Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Yahoo To Add PGP Encryption For Email

Unknown Lamer posted about 2 months ago | from the gpg-for-grandma dept.

Yahoo! 175

Bismillah (993337) writes Yahoo is working on an easy to use PGP interface for webmail, the company's chief information security officer Alex Stamos said at Black Hat 2014. This could lead to some interesting standoffs with governments and law enforcement wanting to read people's messages. From the article: "'We are working to design a key server architecture that allows for automatic discovery of public keys within Yahoo.com and other participating mail providers and to integrate encryption into the normal mail flow,' Stamos said."

Sorry! There are no comments related to the filter you selected.

It's a TRAP! (-1)

Anonymous Coward | about 2 months ago | (#47629293)

Because the NSA and Yahoo! are like thiz!

Re:It's a TRAP! (3, Insightful)

Anonymous Coward | about 2 months ago | (#47629463)

Any proposal in which users hand over their private keys to a third party (such as a webmail provider) should be assumed to be done with the blessing of, or at the request of, law enforcement or intelligence agencies.

The third party (Yahoo) cannot prevent lawful intercept requests, subpoenas, etc from exposing any data they house as that data has been ruled to be not the property of the individual who supplied it.

A provider wanting to actually improve end-user security must intentionally attenuate any power they might have which grants anyone -- including themselves -- the ability to weaken the controls surrounding user data.

Re:It's a TRAP! (2)

jep77 (1357465) | about 2 months ago | (#47629631)

Any proposal in which users hand over their private keys to a third party (such as a webmail provider) should be assumed to be done with the blessing of, or at the request of, law enforcement or intelligence agencies

Where did it say in there that users would hand over private keys to a third party?

Re:It's a TRAP! (4, Insightful)

petermgreen (876956) | about 2 months ago | (#47629925)

It didn't but yahoo is a webmail provider and webmail kinda implies that the provider will either be storing the key or at the very least be able to access it by tweaking some javascript a litte.

The reason PGP is difficult for the plebs is that secure encryption requires you to take responsibility for your own key management and ensure to the best of your ability that the key does not leave devices you control (if you are really paranoid you don't even put it on an internet connected machine). If you leave key management up to a third party then your whole security becomes dependent on them.

Re:It's a TRAP! (2)

Steve B (42864) | about 2 months ago | (#47630105)

webmail kinda implies that the provider will either be storing the key or at the very least be able to access it

Obviously they need access to the PUBLIC keys in order to encrypt messages to the designated recipient. The whole point of public-key cryptography is that revealing the public key doesn't compromise security.

Re:It's a TRAP! (1)

SpzToid (869795) | about 2 months ago | (#47630247)

Did you not understand the part about the plebs taking responsibility, or not, for their own keys (private and public), in the post that you replied to? The plebs can barely understand how to manage their own passwords, let alone the legal ramifications of what it means to be a Safe Harbor.

Re:It's a TRAP! (2)

petermgreen (876956) | about 2 months ago | (#47630299)

The problem is not so much sending encrypted mail. The problem is sending signed mail or receiving encrypted mail. In those cases you need to provide your private key to the mail software.

If the mail software is running on a third party server then that means handing your private key over to them. If the mail software is javascript in a browser then the javascript could be written to keep the private key in the browser but there is a significant risk of the javascript being quietly substituted.

Re:It's a TRAP! (1)

SpzToid (869795) | about 2 months ago | (#47630121)

Bingo. You've just busted the cloud-marketing machine that is Yahoo!

Re:It's a TRAP! (1)

SpzToid (869795) | about 2 months ago | (#47630209)

...I should also add, watch Yahoo claim to be what Lavabit once was.

Re:It's a TRAP! (4, Insightful)

Sloppy (14984) | about 2 months ago | (#47629961)

Where did it say in there that users would hand over private keys to a third party?

It's implied by the fact that it's webmail. Does your browser have an OpenPGP library? Does it check all the Javascript that it downloads and executes, against some repository's whitelist? You have to assume the key isn't handled safely, unless you can answer Yes to these questions. And a lot of webmail users expect the server to be able to search and that's obviously impossible unless the server can read, so it's not like the unsafeness stems just from potential trickery.

That said, the more interesting question is what social effect this might have. Even "bad" use of OpenPGP could start conditioning more people to being familiar with, tolerating, expecting PGP. Get into a better frame of mind, and better habits can come later. And with good habits, some security could eventually emerge. The security wouldn't be there for Yahoo webmail users, and yet some users might end up having Yahoo webmail to thank for it.

And let's face it, the barriers to secure communication are almost entirely social; we choose to have insecure communications. Anyone who is working on that problem is working on The Problem.

Re: It's a TRAP! (2)

IMightB (533307) | about 2 months ago | (#47629663)

I dunno I worked for a large scale email company for almost a decade... They basically persused every possible encryption method possible except for pgp. Mainly for business reasons.. For instance if an employee ever left the company, the private key basically went with them so if emails were encrypted. All of it would be effectively lost to the city company.

This lead to developments efforts to hat would basically give lip service to encryption but little real security...

While a lot depends on what implementation details they come up with, yahoo seriously perusing PGP is probably a good thing.

Re: It's a TRAP! (1)

mlts (1038732) | about 2 months ago | (#47629753)

The ironic thing is that the commercial version of PGP by Symantec has the ability to use/force use of an ADK, or additional decryption key. This isn't key escrow (where someone else has your private keys), but messages are encrypted to a recovery key so that even if a user loses their key, data is still recoverable.

Re: It's a TRAP! (1)

2fuf (993808) | about 2 months ago | (#47629787)

> so that even if a user keeps quiet after waterboarding, data is still recoverable

FTFY

Re: It's a TRAP! (1)

gstoddart (321705) | about 2 months ago | (#47629847)

The ironic thing is that the commercial version of PGP by Symantec has the ability to use/force use of an ADK, or additional decryption key.

And, under no circumstances should anybody believe they have any security with this.

You know what ADK is? A back door. So, either they're encrypting it twice (once with your key, once with the other), or they've poked holes in the encryption and it is complete garbage.

