Yahoo has been taking steps to add encryption to its services over the past few months, and has announced that all traffic moving between its data centers is now fully encrypted. The company has also made encryption default on Yahoo Mail and most Yahoo properties with the eventual goal of making encryption default for all its properties.
Just a month into his tenure as Yahoo’s Chief Information Security Officer, Alex Stamos released a blog post that details what Yahoo has done to ensure the privacy of its users, and its plans to implement additional security measures.
Last year, it became apparent that unencrypted data packets passing through the fiber linkages between private data centers could be secretly intercepted, in a scheme that would allow government agencies to access data from internal Yahoo and Google networks without them knowing.
To deal with this issue, Google now encrypts Gmail messages moving internally as well as between Google’s data centers, and uses HTTPS every time a Gmail user checks or sends an email.
Likewise, in January, Yahoo Mail began 2048-bit key encryption by default. And in March, Yahoo enabled mail encryption between its servers and other mail providers that support the SMTP Transport Layer Security standard.
The Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default. Users can initiate an encrypted session on others including Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo by typing “https” before the site URL. Albeit, this is a little onerous.
“Our goal is to encrypt our entire platform for all users at all time, by default,” Stamos stated in his blog post.
But it requires some cooperation with Yahoo’s partners. He noted, “One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem.”
Partner trust is becoming very important in providing security, given that a “third-party database compromise” resulted in Yahoo Mail usernames and passwords being stolen earlier this year.
Along with finding potential weak points inside and outside its system, Yahoo is also planning on implementing security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months.