Most Americans, unless they don't use the Internet or have been under a rock for the past year, are aware of Edward Snowden and the ex-contractor's revelations about how the National Security Agency has been tracking both U.S. residents' online activities as well as communications of government leaders overseas and abroad.
The debacle has kept the White House, lawmakers and Internet privacy organizations pretty busy drafting new federal data collection strategies, investigating covert national security operations and assuring citizens that they can surf, email and shop online without someone tracking their every move.
It's also prompting big tech players, including Facebook, to get involved in the discussion and initiate lobbying against NSA's activities to assure users that communications, data and online activities aren't accessible by government spy agencies that claim such covert activity is necessary for homeland security reasons.
The NSA furor is also driving increased security efforts by big Internet names and the latest is Yahoo. The Internet company is very busy these days encrypting everything from data center servers to search queries to activities on its own home page.
In a blog post Wednesday newly minted Alex Stamos, who stepped into the role of Yahoo's chief information security officer just four weeks ago, gave a clear peek at what Yahoo is doing to assure users that Yahoo is protecting their privacy. Yahoo, writes Stamos, is in the midst of a "massive project" and provided a status update of what's been done and what's to come:
- Traffic moving between Yahoo data centers is fully encrypted as of March 31.
- Yahoo Mail is more secure as browsing over HTTPS is now a default option.
- Yahoo has enabled encryption of mail between servers and other mail providers that support the SMTPTLS standard.Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default.
- Yahoo has implemented support for TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many global properties such as Homepage, Mail and Digital Magazines and intends to bring all sites up to the standard.
- Users can initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo (gma.yahoo.com) by typing "https" before the site URL in their web browser.
And in a few short months there will be a new, encrypted, version of Yahoo Messenger.
"Hundreds of Yahoos have been working around the clock over the last several months to provide a more secure experience for our users and we want to do even more moving forward. Our goal is to encrypt our entire platform for all users at all time, by default," writes Stamos, noting Yahoo will also be implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months
"One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo's hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem," he says.
While it makes complete sense for Yahoo to drive forward improved security features, a goal announced in the early days of new CEO Melissa Mayer's arrival, it's also a very smart marketing and branding effort by the struggling Internet player that has lost market share to Google and Bing.
Yahoo is likely banking that savvy Internet users, and maybe even the business world, are now very wary about federal agency spying activities and might be lured to Yahoo products and sites given the increased security efforts.
It's likely we'll see similar 'announcements' from other Internet players in the months to come as it's a legitimate, though slightly slick marketing move given the big growth in mobile computing user activity and users' increased knowledge about federal agency tracking and monitoring activity.