This is useful for casual prying eyes, but it assumes you have 100% explicit trust in the agent who has the ADK -- and, given that this is Yahoo and the PATRIOT Act and National Security Letters still exist, you can't.

Because all that really happens is there is a central authority who can decrypt anything anytime they wish. Which, is pretty much what you have now.

So, no way I'll send you anything using this encryption besides my tomato sauce recipe.

Re: It's a TRAP! (2)

petermgreen (876956) | about 2 months ago | (#47629963)

You know what ADK is? A back door. So, either they're encrypting it twice (once with your key, once with the other), or they've poked holes in the encryption and it is complete garbage.

The usual way to do multi-recpiant encryptions is you encyrpt the message with a freshly generated symmetric session key. Then you encrypt the sesssion key multiple times with the recipiants public keys.

but it assumes you have 100% explicit trust in the agent who has the ADK

Indeed it does, in security there is always a balance between keeping prying eyes out and keeping records available to those with legitimate reason to access them.

Re: It's a TRAP! (1)

Sloppy (14984) | about 2 months ago | (#47630069)

What a silly feature. Just put "Cc: BackupDood" at the top of your email, and you get the same thing.

Re: It's a TRAP! (1)

Greyfox (87712) | about 2 months ago | (#47629767)

Oh that's an easy problem to solve -- you just require the user to store their key in a keystore that makes sure you could get at it if you ever want to decrypt their E-Mail. The vast majority of the users would never realize that completely eliminates the security they were looking for when they decided to use encryption in the first place. If you really need an excuse (which you don't,) you could make a nice shiny feature like the ability to decrypt your mail from any machine on the internet.

Republicans Hate College Education - and Obama (-1)

Anonymous Coward | about 2 months ago | (#47629297)

http://freebeacon.com/blog/do-nothing-millionaire-laments-that-millionaires-do-nothing/

"The University of California-Berkeley pays former Clinton Labor Secretary Robert Reich $240,000 a year to teach one class about the scourge of income inequality and attend Occupy Wall Street rallies. (He also makes up to $100,000 per speech.)

Reich, a millionaire, is very concerned about rich people who, unlike him, don't really deserve their fortunes. "What someone is paid has little or no relationship to what their work is worth to society," he wrote in a recent blog post, without any apparent irony.
Wonder what Reich thinks about Paul Krugman, who draws a $225,000 annual salary from the (publicly funded) City University of New York, and doesn't even have to teach a single class?"

---------

How about that you stinking leftist cowards! Bashing the rich night and day! Tax the rich, steal their money and give it to the poor oops I meant give it to the state where it will end up as birbes to the ruling class and to the pockets of the elite in congress and the crony corrptpocrats everywhere.

Reich makes 1/4 million a year teaching his socialists gobbldegook to the skulls full of mush, and goes on to advocate taxing the hateful rich people into the poor house. No one should be rich, ever, anywhere. Except for the *right* people of course, cause money is fun you know.

I hate you fucking socialists more and more every day. Fuck you all.

Democrats hate poor people - and black people (-1)

Anonymous Coward | about 2 months ago | (#47630021)

Democrats are trying to make people poor so they can control and starve them.

They want to sterilize black people through abortions and surgeries so that the Hispanics can replace the blacks

Great (1)

just_another_sean (919159) | about 2 months ago | (#47629317)

If they can lead the way on this it shouldn't be long before others follow - gmail, live, etc. Does Yahoo still have a large enough user base to really make others take notice and react if they pull this off?

Re:Great (1)

AvitarX (172628) | about 2 months ago | (#47629337)

It'll be interesting if cloud e-mail makes things more private in the end.

I'm curious how this could decrease revenue though, because automated scanning is is where the adds come from, and your key would only be as long as effective as a pass-phrase (I assume cloud stored password protected key, with local javascript to unlock the key, and something stored on the local computer to cache the key so the pass-phrase doesn't need to be used constant).

Re:Great (1)

fuzzyfuzzyfungus (1223518) | about 2 months ago | (#47629399)

Hopefully they'll manage to make "Keysocial! The social network for crypto keys!" a less insecure proposal than it sounds on first glance. I'm not optimistic; but it would be nice.

Re:Great (3, Insightful)

hawguy (1600213) | about 2 months ago | (#47629705)

I'm curious how this could decrease revenue though, because automated scanning is is where the adds come from, and your key would only be as long as effective as a pass-phrase (I assume cloud stored password protected key, with local javascript to unlock the key, and something stored on the local computer to cache the key so the pass-phrase doesn't need to be used constant).

The problem with a cloud stored key that's unlocked by JavaScript with a passphrase is that when the government wants your passphrase they'll either tell Yahoo to silently replace your JavaScript module with one that does keylogging of your passphrase, or they'll take over Yahoo's SSL certificate and inject keylogging JavaScript of their own.

Re:Great (2)

mlts (1038732) | about 2 months ago | (#47629813)

I'm reminded of one encrypted E-mail provider in this regard. They did nothing wrong, but were given the choice between having people face jail time or hand over data (because if one views E-mail on the server rather than a Java client, the server has the ability to decrypt it.)

I still use them, but I have concerns about tying the endpoint encryption/decryption to the mail provider. As stated above, it wouldn't take much to force Yahoo to push an update to the one "user of interest" that would either retain the decrypted E-mail or upload the key.

What Yahoo -can- do is make key exchange and key management easier, with keyserver functionality. That way, Alice can sign Bob's key for Charlie, upload it to Yahoo's keyserver, then Charlie will have a good chance that the key purported to be Bob's is actually the right one. Making a web of trust easier for people is something that is desperately needed.

We need a Thunderbird interface to it too (0)

Anonymous Coward | about 2 months ago | (#47630029)

We need a Thunderbird interface too, a webmail inteface isn't enough this encryption should be ubiquitous and on authomatically exchange keys and turn on by default.

Re:Great (1)

gstoddart (321705) | about 2 months ago | (#47629775)

The problem becomes is the very first time you decrypt something, Yahoo essentially will have your public key.

Unless the decryption is done entirely inside of a trusted agent, there are huge gaps in this.

Storing your unlocked private key in your browser cache?? Really? You're gonna trust your browser with that?

