Yahoo is the latest internet company to announce it is encrypting user data in an attempt to win back trust after revelations by whistleblower Edward Snowden of internet surveillance.
Yahoo announced that all traffic between its datacentres is now encrypted and it has enabled the encryption of mail between its servers and other mail providers.
The move is aimed at making it more difficult for outsiders to decipher emails and other data flowing between the datacentres.
The Yahoo homepage and all search queries that run on it have HTTPS encryption enabled by default. Users can encrypt Yahoo sites such as Yahoo News by typing “HTTPS” before the site URL.
Yahoo said it planned to introduce additional security to other services – including Yahoo Messenger – with an encrypted version, to be deployed in a month, to block government spying.
Yahoo's chief executive Marissa Mayer made a commitment in November 2014 to increase security and privacy around users' data.
Read more about Prism
- Security Think Tank: Prism fallout could be worse than security risks
- Security Think Tank: Prism is dangerous for everyone
- Security Think Tank: Prism – Sitting duck or elaborate honeypot?
- NSA surveillance whistleblower reveals identity
- US repeatedly hacked China, claims NSA whistleblower
- FBI spies on internet users
- UK links to US internet surveillance remain unclear
- Technology companies call for more transparency over data requests
- Compliance: The Edward Snowden, NSA program controversy continues
Yahoo is among several large technology companies trying to distance themselves from the Prism internet surveillance programme, revealed by Snowden in June 2013.
Yahoo is working to repair the damage inflicted on its reputation by Snowden's allegations that the US National Security Agency (NSA) broke into main communication links that connect Yahoo's datacentres.
Similar allegations were made about Google, which announced last month that it will always use an encrypted HTTPS connection when Gmail users check or send email.
In a blog post, Yahoo’s newly appointed chief information security officer Alex Stamos said the company planned to implement additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency in the coming months.
“This isn’t a project where we’ll ever check a box and be ‘finished.’ Our fight to protect our users and their data is an on-going and critical effort. We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy,” Stamos wrote.
In December 2013, Yahoo joined an alliance with eight other companies – including Google, Facebook and Apple – to call for reforms to US surveillance programmes.
Members of the Reform Government Surveillance alliance are concerned that the loss of public trust in technology will hurt their businesses, and are calling on governments to help restore that trust.
The group is calling for “sensible limits” on government authority to collect user data, greater oversight and accountability, transparency about data requests, respect for the free flow of information and a “robust, principled and transparent” framework to govern lawful requests for data across jurisdictions.