Yahoo introduces new encryption methods to protect users from spying

Reuters / Denis BalibouseRT News

Yahoo has announced it has fully encrypted traffic moving between its data centers, as well as mail between servers and other mail providers in order to protect private users from mass surveillance. The move helps put a lid on NSA spooks and hacking.

“We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines,” Alex Stamos, Chief Information Security Officer, wrote in his Tumblr blog post.  

Stamos, a well-known security researcher and a critic of NSA surveillance, joined Yahoo just a few weeks ago as part of the company’s anti-snooping crusade.

According to Stamos, the users can start an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America by just typing ‘https’ before the site URL in the web browser.

The company has also encrypted search requests made from its homepage.

“The Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default,” said Stamos.

The company’s decision to encrypt all information that moves between its data by March 31 was revealed in November, 2013.

Meanwhile, Yahoo has far-reaching plans to protect its users and their data “through the deployment of encryption technologies.”

According to Stamos, there are also many issues to focus on in the coming months, including “working and encouraging thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure.”

 

AFP Photo / Karen BleierAFP Photo / Karen Bleier

 

“Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem,” he said.

Among the updates which are anticipated in the coming months is a new encrypted version of Yahoo Messenger to stop mass government spying on webcam chats.

“Our goal is to encrypt our entire platform for all users at all time, by default,” said Stamos.

Yahoo, with over 800 million users worldwide, is also planning to implement additional measure such as HSTS, Perfect Forward Secrecy and Certificate Transparency. However, Stamos explains that this is not a project “where we’ll ever check a box and be ‘finished’.”

“Our fight to protect our users and their data is an on-going and critical effort,” he said. ”We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy.”

However, Yahoo encryption efforts still lag behind those of Google. Stamos says many of Yahoo services rely on content and ads provided by thousands of other companies, including some that aren’t convinced that they need to encrypt, as cited by AP.

Yahoo, as well as other major technology companies such as Google and Microsoft has made online security a top priority amid a series of revelations about US government programs that have hacked into users’ personal information. The bulk collection program was first disclosed in June by former NSA contractor and CIA employee Edward Snowden.

According to a secret audit, millions of records were being sent every day from Yahoo and Google internal networks to data warehouses at the NSA’s Fort Meade, Maryland headquarters. The NSA’s principal tool to exploit the Google and Yahoo data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, Government Communications Headquarters (GCHQ).

Earlier in March, Google encrypted Gmail to safeguard against NSA snooping. Now Gmail uses an encrypted HTTPS connection when you check or send email after reports that the US government had been secretly infiltrating the lines that transfer information overseas.

However, the US technology companies turned not as innocent as it may seem at first sight.

On March 20, NSA general counsel Rajesh De said that US technology companies, including Yahoo and Google, were fully aware of the surveillance agency’s data collection. When asked during a hearing with the Privacy and Civil Liberties Oversight Board whether data collection under Section 702 of the FISA Amendments Act was done with the full knowledge and assistance of any company from which information is obtained, De responded, “Yes.”

Meanwhile, the companies implicated in the program – including AOL, Apple, Google, Facebook, Microsoft, and Yahoo – denied knowledge of NSA access to customer data.

http://rt.com/news/yahoo-encryption-methods-security-017/

3 thoughts on “Yahoo introduces new encryption methods to protect users from spying

  1. That’s real sweet, if you believe them. I think Yahoo lost a lot of users (like myself) so now they’re launching this new advertising/propaganda campaign to convince people that their communications will be safe there.

    These corporations work hand-in-glove with our government, and probably own some of the whores we know as “government”, so I wouldn’t trust them as far as I could spit into a high wind.

    “AOL, Apple, Google, Facebook, Microsoft, and Yahoo – denied knowledge of NSA access to customer data.”

    BS. They all knew about it, they’re all complicit, and I’m still boycotting all of the above because I don’t believe a word of what they say.

    Sorry, Yahoo. But you didn’t give a rat’s ass about my privacy a year ago, and you still don’t, so don’t even bother trying to shovel that BS my way.
    They all lost a lot of customers, and a lot of surveillance opportunities as a result, so they’re trying to smooth things over with their former customers so they can start spying on them again. I don’t trust any company owned by Jews, and I never will.

  2. My Fellow Patriots:

    Article:
    ********
    “Yahoo introduces new encryption methods to protect users from spying”

    Response:
    *************

    AAHAHAHAHAHahahahahhahahahahahahahahahahahahahahahahahahhahahahahahah,….. GGAAASSSSPPPP (for air…),…. HahaHAHAhahahahahahahahahahahhhhhhhhhhhhhhhhhhhAAAahahahahahahahahahahahahahahahahaha,….. GGAASSPPPPP (for air,….) AAAHHAHAHAHAHAHAHAHAHAHahahhahahahahahhahahahahahhahahahahahahahahahhahahahahahahahahhahahahahahahahhahahahahahahahahahahhahahahahahah,…. GGGSAAAASSSSPPPPP!!!! (for air,….) AHAHAHAHAHAHAHAAHAHahhahahahahhahahahahahahhahahhahahjahahahahahahahahahahhahahahahahhahahahahah,……

    OH MY GOD!!!!!,.. THEY ARE SO F’N FUNNYYYYY!!!!!!!!!!!!

    (Wiping the tears away from eyes,….)

    Who the hell knew Yahoo had such a sense of humor???!!!!

    Let me guess,.. the NSA gave Yahoo the “NEW” encryption method! (Ta-Daaaaaa! Horns blaring,…. – people clapping,.. a voice in the background somewhere -> thank you,… thank you,.. thank you….)

    JD – US Marines – Wow,…. I guess we are suppose to believe that Criminal Obama is a LEGITIMATE President, and that he actually EARNED his Nobel Peace Prize by now also!

    .

  3. What a ridiculous piece of propaganda. The NSA and RSA work in tandem. RSA provides all vulnerabilities and backdoor master keys to the NSA. This is nothing more than some token horseshit of a Trojan horseshit to placate the low level retards of this world into thinking, “oh gee, Yahoo is protecting me with encryption.”, while exactly the opposite is happening.

    Here’s a little tip. I would recommend using only symmetric encryption practices that include the implementation of s-boxes. In addition, using layered encryption of multiple passes with multiple unique keys and you store those keys in your brain. Even their dreaded “deep crack” warehouse system processing 3 million keys per second on brute force attacks cannot subvert a packet encrypted with 24 layers of a symmetric 64-bit block cipher hashed with MD5. Avoid that asymmetric garbage like stepping around a pile of dog shit. If we all practiced solid security, their systems would melt.

    Last hint: Blowfish – Why do you think it never made standard? It ain’t because it’s weak.

Join the Conversation

Your email address will not be published. Required fields are marked *


*