This sounds like a nod to encryption, but unless they do a tremendous job of building in a hell of a secure layer that is 100% rock solid and can't be bypassed, it will have holes in it you could drive a truck through.

So, do you think you will ever trust a cloud e-mail provider with your public key for even a millisecond? Because, really, at that point, they have your public key and can keep it (and hand it over to law enforcement).

I just don't see a web browser being anywhere near capable of providing the end to end security needed for this.

Key management is hard, and if your web mail tries to make it easier for you, it will make the system inherently less secure. And those will be the parts people will spend the most time attacking -- I don't need to defeat encryption if I can figure out how to obtain your private key.

Re:Great (2)

Bender0x7D1 (536254) | about 2 months ago | (#47629939)

It absolutely does not matter who has your PUBLIC key. The entire point is for the entire world to have it. Now, the PRIVATE key - that you need to keep to yourself, and as secure as possible.

Note: I say "as secure as possible" because, at some point you are trusting an underlying layer to be doing their job correctly - be it browser, email client, PGP application, OS, or that rootkit that got installed.

Re:Great (1)

gstoddart (321705) | about 2 months ago | (#47629949)

Sorry, yes, obviously I should have typed private key -- the public key is completely public.

But if there is ever an instant where Yahoo has your private key, you're screwed, which is what I was saying ... or at least, had intended to say.

Re:Great (1)

Anonymous Coward | about 2 months ago | (#47629799)

I'm curious how this could decrease revenue though, because automated scanning is is where the adds come from

According the summary its webmail. I don't see anything that prevents them from scanning the mail before encryption, or hand over a copy to NSA if they are asked to.
The only difference this adds is that some untrusted middle-point can't snoop your mails so NSA can't just grab them mid-transition without asking Yahoo first.
I don't see any scenario where anyone working at Yahoo would stand up against NSA and say no when handed an official looking document that claims that they will be personally dragged to a secret court if they don't comply.

Re:Great (4, Insightful)

KermodeBear (738243) | about 2 months ago | (#47629551)

This kind of functionality would be enough for me to switch mail providers.

Yes, yes, it can always be done manually, but I have a lot of friends that aren't as tech savvy as I am. Generating a key, keeping the private one somewhere safe, copying text from the PGP application, pasting it correctly, copying incoming text, pasting, decrypting, etc., etc., it's all a pain in the butt for the typical computer user.

If Yahoo can manage to implement this correctly so that it is safe AND easy to use that's a big deal.

Re:Great (1)

anagama (611277) | about 2 months ago | (#47630057)

Is there a reason you don't let your email client and a GPG plugin handled the encryption/decryption?

Re:Great (1)

CastrTroy (595695) | about 2 months ago | (#47630277)

The problem is that just switching yourself doesn't solve anything. You have to convince all your friends to switch so that they can send and receive encrypted messages too. That might actually be their plan. Get the techies to go for it, and they'll tell all their friends to go for it. It may possibly work but most people don't use email for anything confidential. Nobody cares if somebody else is reading the marketing emails or plans with family that are being sent to them. Plus, as pointed out by others, using webmail means that there could always be chance that the webmail provider is secretly keeping a copy of your private key, allowing them and the NSA to read your mail anyway.

Re:Great (0)

Anonymous Coward | about 2 months ago | (#47629579)

Yes, I think they do.

Even more importantly, a service such as this one would attract new users (such as myself) to Yahoo mail.

Marissa (1)

zoomshorts (137587) | about 2 months ago | (#47630103)

Dear Marissa Mayer,
                        You apparently do not understand the Internet very well. Simply because you got employed by Google early on, does not mean ANYTHING. You have no clue. It is apparent that you never visit Yahoo
from a non-company computer.

Your programmers are idiots, and by extension, you are an idiot. Quality control never seems to enter your mind.

You people post articles from other new sources, and we do not get to comment without registering with the secondary site. That is bullshit.
If you publish something on your site, we should be able to fully add our comments to the article.

Articles that lead to videos are aggravating. Anyone who has been on the internet for 15 minutes, knows this. I prefer to read, rather than watch crappy videos, with loud intro music and retarded 'personalities".

The choices portion of the programming is a JOKE. I never want to see ANYTHING related to the following :
Sports
Celebrities
Recreation et al. Yet when I choose to not watch these catagories, your programmers still display these types of crappy articles to me. Ergo,
your programmers suck.

I realize that you are trying to "Monitize" this stuff, but you are pissing off many of us long time users of Yahoo. You are a PORTAL and nothing more.
You are NOT a news source. Hell, even Google does a better job of sending me things that are relevant to me. Yahoo is failing and by extension, you are failing.

Metadata (1)

Anonymous Coward | about 2 months ago | (#47629323)

If the government agencies are only collecting metadata like they say they are it should not be a problem that the contents of messages themselves are encrypted.
Or maybe they are not just collecting metadata?? Who would have guessed.

Re:Metadata (4, Informative)

Scutter (18425) | about 2 months ago | (#47629367)

"Metadata" is a media buzzword designed to make you feel good about having your data monitored. They're still monitoring your conversations. Stop buying into their talking points. The headers of your e-mail are as much your data as the body of the e-mail.

Re:Metadata (1)

Anonymous Coward | about 2 months ago | (#47629405)

I am not buying into their talking points. An email address is just that an address. Without an address the mail does not know where it should end up. It is metadata just like an address on the outside of an envelope is metadata. It needs to be publicly readable or else it will not reach its destination.

I expect the address to be read publicly.

Re:Metadata (2)

just_another_sean (919159) | about 2 months ago | (#47629465)

It's not the postman reading it though is it? There is a difference between an employee of the post office reading an address to route mail properly vs. gathering all address, storing them and creating programs to discover all connections and relationships between addressees.

It's not that they read the meta data that's the problem, it's what they do with it.

Re:Metadata (1)

Anonymous Coward | about 2 months ago | (#47629501)

Most snail mail is read and sorted by machines before it gets to the postman.
There is ample opportunity to collect metadata electronically with snail mail.

Re:Metadata (1)

Anonymous Coward | about 2 months ago | (#47629581)

It's not the postman reading it though is it?

