I've had no issues with Yahoo over the years, for a while i was going to quit yahoo, then my ISP went away and i sorta drifted to it. AOL isn't too bad either; Then again i use both at the bare minimum with all features turned off that i can get away with.

Sounds like a good thing... Used PGP/GPG before but never had anyone to use it with so i drifted to not using it.

Ya it is not exactly what an average user would know how to use.
They are trying to dumb down the system enough so a normal user can utilize it without having to understand all the complexities of it.

There is still some setup involved mind you, but not as much as say trying to setup a Kelopatra GPG account.

If you want to give the new feature a shot early.
https://github.com/google/end-to-end

That is the Github of the plugin.

An upload for the public key which is attached to the email and transferred when requested... As for the private key, it should never touch the servers. So probably a downloadable app that you attach your private key to with a password, then it encodes the data as a text output. Pretty simple... Generating the keys should probably be left to programs already considered secure.

All the free mail service provider wants my phone number, as if I do not have enough of the apply for credit card phone call, and the you won XXX scam.

i'm using gmail, it is good if you want to use it for general things
i made 3 gmail accounts so far without adding my phone number, hmm...

Private keys are generally stored locally in the plugin - which creates a sort of local "keyring" app.
Personally if you don't have one - I recommend using Kelopatra.
http://gpg4win.org/download.html

Actually the reason they request phone numbers is
1. To prevent Spam bots from making accounts.
2. As a fail safe if your account is ever hacked - you can retrieve the account via an One time password via SMS to your phone.

Which is good... You don't want to have the private keys on the server; Since if the CIA/NSA bring a warrant for those keys, everything that's suppose to be protected won't be. But if the keys aren't present, they simply shrug their shoulders.


Although each email service might generate their own public/private key set for signing off headers ensuring they actually sent messages and lowering spam.

Spam really wouldn't work - because you would need to have the users public key first to send the mail and you can only retrieve the public key by requesting it from said user.

So unless you willingly give your public key to a spam account - that shouldn't be an issue.

I made the last one half year ago, i think if you are not using vpn or proxy it wont force you to add your phone number.

Just tried just now. Don't work.

I have a Gmail account and my spam has in no way gone up over the past 3 years. Stop signing up for free porn DVD's sent to your door maybe.

Maybe it is works only from some countries.

Requesting a key may not be a problem, it may come as an attachment since the public key is public. But signing isn't quite the same as just encrypting. Spam is more interested in getting sheer numbers to an unsuspecting populous. Digital signing just ensures it came from said person, as long as the keyID matches. Although if a spammer is known to use public key xxx, then all keys signed with key xxx are automatically filtered out.

Then there's also with known public keys, Yahoo can detect it in the email, and decrypt the message and have a SIGNED button in green as an indicator making it seamless, as long as the key checks out.

You seem to be mixing a few different concepts.
An authenticated document is not the same as an encrypted document.,

When it comes to Asynchronous encryption.
Every private key has a child key known as a public key.
That public key is unique to every individual.
The public key can only encrypt documents in every specific way that would allow only that specific private key to open.

The only way to view that document is using a specific private key to unencrypt it.

What you are thinking about is document authentication, which uses public certificates authenticated by a 3rd party which has been signed by a private key and authenticated by a public key.