Yahoo Unveils Massive New Encryption Scheme to Protect Users

Online privacy champion Alex Stamos is making it a lot tougher for hackers and spies to snoop around Yahoo's insides. Here's what you need to know.

learn more about Kim Lachance Shandrow

By Kim Lachance Shandrow • Apr 4, 2014 Originally published Apr 4, 2014

Opinions expressed by Entrepreneur contributors are their own.

Alex Stamos doesn't play when it comes to the NSA.

In his first big hammer drop as Yahoo's new cybersecurity watchdog, Stamos announced yesterday that he's overseeing a massive "around the clock" effort to encrypt 100 percent of the tech giant's traffic, including the private data of its 800 million-plus users -- "at all time[s], by default."

Related: 4 Things to Know About Yahoo's New Information Security VP Alex Stamos

On the heels of reports that the NSA allegedly secretly snooped around thousands of its user accounts, the Sunnyvale, Calif.-based company pledged to encrypt all of its data centers by March 31. Stamos and the "hundreds of Yahoos" in his charge made that vow a reality. Not bad for only four weeks on the job.

The San Francisco-based veteran information security expert and outspoken NSA critic officially announced the company's newly bolstered encryption efforts on its Tumblr page yesterday.

And Stamos made no bones about why the massive encryption project -- which seriously steps up security for Yahoo data center traffic, Yahoo Homepage search queries, Yahoo! Mail and much more -- is going down in the first place.

"We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users' privacy," Stamos wrote in a powerful, telling statement curiously buried as the last sentence in his Tumblr post.

Make It Stop: Yahoo Reports Coordinated Email Hack

It was clearly a dig at the NSA's controversial PRISM surveillance program, which Yahoo recently reported requested to poke around in roughly 30,000 to 40,000 of its user accounts (between January and June last year) via Foreign Intelligence Surveillance Court (FISC) classified court orders. Yahoo arch rival Google said it was on the receiving end of FISC requests for information from approximately 9,000 and 10,000 of its user accounts around the same time.

Here is Stamos's complete bulleted list detailing Yahoo's new beefed-up encryption efforts, directly from his Tumblr update:

  • Traffic moving between Yahoo data centers is fully encrypted as of March 31.

  • In January, we made Yahoo Mail more secure by making browsing over HTTPS the default. In the last month, we enabled encryption of mail between our servers and other mail providers that support the SMTPTLS standard.

  • The Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default.

  • We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard.

  • Users can initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo ( by typing "https" before the site URL in their web browser.

  • A new, encrypted, version of Yahoo Messenger will be deployed in coming months.

Related: Young Millionaire: Inside the Mind of Yahoo's Teen Sensation Nick D'Aloisio

Stamos's work doesn't end with this list, though. Not as long as cyber attackers and government spies seek to snoop around Yahoo's insides, which we don't expect to stop any time soon.

"This isn't a project where we'll ever check a box and be 'finished,'" he said. "Our fight to protect our users and their data is an on-going and critical effort."

Yahoo did not immediately respond to a request for comment.

Kim Lachance Shandrow

Former West Coast Editor

Kim Lachance Shandrow is the former West Coast editor at Previously, she was a commerce columnist at Los Angeles CityBeat, a news producer at MSNBC and KNBC in Los Angeles and a frequent contributor to the Los Angeles Times. She has also written for Government Technology magazine, LA Yoga magazine, the Lowell Sun newspaper,, and the former U.S. Surgeon General, Dr. C. Everett Coop. Follow her on Twitter at @Lashandrow. You can also follow her on Facebook here

Related Topics

Editor's Pick

Have More Responsibilities at Work, But No Pay Bump? Use This Script to Get the Raise You Deserve.
Black and Asian Founders Face Opposition at All Levels — Here's Why That Has to Change
Money & Finance

Americans Are Underprepared for Retirement. Here's How Small Businesses Can Help Close the Savings Gap.

Half of the American workforce doesn't have access to an employer-sponsored retirement program, yet we are 15 times more likely to save for retirement if we can do so at work — and small businesses can help. Here's how.


Never Worry About a Low Battery with This Wireless Charger, Now $80 Off

Save 66% on this wireless iPhone charger that quickly powers up your phone.


60 Second Business Tips: 3 Ways to Boost Confidence

Business development consultant Terry Rice on silencing self-doubt.