Nope it's the sorting and routing machines at the USPS that are reading and storing it. And if you think the NSA, et. all are not using the "metadata" from the USPS you're a moron.

Re: Metadata (1)

macs4all (973270) | about 2 months ago | (#47629959)

It's not the postman reading it though is it? There is a difference between an employee of the post office reading an address to route mail properly vs. gathering all address, storing them and creating programs to discover all connections and relationships between addressees. It's not that they read the meta data that's the problem, it's what they do with it.

What scares me is that, in the US at least, every single piece of first-class mail is now individually SERIAL-Numbered, obviously so it can be tracked and databased.

The proof lies in the new (and actually quite clever) barcode (too lazy to look up the name) that replaced POSTNET (that barcode at the bottom of envelopes) about a year ago. The new barcode is actually coded to sync, mailpiece-by-mailpiece with an Excel spreadsheet that "bulk" mailers now HAVE to submit BEFORE they mail, and each and every mailpiece is individually serial-numbered, and receives a UNKQUE barcode, just like Registered or Certified mail.

I discovered this when I was writing a function to place POSTNET barcode on a shipping label, and found that the code had JUST been deprecated.

Then, I found out how far down into the "insignificant mailings" that went when I received two identical late-pay notices from a local utility. Both were mailed from the same "mailer"address, undoubtedly under the same "bulk-rate-presort contract no.", to the same name and address, and on the same date. In other words, data which would have generated identical POSTNET bar codes; but in this case, the barcodes on these plain-old ordinary first-class mailings was DIFFERENT. Since I already knew that the new code allowed for "serializing", and knew about the Excel "manifest" requirement, I came to the inescapable conclusion that the Gummint was actually tracking and likely databasing even such uninteresting and prosaic mailings as utility bills. This is ridiculous.

However, I personally believe that what that REALLY means is that the mailpieces that DON'T correlate to a record in a Manifest are actually tracked MORE closely.

So, this means that your most PERSONAL of snailmail (if indeed anyone sends actual snailmail "letters" these days) is likely being tracked with increased scuitiny than other snailmail.

Re: Metadata (1)

just_another_sean (919159) | about 2 months ago | (#47630273)

Yeah, that's some scary stuff and given your findings I guess it blows my analogy out of the water. I still say whether it's snail or email the fact is we need routing data to be readable but that doesn't mean it should be collected and collated for any other purpose.

Re:Metadata (0)

Anonymous Coward | about 2 months ago | (#47629585)

Yes, there does need to be an address to send the mail, and it does need to be 'public' as in the deliverers need to be able to read it.

What doesn't have to be public is everything else: body text, subject line, sent time, return address, etc.

A secure email implementation should be able to hide all those other things so that the only thing track-able is who is getting how much mail, which I can't come up with any way to hide.

Re:Metadata (0)

Anonymous Coward | about 2 months ago | (#47629437)

Your e-mail metadata headers every bit as private as the address and the return address you write on a letter you send via the USPS.

Re:Metadata (0)

Anonymous Coward | about 2 months ago | (#47629475)

Your e-mail metadata headers every bit as private as the address and the return address you write on a letter you send via the USPS.

Absolute bullshit. I never once gave the government permission to collect my *data* (everything is data, even "metadata"). The government shouldn't even be collecting metadata from letters. Just because I send things over some company's servers doesn't mean I give the government permission to conduct surveillance on my communications.

Furthermore, that makes absolutely *zero* sense anyway. How is the actual content any more private? They could just as easily scoop that up while they're collecting the "metadata." Like it or not, emails are rather different from normal letters.

Re:Metadata (1)

Anonymous Coward | about 2 months ago | (#47629589)

I was asked to write a script to collect email metadata passing through an ISP I worked at for sending to government servers. The metadata is collected in a XML format as directed by the governments specification I recieved in PDF. It was just metadata, not message content. I sent them everything including spam. There is much noise in the signal they receive.

Re: Metadata (1)

macs4all (973270) | about 2 months ago | (#47630037)

Anonymous Coward an hour ago I was asked to write a script to collect email metadata passing through an ISP I worked at for sending to government servers. The metadata is collected in a XML format as directed by the governments specification I recieved in PDF. It was just metadata, not message content. I sent them everything including spam. There is much noise in the signal they receive.

Good for you for reducing the signal-to-noise ratio! Hopefully, your equivalents at other ISPs are as careful as you were in following the "all email" requirements to the letter... ;-)

Re:Metadata (-1, Flamebait)

Anonymous Coward | about 2 months ago | (#47629621)

Absolute bullshit.

In what way? Email headers are public information just like the addresses you write on a letter.

I never once gave the government permission to collect my *data* (everything is data, even "metadata").

Then stop broadcasting things publicly if you don't want others to see and collect it. Oh and if you use a third party to handle your email you likely did agree to such a thing somewhere in the ToS.

The government shouldn't even be collecting metadata from letters.

Because you say so?

Just because I send things over some company's servers doesn't mean I give the government permission to conduct surveillance on my communications.

Your email goes over much more than "some company's servers" and they are perfectly allowed to give public information to the government.

Like it or not, emails are rather different from normal letters.

What a great assertion. Now care to back this up with actual reasoning? Preferable something with a basis in established statutory/case law?

Re:Metadata (0)

Anonymous Coward | about 2 months ago | (#47629519)

If you think that USPS "metadata" hasn't been monitored for decades, think again.

Re:Metadata (1)

fuzzyfuzzyfungus (1223518) | about 2 months ago | (#47629791)

As with any good bullshit "metadata" is not quite technically a lie; but is almost entirely misleading in use.

The headers arevery arguably 'metadata' with respect to the body; but 'metadata' are data too; and tend to be data that are also quite powerful for drawing inferences about you even in absence of the body data.

That aside, I think the grandparent point was that, if Team Fed is actually only interested in 'metadata' and definitely not lying about the scope of their extralegal spying, they should be untroubled by wide-scale encryption of email bodies. In the (likely) event that they are lying, the encrypted bodies will displease them and they'll either have to step up covert activity elsewhere(maybe hit Yahoo's key-handling mechanisms, maybe keyloggers or browser attacks that grab the email before it is encrypted, mabybe all of the above) or come up with some flavor of 'compliance' request that gets Yahoo to give them what they want.

