• Categories

  • Archives

    « Home

    Washington Post: Yahoo’s uphill battle to secure its users’ privacy

    The Washington Post reports on attempts by Internet services company Yahoo to better protect its users’ privacy:

    On Wednesday, Yahoo’s freshly minted Chief Information Security Officer Alex Stamos announced the company had implemented a series of stronger security and privacy measures, including securing traffic that moves between their servers and encrypting most search queries automatically.

    This is a major step for Yahoo which has been dogged by critics for years for lagging behind its competitors on some basic privacy and security measures. In a Tumblr post, the company proclaims its latest announcement is only the start of a broader mission “to not only make Yahoo secure, but improve the security of the overall web ecosystem.”

    But although Yahoo, Google, and others have upped their security game in light of the revelations about National Security Agency spying over the last year, the tracking practices tech firms rely on for advertising also appear to have made some covert government operations easier. […]

    In the fall, Yahoo announced it was moving forward with enabling encryption by default for Webmail users in response to a Washington Post story, which was based on documents from former NSA contractor Edward Snowden, that revealed the NSA had collected millions of address books globally. One of the slides revealed in that story indicated the NSA was collecting substantially more addresses from Yahoo than the other providers — over 400,000 from Yahoo vs. 105,068 from Hotmail or 33,697 from Gmail. These figures likely reflected that Yahoo was not using encryption for their front-end Webmail users or the back end of their e-mail delivery system. […]

    Yahoo implemented encryption on the front-end in January, although with a few technical hiccups. And on Wednesday, it announced the enabling of encryption for mail between its own servers and with other mail providers that support a widely used standard. In fact, all data traveling between Yahoo data centers has been encrypted since March 31 according to Stamos’s post. […]

    Stamos doesn’t have a timeframe for the next step, but he does expect to go SSL by default on all properties eventually and says the company is working “aggressively” to bring partners on board with encryption. And if Yahoo can pressure them to use stronger privacy protections, it could raise standards across the entire industry.

    Leave a Reply