Slashdot Mirror
Yahoo To Add PGP Encryption For Email
Bismillah (993337) writes Yahoo is working on an easy to use PGP interface for webmail, the company's chief information security officer Alex Stamos said at Black Hat 2014. This could lead to some interesting standoffs with governments and law enforcement wanting to read people's messages. From the article: "'We are working to design a key server architecture that allows for automatic discovery of public keys within Yahoo.com and other participating mail providers and to integrate encryption into the normal mail flow,' Stamos said."
"Metadata" is a media buzzword designed to make you feel good about having your data monitored. They're still monitoring your conversations. Stop buying into their talking points. The headers of your e-mail are as much your data as the body of the e-mail.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
Where is the private key stored? These are web mail services and if that's going to be easy to use, the key must travel with the user, and how is that going to work securely? Or are they going to store people's private keys on their own servers? If so, wouldn't that almost completely defy the purpose? If intelligence agencies or more usual evil does have access to the mail servers, or user accounts wouldn't they also have pretty much access to the key store servers too? Could someone with more knowledge into how this might work please sort this out for me.
- Henrik
- when the Shadows descend -
Yahoo mail improved dramatically after Marissa Mayer became CEO. It seems to me that they are actually trying to be more like Gmail, and it shows in a positive way. They still fall short, but as a longtime Yahoo mail user I'll take what I can get. At least their recent improvements are much better than your characterization, for sure.
Now all I have to do is get my father, my mother, my sister, my half-sister, my grandmother, my wife, and my assorted friends to learn what PGP is and how to read the emails I send them.
Any proposal in which users hand over their private keys to a third party (such as a webmail provider) should be assumed to be done with the blessing of, or at the request of, law enforcement or intelligence agencies.
The third party (Yahoo) cannot prevent lawful intercept requests, subpoenas, etc from exposing any data they house as that data has been ruled to be not the property of the individual who supplied it.
A provider wanting to actually improve end-user security must intentionally attenuate any power they might have which grants anyone -- including themselves -- the ability to weaken the controls surrounding user data.
This kind of functionality would be enough for me to switch mail providers.
Yes, yes, it can always be done manually, but I have a lot of friends that aren't as tech savvy as I am. Generating a key, keeping the private one somewhere safe, copying text from the PGP application, pasting it correctly, copying incoming text, pasting, decrypting, etc., etc., it's all a pain in the butt for the typical computer user.
If Yahoo can manage to implement this correctly so that it is safe AND easy to use that's a big deal.
Love sees no species.
Key management’s the thing here of course. If it’s on their server, NSA has it, etc. There are ways the key could be encrypted on server, decrypted only locally etc. Most of those have myriad ways the key could be mis-handled, leaked, etc.
That said, I’m kind of leaning towards this being a good thing, even if its implementation isn’t 100% paranoid geek approved secure. Ultimately if the NSA wants to read YOUR stuff, they’re going to (see: $5 wrench). If we assume Yahoo manages to implement this such that key retrieval is at least inconvenient (for $ufficiently large value$ of inconvenient) to anyone other than the account owner, then it should at least complicate NSA’s blanket “read all the things” approach. If it tips the balance back to the point that they actually have to expend more resources than your grandmother’s chocolate chip cookie recipe is really worth, then *maybe* they go back to only reading very interesting people’s emails without a warrant rather than reading everybody’s. I guess that’s worth half a point?
More importantly, if it manages to turn the seething mob of luddite Yahell users onto the fact that encryption is a thing, and explains to them why they want this thing, maybe the “winning hearts and minds” gambit is worth something to the world as a whole, even if the individuals’ email isn’t NSA-proof. Right now most mothers & grandmothers either have no clue what encryption is, or think it’s something only used by hackers, ter’ists, pr0n, criminals, etc. “Them” in other words. If Yahoo manages to convince a sizable portion of the voting public that privacy has worth, and encryption is a way to ensure that privacy, I think that’s a worthy outcome even if the encryption has flaws. Maybe that opens the door to conversations about the difference between effective and ineffective encryption. Maybe it even brings it closer to socially “normal” for someone who knows what effective encryption is to encourage others to use it without being assumed to be a nutcase or worse.
I hate to advocate selling snake oil, but there *are* an awful lot of squeaky snakes around. Maybe the right salesman can convince enough of the populace they need encryption, then we can worry about offering really good encryption for those adequately equipped to work with it.
