Stamos said. "That's very different from a publicly traded multibillion-dollar company with an army of lawyers who would love to take this argument all the way to the Supreme Court."
Making End-To-End Encryption Easier To Use
Your security online has always been a top priority for us, and we’re constantly working to make sure your data is safe. For example, Gmail supported HTTPS when it first launched and now always uses an encrypted connection when you check or send email in your browser. We warn people in Gmail and Chrome when we have reason to believe they’re being targeted by bad actors. We also alert you to malware and phishing when we find it.
Today, we’re adding to that list the alpha version of a new tool. It’s called End-to-End and it’s a Chrome extension intended for users who need additional security beyond what we already provide.
“End-to-end” encryption means data leaving your browser will be encrypted until the message’s intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.
While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools.
However, you won’t find the End-to-End extension in the Chrome Web Store quite yet; we’re just sharing the code today so that the community can test and evaluate it, helping us make sure that it’s as secure as it needs to be before people start relying on it. (And we mean it: our Vulnerability Reward Program offers financial awards for finding security bugs in Google code, including End-to-End.)
Once we feel that the extension is ready for primetime, we’ll make it available in the Chrome Web Store, and anyone will be able to use it to send and receive end-to-end encrypted emails through their existing web-based email provider.
We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection. But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.
You can find more technical details describing how we've architected and implemented End-to-End here.
More Options For Sending Encrypted Messages
As people grow more aware of government and criminal surveillance of their mobile devices and computers, a flurry of companies have recently launched products they say provide fully private communication. The encryption products allow people to text, call, email or browse the Internet without having to worry about a third party intercepting their communication – or so the companies promise.
But will these technologies ever take off in a mass consumer market? Neil Robinson, a Brussels-based cyber-security expert at RAND Europe believes there is a paradox between the worries people express in opinion polls about surveillance and the actual products they buy. “If asked whether they think privacy is very important, [consumers] will likely answer very positively, but still share lots of personal information quite freely on social networking sites or in exchange to get a discount or money off voucher.”
While the market for the products may still be developing, a range of products are hitting the market.
While many of these products – hardware such as secure phones and software like encrypted email and messaging apps – have been around for some time, they have been traditionally used by early adopters: security-conscious professionals, military and law enforcement, financial services, and gadget geeks.
Earlier this year, a group of CERN and MIT scientists launched an email service called ProtonMail which looks like any other commercial email service – its appeal is that the complex encryption is invisible to the user — but lets users send each other encrypted messages before they even reach ProtonMail’s server. On top of the encryption, each user is given two passwords, with ProtonMail only having access to one.
According to Andy Yen, one of the co-founders of the Geneva-based ProtonMail, the company doesn’t monetize any data from its users, and doesn’t hold the users’ encryption keys. ProtonMail hosts its servers in Switzerland outside US and EU jurisdiction, so all user data is protected by strict Swiss privacy laws.
“People don’t want to give up their data so freely,” says Mr. Yen, who started the email service on crowdfunding site Indiegogo, where it raised nearly six times more than its original goal of $100,000 in just over a month. “Privacy in many ways is much more valuable.”
Applications like ProtonMail are still in their early stages and it is unclear whether they will capture a mainstream audience. Mr. Yen said there are already 250,000 people using ProtonMail, and believes his company would reach a million users at the end of the year. ProtonMail is developing a mobile app, and hopes to break into the mass market with encrypted chat and file storage.
Google and Yahoo said they would start encrypting their email services by next year. If they’re successful, it would mark a big step in bringing encrypted messaging — long the province of privacy hawks and conspiracy theorists — to a consumer-friendly service. And Google will also give higher page rankings on its search results to sites that use secure encryption. BitTorrent Inc., San Francisco –based maker of peer-to-peer products, has recently introduced Bleep, a chat application that lets users connect directly (via text or voice) without going through centralized servers. It is still at a pre-alpha stage, meaning the company is inviting a selected few users to try it out and help them find bugs. “Our aim is to create an app that appeals to both the mainstream and tech savvy consumer who should just be able to speak freely and not have to worry about eavesdroppers or data leaks,” says Christian Averill, a BitTorrent spokesman.
Other recent launches include Blackphone, an Android smartphone that promises users encrypted calls, texts, emails and internet browsing. The Blackphone started shipping in early July for an affordable $629. There is also a new app on the Apple App Store called Signal, which encrypts calls by using an existing phone number without the need of another identifier. It is free to download. Encrypted chat app Target is also gaining traction. A handful of encrypted chat apps are also gaining traction on Google’s Chrome app store, and Apple’s app store has dozens of encrypted messaging apps, many sprouting up in 2014 alone.
