Following months of criticism from security experts and privacy advocates for not deploying SSL across its Web offerings, Yahoo on Monday announced that it will be giving users the option to encrypt all of the data they exchange with the company by the end of the first quarter next year.

The change is a long time coming for Yahoo, which is months or years behind Google and Microsoft in offering this option. Yahoo announced recently that it would be giving its email users the ability to choose SSL as the default for their connections, a change that is scheduled to be rolled out by the beginning of January. With the new announcement, users also will have the option of using a secure HTTPS connection for other Yahoo services, such as search. Google made SSL the default option for Gmail in 2010.

In addition to encrypting traffic to and from its Web properties, Yahoo also will be encrypting the data that moves between its data centers around the world. This move can be seen as a direct response to recent revelations that the NSA has been intercepting traffic between data centers belonging to both Google and Yahoo. Google officials said they have made the same change.

Yahoo CEO Marissa Mayer said in a statement:

“Today we are announcing that we will extend that effort across all Yahoo products. More specifically this means we will:

  • Encrypt all information that moves between our data centers by the end of Q1 2014;
  • Offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014;
  • Work closely with our international Mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled.

As we have said before, we will continue to evaluate how we can protect our users’ privacy and their data.”

Encrypting the traffic flowing between its data centers is a major change for Yahoo, but the more important move for  consumers is the option for them to use a secure connection for their sessions with Yahoo Web properties. That change will protect a huge amount of Web traffic and user data.

 

Categories: Cryptography, Government, Privacy, Web Security