This is unlike the current system, where it is easy to suspect that they are gathering even more than they claim; but trickier to prove without the sort of experiments that will prevent you from boarding an aircraft without a bag over your head and a CIA torture squad for company ever again.

Re:Metadata (0)

Anonymous Coward | about 2 months ago | (#47629823)

Any government agency that just wants our metadata has nothing to fear.

And Google Cannot Follow (1)

MyLongNickName (822545) | about 2 months ago | (#47629357)

Can you imagine Google doing this? It would ruin their business model entirely as they could not use keyword based ads.

And Google Cannot Follow (2, Informative)

Anonymous Coward | about 2 months ago | (#47629407)

google is doing this (http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html)

Re:And Google Cannot Follow (2)

2fuf (993808) | about 2 months ago | (#47629687)

Well, they would of course have access to the content before it's encrypted. I don't trust someone else to perform the encryption for me, even on the client side, after everything that happened. But then, even your own OS, all the software that's on your machine, there are sooo many parties involved with so many affiliations, objectives, incentives. If it's not NSA that's peeking through your SSL connection, then it's probably China that bought off your antivirus manufacturer or a Russian hacker who injected something vile in an open source library that covers 90% of the internet connected world or someone we haven't even heard of who hardwired all keyboards straight from in the manufacturing plant to phone home your input. Hell, they could even be peeking through the window.

If they want to read it, they will. If you desperately want to avoid it, don't use Yahoo of GMail in the first place, not even with "encryption". I'm cynical enough to think this will not prevent them from reading your content, Yahoo will have a similar gain by accessing your content (why would they start the service in the first place) and they don't seem to mind.

Re:And Google Cannot Follow (2)

mlts (1038732) | about 2 months ago | (#47629867)

There are always ways to ensure data is encrypted and stays encrypted. The simplest is to have an offline computer with a SD card slot, and read/sign sensitive stuff on that machine. Of course, this isn't 100%, but it forces someone to have "boots on the ground" in order to obtain data.

One can get fancy with an offline setup (only boots from a "trusted" USB flash drive only on a keychain, then requires a long passphrase to mount /home, etc), but the idea is to have an air gap, which will block 99.999% of the attacks out there and force an adversary to have to have a physical presence.

Even if one doesn't do that, just having using S/MIME is a big step up from what we have now.

Re:And Google Cannot Follow (1)

Jahta (1141213) | about 2 months ago | (#47629755)

Can you imagine Google doing this? It would ruin their business model entirely as they could not use keyword based ads.

You don't have to imagine. They are already working on it. [dailydot.com]

Oh, god (1)

roman_mir (125474) | about 2 months ago | (#47629361)

Whenever I hear that Yahoo is working on yet another great idea for their email, I cannot help but cringe at yet another incoming disaster to hit that half dead, half alive, halfassed half service. It is one of those situations where every next release is worsd than the one before. Things become less usable every time they touch something. It is a pitty too, could be an actual Google competitor, but no, not with that rotten carcas of a management and development team. Why not just acquire a porn service and milm that on a side? I mean cannot go wrong with another social media type 1000000000 dollar purchase. Oh maybe it will be better this time? Haaaa!

Re:Oh, god (4, Informative)

sideslash (1865434) | about 2 months ago | (#47629383)

Yahoo mail improved dramatically after Marissa Mayer became CEO. It seems to me that they are actually trying to be more like Gmail, and it shows in a positive way. They still fall short, but as a longtime Yahoo mail user I'll take what I can get. At least their recent improvements are much better than your characterization, for sure.

Re:Oh, god (2)

roman_mir (125474) | about 2 months ago | (#47629421)

I disagree, didn't improve for me, ofcourse I run older Ubuntu and FF 16. The only saving grace is their smtp server and lets hope PGP is for that only or at least has the disable option. If they add it as a js file to online mail, I cant even imagine the horror show that will ensue.

Re:Oh, god (1)

sideslash (1865434) | about 2 months ago | (#47629483)

Ah, I see. Poor linux support is a shame, but it doesn't surprise me.

Re:Oh, god (1)

Magnus Pym (237274) | about 2 months ago | (#47629649)

I disagree. Since Melissa took over, I've lost months worth of mail multiple times on two yahoo accounts that I have. (Not saying that this is Melissa's fault). Tech support responded with a shrug. I've been slowly moving my mail off Yahoo.

Re:Oh, god (1)

sideslash (1865434) | about 2 months ago | (#47629781)

My comments were re: general usability. I don't know that I've lost email, and my message history goes back to 2000. Hmmm, this is disturbing, will have to research this some more. Do you have any specifics about how it happened, or did stuff just disappear?

Re:Oh, god (1)

mlts (1038732) | about 2 months ago | (#47629929)

Yahoo hasn't been bad by any means. I use them as my default provider for a spam/mass E-mail catch-bucket. For this purpose, I've never had any downtime or E-mail loss with them in many years. However, since most of the E-mail are lists or just ads from companies I do business with, I may not notice the ad for the latest zombie rated chainsaw available at Gnome Depot that might have gone missing.

Of course, my preference for E-mail is an Exchange or Zimbra hosted provider, but when it comes to free E-mail, beggars can't be choosers.

Where is the private key stored? (5, Insightful)

Henriok (6762) | about 2 months ago | (#47629379)

Where is the private key stored? These are web mail services and if that's going to be easy to use, the key must travel with the user, and how is that going to work securely? Or are they going to store people's private keys on their own servers? If so, wouldn't that almost completely defy the purpose? If intelligence agencies or more usual evil does have access to the mail servers, or user accounts wouldn't they also have pretty much access to the key store servers too? Could someone with more knowledge into how this might work please sort this out for me.

Re:Where is the private key stored? (1)

jbmartin6 (1232050) | about 2 months ago | (#47629425)

I had the same thought. I suppose you could store the key encrypted, and then do all the encryption/decryption in the browser. So Yahoo would provide the browser the encrypted key and some Javascript would do the decryption. The article specifically mentions public keys though, which makes me think they must be working on providing a directory of public keys for Yahoo accounts as well. Another option would be using a browser extension. I guess we will find out in time.

