Yahoo plans to encrypt, but you must opt in

Staff Writer
Columbus CEO

(c) 2013, The Washington Post.

Yahoo pledged Monday to encrypt all of its internal network communications by the end of the first quarter of 2014. It's a timely step for Yahoo, which has mostly lagged behind other tech companies when it comes to user privacy.

The encryption should help insulate users somewhat against unwanted snooping by hackers and government agencies. In addition, the company plans to extend Secure Sockets Layer (SSL) encryption to all of its services, expanding on an earlier promise to enable the security feature by default for its email users.

"We appreciate, and certainly do not take for granted, the trust our users place in us," chief executive Marissa Mayer wrote in announcing Yahoo's plans in a Tumblr post.

Yahoo is also following its peers in other ways, such as adopting longer security keys. An industry working group agreed in February to make 2,048-bit keys the new standard by year's end, and now Yahoo has vowed to use them, too.

Revelations about National Security Agency spying have raised the pressure on tech companies to safeguard their assets. Three weeks ago, The Washington Post reported that the NSA had broken into Yahoo's data-center traffic.

During the summer, Google said it would accelerate plans to encrypt its data center traffic. Meanwhile, a Microsoft spokeswoman admitted last week after being confronted in Europe on the issue that her company does not encrypt its internal data streams.

The one drawback to Yahoo's plan? Although the company will encrypt the information traveling within its systems, any data you send to Yahoo — and any information you receive in return — will remain unencrypted unless you deliberately opt in.

Since altering a routine is a lot harder than doing nothing, this effectively raises the bar for good security, meaning that a number of people are likely to forget about the option or remain unprotected because they haven't heard about the feature.

Still, even an incremental upgrade should please the most privacy-conscious among us.