Yahoo has finally announced that it will turn on HTTPS encryption by default for Yahoo Mail next year – four years after Google announced the same thing for Gmail, and two years for Microsoft during the transition between Hotmail and Outlook (it was an option in Hotmail in 2010).
Incidentally, the switchover – scheduled for January 8, 2014 – falls exactly one year after Yahoo announced that it will make HTTPS encryption an option. Previously, the company did not implement such a feature despite Outlook/Hotmail and Gmail were rolling out such protection. And it only implemented the feature after 26 organisations – including the Electronics Frontiers Foundation and Reporters without Borders – called for the feature in November 2012 to improve privacy and security for its users.
However, Yahoo may still lag behind its rivals security-wise. Google has added on top of its HTTPS encryption with ‘forward secrecy‘ – meaning that if one key is compromised, it would not allow the attacker to decrypt months of secure connections.
I could say that it’s a start and that it’s all right. But not really, considering the fact the NSA has managed to break SSL and HTTPS encryption – both commonly used by mail services and banks to protect customer data.
via Washington Post