Yahoo beefs up security in two meaningful and important ways

Yahoo has taken some serious steps towards protecting user-privacy, writes the Electronic Frontier Foundation's Seth Schoen. After revelations that the NSA and GCHQ had hacked its services, intercepted private video-chats, and harvesting mass data from its fiber optic links, the company has added forward secrecy and STARTTLS to its roster of default-on security measures. Of the two, forward secrecy is the most interesting, as it protects the privacy of old intercepted Yahoo data even if the company loses control of its keys. Bravo, Yahoo!

Notable Replies

  1. This pales in comparison to their ongoing user security initiative of not having any users.

  2. Or just closing down all their services, which seems to be their current method of operation.

  3. You know, if you'd have told me 2 years ago … I'd see Yahoo of all companies give me a reason to create a mail account with them …

    … I just flat-out wouldn't have believed you.

  4. It's a good start.

    "It's important to note that all these uses of encryption protect only communications in transit between a user and Yahoo's servers, or within different parts of Yahoo's own infrastructure. That means it doesn't in any way change Yahoo's ability to turn over user data in response to government requests."

  5. If you build it right, they will come.

Continue the discussion

2 more replies