Yahoo turns on encryption between data centers
Yahoo said Wednesday it was encrypting traffic flowing between its data centers, several months after leaked documents revealed the government had been sniffing those links.
Traffic moving between Yahoo data centers is fully encrypted as of March 31, the company announced on its Tumblr blog. Last October, documents provided by former U.S. National Security Agency contractor Edward Snowden said the NSA had penetrated the main communications links that connect Yahoo and Google’s data centers.
Though it comes after those revelations, the encrypted data links is in keeping with a previous promise by CEO Marissa Mayer to encrypt all information between its data centers by the end of March.
Encryption (almost) everywhere
Yahoo said Wednesday that it had also turned on encryption for a range of other services. For one, encryption of mail between its servers and other mail providers that support the SMTPLS standard was enabled in the last month, the company said. Yahoo only just turned on encryption by default between users and its email service in January.
Yahoo said its homepage and all search queries that run on it and most other Yahoo properties now also have HTTPS encryption enabled by default.
But if users want an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance or Good Morning America on Yahoo, they must manually type “https” into the site’s URL on their browsers, Yahoo said.
Better late than never
Yahoo has faced pressure to encrypt more of its services for years. In 2012, the Electronic Frontier Foundation and other privacy activists called on CEO Marissa Mayer to enable HTTPS encryption for the company’s communications services. Yahoo began offering HTTPS encryption for mail in 2012, but on an opt-in basis.
Since then other companies like Google and Facebook have introduced more forms of encryption.
Last month, another leak of documents said that GCHQ, Britain’s surveillance agency, had captured webcam images from more than 1.8 million users of Yahoo’s Messenger product.
Yahoo said Wednesday that a new, encrypted version of Messenger would be rolled out in the coming months.
It said it was also working to bring more enhanced forms of encryption like Perfect Forward Secrecy, which is already supported for global properties like the homepage, to all of its sites.
Alex Stamos, chief information security officer at Yahoo, said the company had been working over the last several months to provide a more secure experience for its users. “Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem,” he said.