Re:Where is the private key stored? (4, Insightful)

BaronM (122102) | about 2 months ago | (#47629435)

With any encryption scheme, key management is usually the biggest pain in the ass. No doubt, this is the biggest problem with implementing encryption for webmail.

Keeping my private key on a USB drive on my keychain could ALMOST work, in that on any desktop or laptop I could insert it to get to the key. For mobile, I think Yahoo will need to release a mail app that supports an easy & secure way to load your key.

Also - keying a passphrase on a moble device to open/sign/encrypt email will suck big time. This could be a great use for a fingerprint sensor on phones.

Re:Where is the private key stored? (2)

PPH (736903) | about 2 months ago | (#47629471)

PGP uses a public/private key pair. The way it should work: You generate a key pair locally and keep your private (decryption) key to yourself. You can then publish your public key, which other parties can use to encrypt messages to you. Key management would consist of some scheme where the mail service provider would 'sign' your public key to provide authentication and some easy to use public key lookup schemes so other people can securely recieve your key (protect against man-in-the-middle attacks) in order to prepare messages to you.

The problem with many popular web mail encryption services is that the private key generation and storage is in the hands of the mail service instead of distributed to individual users. So that puts it within the reach of a National Security Letter. Or a bunch of Russian hackers if the admin is less than competent.

Re:Where is the private key stored? (1)

Sockatume (732728) | about 2 months ago | (#47629481)

Email is transmitted unencrypted; anyone relaying the message can read it. With PGP way your email is protected in from everybody while it's in transit, although at the endpoints it's only protected from conventional criminals and not Uncle Sam or John Bull.

Re:Where is the private key stored? (1)

Anonymous Coward | about 2 months ago | (#47629577)

Where is the private key stored?

"window.localStorage for now"
source: https://twitter.com/FredericJacobs/status/497447899962560512

Re:Where is the private key stored? (1)

Anonymous Coward | about 2 months ago | (#47629609)

Take a look at how LastPass has their system setup. They encryption key never leaves your computer unencrypted. I imagine it would not be too hard to apply the same principles to a webmail scheme.

Re:Where is the private key stored? (1)

anagama (611277) | about 2 months ago | (#47630173)

But the private key leaves your system? Even if the private key is encrypted, unless it is encrypted by a different private key on your system, you've just given away your private key (e.g., LastPass has the decryption key to your private key which means LP has your private key, albeit in a convoluted manner). I don't know anything about LastPass, but if this is true, it isn't confidence inspiring.

Re:Where is the private key stored? (1)

AmiMoJo (196126) | about 2 months ago | (#47629835)

The private key can be stored encrypted on their server, and then sent to the client which can decrypt and use it. Decryption uses the user's password. That is similar to how most encryption systems work - the key is itself encrypted with the user's password for storage.

It isn't a perfect solution but it is infinitely better than having no encryption at all. At the very least it will make bulk collection much more expensive.

Re:Where is the private key stored? (1)

gstoddart (321705) | about 2 months ago | (#47629869)

The private key can be stored encrypted on their server

Who is in control of that encryption? Who encrypts the encryption around the encryption around the encryption?

If it's Yahoo, then "At the very least it will make bulk collection much more expensive" becomes patently false, because at some point they'll have the private key in the clear.

Every layer in here becomes a weak point where it can be broken, exploited, or bypassed.

And, since this is webmail, you're putting a lot of faith in browsers and various plugins to not also introduce security holes.

Re:Where is the private key stored? (1)

AmiMoJo (196126) | about 2 months ago | (#47630063)

Who is in control of that encryption? Who encrypts the encryption around the encryption around the encryption?

It would run in the client, i.e. the browser. Presumably Javascript based and thus open to public scrutiny, so at least in theory it could be audited.

I agree that it isn't perfect, but if we wait for a perfect solution like we have been there will never be one. Yes, the browser could be compromised, but that adds cost (the attacker has to attack the browser first) and gets a third party involved in defence (the browser developer). At the very least it would make bulk capturing of plain text emails impossible, forcing people like GCHQ and the NSA to focus on particular targets instead of just spying on everyone indiscriminately.

Web based pgp encryption = no encryption (2, Insightful)

Anonymous Coward | about 2 months ago | (#47629381)

If you enter your message to be encrypted into a webpage, then unless you trust that webpage (yahoo in this case), you shouldn't trust any encryption method that's out of your control. Just use an open source mail client to contact the email server to send the encrypted message. Safe and secure (except for metadata that is).

Awesome!! (4, Funny)

hymie! (95907) | about 2 months ago | (#47629401)

Now all I have to do is get my father, my mother, my sister, my half-sister, my grandmother, my wife, and my assorted friends to learn what PGP is and how to read the emails I send them.

Re:Awesome!! (0)

Anonymous Coward | about 2 months ago | (#47629469)

or just get them a free Yahoo email account, duh.

Re:Awesome!! (1)

Sockatume (732728) | about 2 months ago | (#47629487)

I think the idea is that it would fall back to unencrypted messaging transparently (perhaps with a warning) when you're sending it to a mailserver that doesn't talk PGP.

Re:Awesome!! (2)

Pi1grim (1956208) | about 2 months ago | (#47629561)

Mailservers don't talk PGP. Even being encrypted it's armored in base64 encoding and transmitted as plaintext. And mail client either knows what to do with it, or not. So, nope, no fallback possible, because you can never know if particular person is going to read it through a client that supports encyption or not. But if you have his\her public key, you might as well assume, that client does know ho decrypt it and if you don't - you can't encrypt it anyway.

Re:Awesome!! (1)

Aaden42 (198257) | about 2 months ago | (#47629737)

Yahoo has led the charge before in enhancing email standards where bare SMTP wasn’t adequate. They were fairly early adopters of things like DKIM and helped push the industry to support it. If you want to do something that really does have a fallback route, it wouldn’t even take a standards change to have receiving SMTP servers advertise crypto as part of the SMTP capabilities response.

