Access is encouraged to see that Yahoo! is now supporting HTTPS globally for its mail and messaging services, an important and overdue step for the security and privacy of its users. Pending technical analysis of its implementation, we believe this decision by Yahoo! responds to some of the concerns raised by civil society and security experts, and signals a continuing strengthening of their services’ privacy protections.
HTTPS is now enabled by default on Yahoo!’s mobile apps for Apple iOS, Windows 8, and Android. For users accessing Yahoo! Mail through their computer’s browser, HTTPS can be switched on via the mail settings in the top right of the screen (go here to find out how). Once it’s activated, all Yahoo! Messenger conversations in the browser window are also protected. According to the company, HTTPS is coming later this year to the desktop version of Messenger.
This move toward greater security has been a long time coming for the third-largest email provider in the world. For several years, Access has joined civil society organizations, activists, and security experts in pushing the company publicly and privately to implement HTTPS. Most recently, Access Tech Director Gustaf Bjorksten joined an open letter to new Yahoo! CEO Marissa Mayer. On the heels of the letter’s delivery, Access members campaigned in favor of the move to HTTPS by default. As Gmail and Hotmail enabled HTTPS in the past few years, Yahoo! Mail was left as the only major web-based email service to not provide secure connections.
As Yahoo! states, HTTPS is a standard way to protect your data over the internet and wireless networks. Websites that communicate with your web browser or send email solely through HTTP, hypertext transfer protocol, transmit “in the clear,” leaving data open and susceptible to intercept. HTTPS — the “S” represents its use of Secure Socket Layer or SSL — sends traffic over the encrypted and therefore safer SSL to connect your browser with the website’s server. When you communicate using encryption, using the HTTPS protocol, it is very difficult for an outside party to unscramble the information that is passing over the internet and wireless networks.
Many at-risk users depend on Yahoo! Mail, and the HTTPS option is an important step toward protecting their safety and human rights to privacy and freedom of expression. Access looks forward to working with Yahoo! as the company rolls out HTTPS by default globally across all products and services.