A Forrester’s analysis on social data collected between June 2012 and June 2014 found that the volume of conversation on privacy reached its highest peak in June 2013 and January 2014. “Niche privacy technologies will find a home among the tech and privacy savvy, and this has always been the case,” says Heidi Shey, an analyst with Forrester Research in Boston. “However, the new technologies will have widespread use only if they have mass consumer appeal and provide additional benefits –like convenience and productivity- beyond privacy capabilities.”
RAND’s Mr. Robinson, who is working on a project called Public Perception of Security and Privacy to assess people’s perceptions of the privacy implications of security technology, added, “Just because people respond in an opinion poll that they feel strongly about concerns over surveillance doesn’t mean to say that this would be backed up in any choices they make (especially when it comes to spending money).”
Email's Inventor Says Future Systems Will Have Artificial Intelligence to Help You Manage the Flood
"When I tell people I invented email, the first thing they say is, 'I want to kill you.' Email is here to stay—it's time we got better at using it. Email originated from the interoffice paper mail system (Inbox, Outbox, etc.) used in every office across the world. In the good old days, the secretary did all the hard work and the boss did two things: dictating and editing. But email has made secretaries of us all; we spend up to 38% of our day managing email. The future email systems will have integrated artificial intelligence that will know you as well as the secretary of 1978 once did, and you will be able to dictate to it. It will automatically sort your inbox, file and archive, prioritize, and even come up with reasonable responses, which you simply review, edit and send. So you can go back to the future: Be the boss, and your mail system will be the secretary."
Monty Henry, Owner
* American Companies Keep Stockpiles of 'Foreign' Cash in U.S. Defying I.R.S. Tax Laws
* How To Prevent The Theft of Intellectual Property
* How Do I Know If I’ve Been Bugged?
* Operating The Brain By Remote Control
What is BitCoin and How Does It Work?
* The Creature From Jekyll Island: This Blog And Video Playlist Explains Why The U.S. Financial System is Corrupt and How It Came To Be That Way
* Number of Americans Renouncing Citizenship Surges To Escape Oppressive Tax Rules
* Dropping Off The Grid: A Growing Movement In America: Part I
* Online Privacy Tools and Tips
Next-Generation Bug / Microwave / ELF / Spy Phone / GSM And Camera Detectors (Buy, Rent, Layaway) tinyurl.com/2eo8mlz Open...
— Spy Store Rentals (@MontyHenry1)
Nanny IP (Internet) Cameras, GPS Trackers, Bug Detectors and Listening Devices, etc, (Buy / Rent / Layaway): tinyurl.com/396jlw6...
— Spy Store Rentals (@MontyHenry1)
• Video is Recorded Locally To An Installed SD Card (2GB SD Card included)
• Email Notifications (Motion Alerts, Camera Failure, IP Address Change, SD Card Full)
• Live Monitoring, Recording And Event Playback Via Internet
• Back-up SD Storage Up To 32GB (SD Not Included)
• Digital Wireless Transmission (No Camera Interference)
• View LIVE On Your SmartPhone!
* Nanny Cameras w/ Remote View
* Wireless IP Receiver
* Remote Control
* A/C Adaptor
* 2GB SD Card
* USB Receiver
FACT SHEET: HIDDEN NANNY-SPY (VIEW VIA THE INTERNET) CAMERAS
* Transmission Range of 500 ft Line Of Sight
* Uses 53 Channels Resulting In No Interference
* 12V Power Consumption
* RCA Output
* Supports up to 32gig SD
* 640x480 / 320x240 up to 30fps
* Image Sensor: 1/4" Micron Sensor
* Resolution: 720x480 Pixels
* S/N Ratio: 45 db
* Sensitivity: 11.5V/lux-s @ 550nm
* Video System: NTSC
* White Balance: Auto Tracking
* You Buy Our DVR Boards And We'll Build Your Products! (Optional)
Our New Layaway Plan Adds Convenience For Online Shoppers
Phone: (1888) 344-3742 Toll Free USA
Local: (818) 344-3742
Fax (775) 249-9320
Google+ and Gmail
AOL Instant Messenger
Yahoo Instant Messenger
Alternate Email Address
Join my Yahoo Group!
My RSS Feed