User protection has increasingly become the major concern of many online sites and tech companies. Why not, compromising the data of users would also mean compromising the reputation and standards of the business platform.
Reason why Yahoo has taken another leap in user-data protection, the company said in its blog post.
"When I joined Yahoo four weeks ago, we were in the middle of a massive project to protect our users and their data through the deployment of encryption technologies as we discussed in our November 2013 Tumblr," said Alex Stamos, chief information security officer at Yahoo.
As of March 31, there's full encryption of traffic moving among Yahoo data centers. All the search queries entered into the Yahoo Homepage, as well as the Yahoo Homepage itself and most Yahoo properties have also been encrypted with HTTPS by default.
To ensure a more secure Yahoo mail, the browsing default has been changed over to HTTPS in January. Then in February, encryption of mail between their servers and other mail providers that support the SMTP TLS standard has been enabled.
"We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard. Our goal is to encrypt our entire platform for all users at all time, by default," Stamos said.
Now, users have encrypted session for all Yahoo sites and properties, including Good Morning America on Yahoo once they type HTTPS before the site URL on their web browser. Expect also that a new, encrypted version of the Yahoo Messenger will follow in the next months to come. Together with ICQ, Yahoo Messenger was one of the two instant messaging services found by CNET to be left unencrypted even after a decade of being exposed.
The blog post also narrated that the company has been working very hard the past several months to bring in the new secure service to its users.
"One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo's hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem," Stamos also said, on behalf of the company.
It seems there's even more to expect as the company continues to move forward and onto the next level of security. Additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency will also be implemented in the coming months. Once these additional measures are in place, the company doesn't stop there.
"Our fight to protect our users and their data is an on-going and critical effort. We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users' privacy," Stamos assured.
Before joining Yahoo, Stamos is a popular security researcher, as well as an outspoken critic of the mass surveillance program of the National Security Agency. The encryption beef-up has been considered partly as an anti-snooping campaign of Yahoo and its response to the incidence of leaks revealed by Edward Snowden. With this added security, the company promises that hacking into one's personal account, including video chats, will be a lot harder now.
