Security at the Mercy of Advertising


Yahoo’s latest move is yet another example of the tension between end-user security and the online advertising ecosystem.

Last year, Yahoo announced plans to enable encryption by default as a direct response to a story that Barton Gellman and I wrote about the NSA’s collection of millions of address books globally.  One of the slides we referenced in that story indicated that the NSA was collecting substantially more addresses from Yahoo than the other providers (444,743 from Yahoo vs. 105,068 from Hotmail or 33,697 from Gmail). These figures make sense given that, at the time, Yahoo was still not using default encryption for their front-end webmail users, let alone their back end email delivery (something I’ve written about previously).

Today, Yahoo announced they’ve made progress on their encryption plans with the help of former iSec Partner’s cofounder, and information security guru, Alex Stamos.  As Alex’s first post as Yahoo CISO indicates: [Read more…]