I'm curious how this could decrease revenue though, because automated scanning is is where the adds come from, and your key would only be as long as effective as a pass-phrase (I assume cloud stored password protected key, with local javascript to unlock the key, and something stored on the local computer to cache the key so the pass-phrase doesn't need to be used constant).
The problem with a cloud stored key that's unlocked by JavaScript with a passphrase is that when the government wants your passphrase they'll either tell Yahoo to silently replace your JavaScript module with one that does keylogging of your passphrase, or they'll take over Yahoo's SSL certificate and inject keylogging JavaScript of their own.
Instead of PGP they should use S/MIME. It's functionally the same but is far more widely supported. It's even included in the Exchange ActiveSync protocol via ResolveRecipients to retrieve the public keys of other users. I don't dislike PGP/GPG, but if it were me I'd go with a more standard envelope.
- Vincit qui patitur.
It didn't but yahoo is a webmail provider and webmail kinda implies that the provider will either be storing the key or at the very least be able to access it by tweaking some javascript a litte.
The reason PGP is difficult for the plebs is that secure encryption requires you to take responsibility for your own key management and ensure to the best of your ability that the key does not leave devices you control (if you are really paranoid you don't even put it on an internet connected machine). If you leave key management up to a third party then your whole security becomes dependent on them.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
It's implied by the fact that it's webmail. Does your browser have an OpenPGP library? Does it check all the Javascript that it downloads and executes, against some repository's whitelist? You have to assume the key isn't handled safely, unless you can answer Yes to these questions. And a lot of webmail users expect the server to be able to search and that's obviously impossible unless the server can read, so it's not like the unsafeness stems just from potential trickery.
That said, the more interesting question is what social effect this might have. Even "bad" use of OpenPGP could start conditioning more people to being familiar with, tolerating, expecting PGP. Get into a better frame of mind, and better habits can come later. And with good habits, some security could eventually emerge. The security wouldn't be there for Yahoo webmail users, and yet some users might end up having Yahoo webmail to thank for it.
And let's face it, the barriers to secure communication are almost entirely social; we choose to have insecure communications. Anyone who is working on that problem is working on The Problem.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
There are two ways this can work well.
Yahoo, or any other email provider, doesn't need access to the private key to SEND encrypted email. Someone who wishes to receive encrypted email publishes their PUBLIC key. The message is encrypted with the public key. Yahoo can automatically check popular key servers and if the recipient publishes a private key, offer a one-click option to encrypt the email. Because the recipient publishes a key, that pretty much advertises that they know how to read a message sent with their key. They don't need Yahoo's help on the receiving side. So sending encrypted email is no problem. There are some details to get right, but no fundamental problem.
Now let's consider reading encrypted email via webmail. It has been pointed out that the obvious implementation would be to use JavaScript to do the decryption. Maybe the Yahoo team will come up with something more clever, but let's assume they don't. In that case, it's been pointed out that Yahoo could replace the encryption JavaScript for targeted users, at specific times. That's true until someone releases a browser plug-in that checks the hash of the script, but there is still a big gain. Until then, Yahoo could be ordered to intercept SPECIFIC, TARGETED users. As opposed to today, when Yahoo can be ordered to provide a tap for NSA to collect ALL emails. Getting rid of that bulk collection capability is a big win.
Note that if the FISA court did order Yahoo to switch out the JavaScript, the likelihood that would be detected would be proportional to how often they did it. If they did it once, they'd almost surely get away with it. If they did it all the time, they'd almost surely be caught. So they'd want to use it rarely, saving it for high value targets in order to keep it secret. That's actually exactly what I WANT for a widely deployed technology. The ideal, I think, would be that the technical details are such so that the government can't read everyone's email, but in special cases a proper court can authorize reading Osama bin Laden's email and the technology allows that to happen only rarely. So this actually comes pretty close to the ideal, assuming that NSA wants to keep the Yahoo hack secret and therefore rarely uses it.
Not necessarily. Securely handling keys is indeed impossible for untrusted Javascript, but it should be feasible to provide a browser add-on (analogous to Enigmail for Thunderbird) with a key management UI and PGP bindings for Javascript. As long as that add-on is open-source and vetted by browser vendors, you don't need to trust Yahoo's web page (let alone their server) with your private key.
Ideally, this would be a core part of Firefox / Chrome, or at least a unified add-on, but in practice Yahoo!, Gmail and others would probably insist on making their own.
However, a general-purpose add-on could potentially allow encrypting/signing the content of any text field in a page, so it wouldn't depend on the email provider's support.