Granted, it’s a big hit to security if your message is encrypted or not based on the remote mail server, and there are ample opportunities for MitM attacks to cause crypto to be dropped where it might otherwise be supported (so we’re back to trusting TLS keys). That coupled with public PGP key registries offers some options for intelligent fallback behavior while still providing encryption for messages where both sides are capable of dealing with it.

Re:Awesome!! (1)

Anonymous Coward | about 2 months ago | (#47629895)

Yahoo has led the charge before in enhancing email standards where bare SMTP wasn’t adequate. They were fairly early adopters of things like DKIM and helped push the industry to support it.

And what does those two things have to do with each other?

My first experience with DKIM was when I worked at a spam company. DKIM was very important to get right, because with correct DKIM, big e-mail providers like Yahoo and Hotmail would pass our spam directly to the users inbox, where as without it, they would start filtering after a few thousand spam mails.

For a while, DKIM worked great for filtering spam on my personal system - if it has a DKIM signature, it's spam - but then they managed to convince people running real mail servers (as opposed to spammers) to add DKIM signatures also.

Re:Awesome!! (0)

Anonymous Coward | about 2 months ago | (#47630071)

Yahoo has led the charge before in enhancing email standards where bare SMTP wasn’t adequate. They were fairly early adopters of things like DKIM and helped push the industry to support it. If you want to do something that really does have a fallback route, it wouldn’t even take a standards change to have receiving SMTP servers advertise crypto as part of the SMTP capabilities response.

You're still missing the point. SMTP servers use an entirely different form of crypto between each other, with other mail servers (POP, IMAP, etc.), and with their clients. It's a variant of the same SSL that distinguishes https from http. That's not what this is. PGP allows you to encrypt a message on the client side and hide the content from the transmitting servers. Only the recipient's client software knows if they can decrypt it or not.

The reason why so many people are telling you that you are wrong is that you are doing the equivalent of saying, "My router doesn't support JPEGs." Of course not, it's a frickin' router. It barely cares that you are transmitting on port 80 versus port 443. It doesn't care what the content is. You wouldn't convert a JPEG to a PNG at the router level. Similarly, mail servers don't know what's in the body of a message. It could be PGP encrypted text, plain text, an embedded image, or whatever. To a mail server, the message body is just a blob.

Could they come up with an encryption method that works as you describe? Sure. It wouldn't have anything to do with PGP though. In fact, they already have. SMTP servers are perfectly capable of encrypting all their connections. So client talks to SMTP server talks to other SMTP server talks to IMAP server where it's encrypted at each step.

Re:Awesome!! (1)

Aaden42 (198257) | about 2 months ago | (#47630287)

I’m well aware of the difference between SMTP+TLS and PGP. I’m not missing the point at all. TLS & PGP have nothing to do with each other. They’re encryption at two different levels of the stack. You need to use both to get proper end-to-end encryption of message contents and to protect message contents not only from observers on the wire but also observers at the mail host.

TLS (done right) prevents MitM between Yahoo’s SMTP and (let’s say) Google’s. If Google’s server advertises that their stack deals with PGP correctly, Yahoo can use that as a cue to encrypt the message content and pass it over the already-encrypted TLS connection. The SMTP conversation would always be TLS encrypted, but a part of that conversation can signal to the sender that encryption at the message data level would also be handled properly by the rest of the software stack behind the receiving SMTP connection. That’s blurring the layers, but it’s not unreasonable for a primarily webmail host to signal their user agent’s capabilities as part of the lower SMTP conversation.

Granted, that’s piling on a lot more processing than would typically be done during the SMTP conversation, but it’s doable. You don’t even need the anyone’s private key at that point. The sender’s private was used to clear-sign every message sent (presumably in Javascript on the client side). If the sending SMTP server determines the remote can deal with it, then it needs to obtain the recipient’s public key and encrypt the clear-signed message to it before sending the PGP encrypted message over the TLS encrypted connection. The benefit there is that Google’s stack never gets to read the plaintext of the message.

Re:Awesome!! (0)

Anonymous Coward | about 2 months ago | (#47629575)

Mail servers don't "talk PGP."

Also, if it could be unencrypted transparently by a third party ... it wouldn't actually be a useful form of encryption.

The private keys must reside on the client for this to be useful, which means that this will either be insecure, useless, or both.

Re:Awesome!! (0)

Anonymous Coward | about 2 months ago | (#47629761)

I don't think the one who doesn't "talk PGP" is a mailserver here... ;-)

Re:Awesome!! (1)

AmiMoJo (196126) | about 2 months ago | (#47629853)

The whole point of doing it this way is that it is transparent to the user. If Yahoo finds the recipient's public key on a known key server the email gets encrypted automatically. It isn't perfect but it is a massive step up from what we have now.

Re:Awesome!! (1)

Sloppy (14984) | about 2 months ago | (#47630207)

Now all I have to do is get my father, my mother, my sister, my half-sister, my grandmother, my wife, and my assorted friends to learn what PGP is and how to read the emails I send them.

You jest, but don't you see how popular webmail providers adding insecure PGP implementations to their platforms would be a pretty good first step to doing exactly what you say?

Unlikely, if they control the key (1)

Anonymous Coward | about 2 months ago | (#47629485)

Can't RTFA from here, but there's no chance of a "standoff" if Yahoo gets to keep the private key. Hell, even if they don't, if the encryption is taking place on their side, as it necessarily would with a web client, then you're transmitting your private key for that purpose, and they effectively control it at that point. Any implementation other than a fat client on the user's equipment completely defeats any level of non-repudiation that PGP affords.

Re:Unlikely, if they control the key (1)

Aaden42 (198257) | about 2 months ago | (#47629675)

It doesn’t necessarily need to do en-/decryption on the server side. Javascript is more than adequate to perform the necessary math.

Re:Unlikely, if they control the key (0)

Anonymous Coward | about 2 months ago | (#47629941)

Not without also being more than adequate for grabbing a copy of your private key.

idiotic (1)

slashmydots (2189826) | about 2 months ago | (#47629521)

Their accounts get hacked at an insanely fast rate. I would bet every single user gets their account hijacked in 2 years or less. Maybe they should work on that first if they're so concerned with security.

W... X... Yahoo... Zombie. (1)

Sarten-X (1102295) | about 2 months ago | (#47629543)

At this point, each news story about Yahoo primarily serves to let me know the company isn't quite dead yet.

