In November last year it was revealed by Edward Snowden’s whistleblowing documents that Yahoo, along with Google, had been a target of NSA hacking of its internal data communications lines.
This week, Yahoo’s newly appointed Chief Information Security Officer, Alex Stamos, announced that the company has implemented a raft of NSA busting encryption measures, with more to come,
‘When I joined Yahoo four weeks ago, we were in the middle of a massive project to protect our users and their data through the deployment of encryption technologies… Hundreds of Yahoos have been working around the clock over the last several months to provide a more secure experience for our users and we want to do even more moving forward. Our goal is to encrypt our entire platform for all users at all time, by default.’
Current improvements include that (as of March 31) all data moving between data centers is now fully encrypted, and https is enabled by default for all search queries and for Yahoo Mail. Additionally, most Yahoo services, such as Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo (gma.yahoo.com), can used encrypted by entering ‘https’ before the URL when initiating a session.
Over the coming months, Yahoo intends to deploy an encrypted version of Yahoo Messenger, as well as implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency.
This is all great news, and we hope that more tech companies follow Yahoo’s lead, something Stamos himself is keen to make happen,
‘One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem.’