Yahoo Finally Encrypting Data

HardOCP News · Nov 18, 2013

Marissa Mayer just announced that, in light of all the NSA spying, Yahoo will encrypt all traffic flowing between its data centers by first quarter of next year.

There is nothing more important to us than protecting our users’ privacy. To that end, we recently announced that we will make Yahoo Mail even more secure by introducing https (SSL - Secure Sockets Layer) encryption with a 2048-bit key across our network by January 8, 2014. Today we are announcing that we will extend that effort across all Yahoo products. More specifically this means we will:

Encrypt all information that moves between our data centers by the end of Q1 2014;

Offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014;

Work closely with our international Mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled.

aL Mac · Nov 18, 2013

Wow they haven't offered https yet? I've been doing this with gmail for many years.

badcookies · Nov 18, 2013

silly yahoo, please return to the depths of irrelevance you're trying to escape from.

MrGuvernment · Nov 18, 2013

http://www.engadget.com/2013/10/30/nsa-muscular/

They had a way to get into google's encrypted data basically they just connected direct into the fiber links between data centers.

SixFootDuo · Nov 18, 2013

absolutely DO NOT BE THAT NAIVE. These announcements are nothing more than damage control. Be it Yahoo or any other tech company.

If you do not think the US Government cannot get at any data it want's regardless of it being encrypted or not, you're a fool.

These type of announcements are laughable and expected.

WhyYouLoveMe · Nov 18, 2013

What ^^^ said. If they want it, they'll get it.

Eiolon · Nov 18, 2013

Except for the little back door they will give the NSA to siphon just before the date becomes encrypted during transmission.

Technikal · Nov 18, 2013

aL Mac said:
Wow they haven't offered https yet? I've been doing this with gmail for many years.

Does not do much good when your email is stored on Google servers at the mercy of it's own agendas and the NSA backdoors and court orders.

SixFootDuo · Nov 18, 2013

Another thing I read was that the US Gov was using secret courts or some other under handed method to try and force companies to hand over it's SSL - Secure Sockets Layer certificate keys so it can unlock traffic. Who really knows what's going on, and when, who, where and why it's being done. Just assume that the conversation you're having with that woman that's not your wife, you're new account on the Tor network, the drugs you might be scheming to buy or sale, a late night visit into #bearcave on efnet, looking up how to make a molotov cocktail, trying to hide a very large amount in cash somewhere to avoid taxes, etc etc etc ....

Just safely assume that you are probably leaving a trail and or being watched in real time.

One thing I can promise you is that the rest of the world will at some point lock their data down. That's a given. Now, if some brit or Russian or Chinese comes onto a US server, then of course, it's open season.

I think what will happen is that, ultimately, the only people that he US will be able to watch in infinite detail will be it's own US citizens.

shade91 · Nov 18, 2013

Purely symbolic. Please [H]'ers don't be fooled by this. It doesnt mean anything considering FISA courts will force Yahoo to hand everything over that they want, including data that was 'encrypted'.

elzeus · Nov 18, 2013

Is this why yahoo email accounts always get hacked?

siliconnerd · Nov 18, 2013

MrGuvernment said:
http://www.engadget.com/2013/10/30/nsa-muscular/

They had a way to get into google's encrypted data basically they just connected direct into the fiber links between data centers.

Doesn't work any more. http://articles.washingtonpost.com/2013-09-06/business/41831756_1_encryption-data-centers-intelligence-agencies

Aseras · Nov 18, 2013

Encryption is pointless if they just hand over the SSL certs to the NSA or whomever can easily do a MIM attack as has been documented as SOP for intelligence agencies around the world now.

Cat is out of the bag. What needs to happen now is multiple key encryption where the companies themselves cannot access the data without a customer provided decryption key. Which won't happen to any free services, only specialty sites ( pay ) will offer it.

Spidey329 · Nov 18, 2013

Translation (from all service-orientated web companies):

The NSA should not be able to steal our data. They should pay for it.

Jagger100 · Nov 18, 2013

This may not help with the NSA, but still useful if it can stop Frank from Nigeria or my neighboring nosy neck-bearded neighbor.

shade91 · Nov 18, 2013

Spidey329 said:
Translation (from all service-orientated web companies):

The NSA should not be able to steal our data. They should pay for it.

HAHA with our money, aka TAX dollars.

darkpaw · Nov 18, 2013

Maybe this means they'll at least start using SSL for mail connections. They still use plain HTTP after initial authentication over SSL.

Raxiel · Nov 19, 2013

I've had an SSL option on my 'Powered by Yahoo!' ISP email for a while, I guess they've been holding it back from the 'free' users, presumably to get them to sign up to Premium Mail.

Ryokurin · Nov 19, 2013

aL Mac said:
Wow they haven't offered https yet? I've been doing this with gmail for many years.

They offered it, it was just off by default, like it used to be with Google up until Firesheep became popular.

MrGuvernment · Nov 27, 2013

darkpaw said:
Maybe this means they'll at least start using SSL for mail connections. They still use plain HTTP after initial authentication over SSL.

why i dont mind using and paying for www.everyone.net email services, SSL since the start for years now!

Yahoo Finally Encrypting Data

[H] News

Gawd

[H]ard|Gawd

Fully [H]

Supreme [H]ardness

Supreme [H]ardness

Gawd

Gawd

Supreme [H]ardness

shade91

Guest

[H]ard|Gawd

[H]ard|Gawd

2[H]4U

[H]F Junkie

Supreme [H]ardness

shade91

Guest

2[H]4U

Gawd

[H]F Junkie

Fully [H]