PGP eh?
I wonder how they store the private key?
Yahoo will fire up end-to-end (E2E) encryption for its email users by 2015, chief security officer Alex Stamos announced at Black Hat overnight. The Purple Palace has also created a PGP plugin forked from Google's new offering that will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email …
That's a good question, one that everyone familiar with public key cryptography would know to ask.
If Yahoo! did anything like storing unencrypted private keys on their servers then their implementation would be slammed by everyone with any security credibility and the whole thing would be dead in the water.
Since most users have No Clue (in this case, specifically, about email privacy and cryptography) then Yahoo! will be dependent on third party assessments of their security product/model in order to gain traction and buy in.
That being the case I would be fairly confident that Yahoo! will handle the key safely (ie. either only stored locally on the user's computer, or else - like Lastpass - storing an encrypted copy on their servers and only ever decrypting it locally).
... such as "logging on".
Each time I logged in to their god-awful abomination of an IM platform, I was told "some features" (such as...?!) had been "temporarily disabled", and I should log in to the website to fix that. That didn't help, of course. Eventually, I tried creating an app-specific password for IM ... which was rejected each time, but after trying it, I was able to log in with the main account password without getting the stupid warning message.
A shame seeing what once seemed like a nice modern company with useful services being run into the ground.