In response to revelations that the National Security Agency (NSA) was spying on Americans, as well as other security
concerns, Yahoo has expanded its encryption efforts to include traffic
being sent between data
centers. Much like Google, the majority of traffic sent to Yahoo is now encrypted, including through email, search, or other Yahoo services.
Leading the new encryption and security expansion efforts is Yahoo’s recently appointed chief information security officer, Alex Stamos. Stamos, who has been a vocal critic of the NSA’s spying and other mass surveillance programs, hopes to protect Yahoo’s users by keeping their data secure.
Encrypted sessions for Yahoo News, Sports, and Finance will now be possible if a user types in “https” before the site URL. For many of its most popular services, however, Yahoo automatically uses https as a way to prevent spying by malicious groups or government agencies.
The changes that Yahoo has implemented thus far were first promised in November, and even though the company has come a long way, Yahoo is far from done. Over the coming months, Stamos has announced that even more security enhancements will be implemented to make Yahoo as impenetrable as possible.
Even though most of the primary services offered directly by Yahoo are now protected with https and other forms of encryption between servers, Yahoo still has to work with its partners to encrypt other services that are not entirely under its control.
“One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure.” writes Stamos. “Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem.”
When whistleblower Edward Snowden first released secret NSA documents last year, a large number of them were misinterpreted, causing many people to believe that some of the giant tech companies had been cooperating with the spy agency. To deal with the bad press stemming from those beliefs, Facebook, Google, and now Yahoo, have all taken public stands against the NSA, resulting in more secure Web sites.
We asked Charles King, principal analyst at Pund-IT, for his opinion on Yahoo’s latest encryption updates. He told us that Yahoo has had a track record of not focusing on security but recently, that has changed, as security and privacy have become important topics for many users.
“The new encryption features for Yahoo Messenger should quell concerns that users that have about individuals or organizations snooping into their private conversations, making it a smart tactical business move for Yahoo," King said. "But more important is how the broad sweep of Yahoo's efforts differs from the company's past lackadaisical approach to securing users' data.”
Given how recently the shift in priorities has occurred, King said that Yahoo is very focused on security in a way that other companies may not be. “There's an old homily about no one being more faithful than the newly converted, and Yahoo's commitment to data encryption across its physical and virtual properties serves as proof to that notion," he added.