PGP Is the easy part. Key mgmt is hard (2, Interesting)

cpuh0g (839926) | about 2 months ago | (#47629569)

Implementing PGP with (yet another) public key database is easy enough to do. The biggest issue will be the management and protection of the private keys needed to sign and decrypt incoming messages. If Yahoo ends up holding the private keys, then it's completely untrustworthy and useless.

Also, why do they want to create another public key DB? Keybase.io is very nice, and the existing PGP.net servers have a huge existing database of public keys, though it is nearly impossible to delete a key once its published.

Re:PGP Is the easy part. Key mgmt is hard (1)

CimmerianX (2478270) | about 2 months ago | (#47629947)

That's why you should create a revocation certificate when you create the keypair. If you upload the revocation cert to the DB, the keys get removed.

But yes... my first keypair that I created something like 17 years ago when I was first learning about gpg are still in the DBs and come up when my name is searched. It gives me a chuckle.

Right ... (1)

gstoddart (321705) | about 2 months ago | (#47629657)

We are working to design a key server architecture that allows for automatic discovery of public keys within Yahoo.com and other participating mail providers and to integrate encryption into the normal mail flow

So, let's think about this.

They can discover your public keys, and then presumably they will need to have your private keys in order to show you the message.

If you have to enter your private key even once, you have to assume they'll keep it.

At which point, you are more secure from casual prying eyes, but it's done nothing at all to protect you from spying governments who simply force Yahoo to hand over your private key.

And, really, if adding encryption to your email doesn't actually prevent the NSA et al from getting to your email, this is lip service to encryption.

Sounds cool and all, but isn't really giving you any additional security.

Even if done badly, might do some good? (4, Insightful)

Aaden42 (198257) | about 2 months ago | (#47629669)

Key management’s the thing here of course. If it’s on their server, NSA has it, etc. There are ways the key could be encrypted on server, decrypted only locally etc. Most of those have myriad ways the key could be mis-handled, leaked, etc.

That said, I’m kind of leaning towards this being a good thing, even if its implementation isn’t 100% paranoid geek approved secure. Ultimately if the NSA wants to read YOUR stuff, they’re going to (see: $5 wrench). If we assume Yahoo manages to implement this such that key retrieval is at least inconvenient (for $ufficiently large value$ of inconvenient) to anyone other than the account owner, then it should at least complicate NSA’s blanket “read all the things” approach. If it tips the balance back to the point that they actually have to expend more resources than your grandmother’s chocolate chip cookie recipe is really worth, then *maybe* they go back to only reading very interesting people’s emails without a warrant rather than reading everybody’s. I guess that’s worth half a point?

More importantly, if it manages to turn the seething mob of luddite Yahell users onto the fact that encryption is a thing, and explains to them why they want this thing, maybe the “winning hearts and minds” gambit is worth something to the world as a whole, even if the individuals’ email isn’t NSA-proof. Right now most mothers & grandmothers either have no clue what encryption is, or think it’s something only used by hackers, ter’ists, pr0n, criminals, etc. “Them” in other words. If Yahoo manages to convince a sizable portion of the voting public that privacy has worth, and encryption is a way to ensure that privacy, I think that’s a worthy outcome even if the encryption has flaws. Maybe that opens the door to conversations about the difference between effective and ineffective encryption. Maybe it even brings it closer to socially “normal” for someone who knows what effective encryption is to encourage others to use it without being assumed to be a nutcase or worse.

I hate to advocate selling snake oil, but there *are* an awful lot of squeaky snakes around. Maybe the right salesman can convince enough of the populace they need encryption, then we can worry about offering really good encryption for those adequately equipped to work with it.

Mailvelope etc. (2, Informative)

Anonymous Coward | about 2 months ago | (#47629703)

The Mailvelope Plugin - https://www.mailvelope.com - already does that: encrypt webmails a la Gmail, Yahoo, Hotmail or your own Roundcube etc.. It does so in-browser, obviously. Still basic in functionality but works for simply sending messages back and forth. Clear-signing, though available, tends to get screwed up due to message wrapping on the receiving end.

You may also find https://encrypt.to a very cool thing. Essentially a simple contact form, that encrypts the message with GPG and sends it on to the actual mail account. That way, a user who does not use PGP can send failry secure mails to a GPG-user. A simple vanity-style URL can be given to such users for easy access to the input form. The scripts are freely available and can be used on your own webserver under your control. This idea may significantly help in overcoming the chicken/egg problem we are having in regards to PGP use!

As far as webmail with PGP goes, Startmail is already doing that. You create the keys in their interface (yes, I know!) and the use is very straight-forward. You can also communicate with outisde user who do not have PGP. They will get an SSL-link and access it via a previously agreed-upon passphrase. Their reply to the Startmail user from there will also get PGP-encrypted on Startmail's server and put into the Startmail user's mailbox.
While this setup is, for purists, far from ideal, it could help get normal people to use PGP. If you don't like it, stop bitching, and help make PGP easier to use the 'proper way'! ;-)

Why not S/MIME? (3, Informative)

Arkham (10779) | about 2 months ago | (#47629711)

Instead of PGP they should use S/MIME. It's functionally the same but is far more widely supported. It's even included in the Exchange ActiveSync protocol via ResolveRecipients to retrieve the public keys of other users. I don't dislike PGP/GPG, but if it were me I'd go with a more standard envelope.

Who fucking cares? (0)

Anonymous Coward | about 2 months ago | (#47629849)

Why does Yahoo still exist? They don't even offer SSL for their email. I have idiot co-workers who use Yahoo, and yes, I can read their emails with Xplico.

Open Source? (1)

Fnord666 (889225) | about 2 months ago | (#47629887)

It sounds like they plan on making the extension open source, which is mandatory or the whole thing is a non starter. Furthermore you better be able to match the checksum of the source version to the addons that might be available from the addon repositories for the browsers. We have to be able to confirm that what they say is the code is in fact what we are running in the browser.

Personally I'm not interested in anything that involves uploading my private keystore to a third party, encrypted or not, and without that you lose the main feature, portability, that comes with webmail.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?