Yahoo has finally, and somewhat belatedly, decided to follow in the footsteps of Google, Microsoft and Facebook, announcing that it’ll make SSL encryption the default setting for all Yahoo Mail users as of next January.
The company confirmed the plan in a statement given to the Washington Post yesterday. This follows the introduction of SSL encryption last January, years behind the likes of competing email providers, although the feature was only enabled for those who decided to opt in.
In contrast, Google’s Gmail has had SSL encryption as the standard setting for all users since January 2010, and the company has been gradually moving its other online services over to the protocol since then. Microsoft added SSL encryption to its Outlook.com and Hotmail web mail services in 2012, while Facebook did so back in August this year.
Yahoo has come in for a fair amount of criticism for not moving to SSL encryption earlier, although to be fair to the company, recent revelations from whistleblower Ed Snowden suggest that spy agencies may have already compromised the standard. It’s believed that the NSA, alongside the UK’s GCHQ, has been actively working to crack the most common encryption standards used on the web, and some researchers believe that deciphering SSL encryption presents few problems for them.
Then again, new documents leaked from Ed Snowden last night revealing the NSA’s email contacts collection program suggest that the NSA may not be able to get past SSL encryption as easily as it likes. Interestingly, the Washington Post revealed that government spooks had collected twice as many contacts from Yahoo Mail as all of the other major web mail services combined. No reason was given for this, but one likely cause could be due to Yahoo Mail’s lack of SSL encryption.
If this is the case, it could be that Yahoo’s move to SSL is too little too late, especially for anyone whose main concern is to keep their personal data away from the authorities’ prying eyes. Still, given Yahoo Mail’s recent record with email security and reports of various accounts being hacked and used to send spam, any move towards better security will be welcomed by its users.