November 27, 2013

Yahoo to Implement Encryption Between Data Centers

by with 0 comments

Yahoo to implement strong security controls. Image from https://leaksource.wordpress.com

Yahoo to implement strong security controls. Image from https://leaksource.wordpress.com

NSA’s privacy intrusive “MUSCULAR” program revealed how the spy agency and its British counterpart tap into the data center links of major Internet companies like Yahoo and Google. This program seemed to be more intrusive in comparison to the PRISM program because the spy agencies performed their operation of mass data collection without the knowledge of the companies. Unlike PRISM they do not have to issue a court warrant to the companies for data collection. They just hacked on to the international fiber links that connect the data centers of Yahoo and Google to collect user data. The IT giants were extremely disappointed by the NSA’s  “MUSCULAR” program and clarified that they did not give any government the access to their systems. The companies have also decided to implement strong security controls to protect the privacy of their users from government’s surveillance programs.

According to the documents leaked by Edward Snowden, Yahoo Mail service provided easy access to the government for data collection, due to lack of SSL encryption in place. “The Washington Post revealed that government spooks had collected twice as many contacts from Yahoo Mail as all of the other major web mail services combined. No reason was given for this, but one likely cause could be due to Yahoo Mail’s lack of SSL encryption.” Yahoo has taken various steps to strengthen the security of the majority of its online applications. Yahoo has announced to introduce default SSL encryption in its email service by default. Yahoo has confirmed that it will enable HTTPS encryption by default for Yahoo Mail by January 8, 2014. Besides encrypting the email service, Yahoo has also announced to encrypt the traffic between its data centers, and apply SSL encryption across all its sites by March 2014. In response to the NSA’s surveillance program, Yahoo’s CEO Marissa Mayer said in a blog post:

Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever.There is nothing more important to us than protecting our users’ privacy. To that end, we recently announced that we will make Yahoo Mail even more secure by introducing https (SSL – Secure Sockets Layer) encryption with a 2048-bit key across our network by January 8, 2014.

Today we are announcing that we will extend that effort across all Yahoo products. More specifically this means we will:

  • Encrypt all information that moves between our data centers by the end of Q1 2014;
  • Offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014;
  • Work closely with our international Mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled.”
Yahoo CEO Marissa Mayer responds to NSA surveillance programs. Image from atic2.businessinsider.com.

Yahoo CEO Marissa Mayer responds to NSA surveillance programs. Image from atic2.businessinsider.com.

On contrary to Yahoo, Google has already moved to encrypt all its searches earlier this fall. Google will protect the privacy of its users by hiding the search queries performed by them. The company has also enabled SSL encryption by default for its users logged on to its service since 2011. Google has all these changes aiming at providing extra protection to its users from government surveillance programs.

Implementation of security controls by Internet companies like Yahoo and Google is definitely comforting to the users, as many of us use their services regularly. We do not want our data to be monitored or accessed by anybody else other than the intended recipients. It is great to see that more and more companies are taking security seriously after the PRISM revelations to ensure that their customer data is safe.

Secure cloud storage service that protects your data from surveillance

SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products likeSpiderOakHive and SpiderOak Blue to secure consumer and enterprise data. You can signup for this product immediately!