Marissa Mayer has announced that all user data, not just email, will be encrypted by the end of Q1 2014.
Last month, in the wake of the National Security Agency (NSA) scandal, Yahoo announced that it would enable SSL encryption by default for all Yahoo webmail users, starting 8 January 2014 — something that had previously been available as opt-in for users.
Yahoo CEO Marissa Mayer has now announced via the Yahoo Tumblr blog that 2048-bit SSL encryption will be applied across all Yahoo products by the end of Q1 2014. This includes encrypting all information that moves between Yahoo data centres — offering users the option to encrypt all data flow to and from Yahoo — and working with international Yahoo Mail partners to ensure all Yahoo co-branded email accounts are HTTPS enabled.
"I want to reiterate what we have said in the past: Yahoo has never given access to our data centres to the NSA or to any other government agency. Ever. There is nothing more important to us than protecting our users' privacy," Mayer wrote. "As we have said before, we will continue to evaluate how we can protect our users' privacy and their data. We appreciate, and certainly do not take for granted, the trust our users place in us."
The move is to protect users from governmental spying on data in transit. The NSA claims never to have accessed Yahoo and Google's servers, but its Muscular program was used to snare data as it travelled across international borders.
Yahoo's pledge to provide stronger encryption to user data joins Google, which has accelerated the encryption project that it started last year.