Yesterday, Yahoo announced a detailed plan to encrypt its users’ data across their various services. The announcement comes several months after Edward Snowden’s revelations on government surveillance of private citizens.
The chief information security office at Yahoo, Alex Stamos, said yesterday, “Our goal is to encrypt our entire platform for all users at all time, by default.”
In the Yahoo blog, Stamos also gave a detailed summary of the progress Yahoo are making in developing their encryption technologies:
• Traffic moving between Yahoo data centers is fully encrypted as of March 31.
• In January, we made Yahoo Mail more secure by making browsing over HTTPS the default. In the last month, we enabled encryption of mail between our servers and other mail providers that support the SMTPTLS standard.
• The Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default.
• We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard.
• Users can initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo (gma.yahoo.com) by typing “https” before the site URL in their web browser.
A new, encrypted, version of Yahoo Messenger will be deployed in coming months.
(Image Credit: Eric Miraglia)
