Skip to main content

Yahoo encrypts all products in response to NSA spying

Amidst reports that the NSA has been spying on server traffic as well as email and contact lists, Yahoo on Monday pledged to extend encryption to all Yahoo products by early next year.

In a Monday blog post, Yahoo CEO Marissa Mayer said that the company will encrypt all information that moves between Yahoo data centres and offer users an option to encrypt all data flow to and from Yahoo by the end of the first quarter of 2014.

Mayer also pledged to work with international Yahoo Mail partners to make sure that Yahoo co-branded Mail accounts are also encrypted.

The move comes about a month after Yahoo said that email encryption with a 2048-bit key - or HTTPS - will be on be default by 8 January. "Our teams are working hard to make the necessary changes to default https connections on Yahoo Mail, and we look forward to providing this extra layer of security for all our users," Yahoo said.

The same day, The Washington Post revealed that that National Security Agency's (NSA) anti-terrorism efforts included the collection of hundreds of thousands of email and IM contact lists from Internet users from around the globe. A single day of data collection last year resulted in 444,743 email address books from Yahoo. That's significantly higher than the 105,068 from Hotmail, 82,857 from Facebook, and 33,697 from Gmail, which the paper suggested was because Yahoo messages are not encrypted by default.

Google made SSL the default encryption model of its Gmail service in 2010 and so has Hotmail.

More recently, the Post, citing data from Edward Snowden, accused the NSA of secretly monitoring transmissions between the data centers of tech firms like Yahoo and Google.

"There have been a number of reports over the last six months about the US government secretly accessing user data without the knowledge of tech companies, including Yahoo," Mayer wrote in her blog post. "I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever."

"As we have said before, we will continue to evaluate how we can protect our users' privacy and their data. We appreciate, and certainly do not take for granted, the trust our users place in us," Mayer concluded.

Google executive chairman Eric Schmidt recently said that allegations of NSA data centre spying were "outrageous," if true.

Image: Flickr (wanderingYew2)