Published on April 4th, 2014 📆 | 3764 Views ⚑0
Yahoo fully encrypts traffic between data centers, while encrypted Yahoo Messenger is coming soon
After finding themselves in the NSA's target list, Yahoo! and Google forced to think hard about the security and privacy of its users. Google had replied back to the NSA in its own way by encrypting its Gmail service between the company’s data centers to make sure that its users’ personal information is safe from the prying eyes.
- now it encrypts traffic between its data centers to help protect its users from mass surveillance.
- turned on encryption for mail delivery between Yahoo Mail and other email services that support it, like Gmail, support the SMTP TLS standard has been enabled.
- The Yahoo homepage and all search queries will now also run with https encryption enabled by default.
Even if the government taps data cables; it won't be able to read your messages. “We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines,” Alex Stamos, Chief Information Security Officer, said in a blog post.
ENCRYPTED YAHOO MESSENGER.. Coming soon
In the meantime, a fully encrypted version of Yahoo Messenger will land soon to protect users from snooping. Late in February this year, Snowden revealed about project ‘Optic Nerve’, under which US Spy agency NSA helped British Spy Agency GCHQ to allegedly capture and store nude images and others from webcam chats of millions of unsuspecting Yahoo users.
“Our goal is to encrypt our entire platform for all users at all time, by default,” said Alex Stamos. “Our fight to protect our users and their data is an on-going and critical effort,”
Additional upcoming security measures taken by Yahoo include implementation of HSTS (HTTP Strict Transport Security) to ensure that web browsers are using only secure HTTPS communication, Perfect Forward Secrecy to generate unique keys for each user session that prevents users from session hijacking attacks, and Certificate Transparency.
”We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy.” he added.