Yahoo's move comes after repeated calls over the years from security experts and privacy advocates for the company to enable HTTPS for email. The recent revelations of mass Internet surveillance by the U.S. National Security Agency and U.K. Government Communications Headquarters that painted a picture of Yahoo being a primary target for user data collection by intelligence agencies have likely added to the pressure as well.
One top-secret document leaked by former NSA contractor Edward Snowden showed that in a single day in 2012, the NSA collected over 440,000 e-mail address books from Yahoo, compared to around 100,000 from Hotmail, 82,000 from Facebook and 33,000 from Gmail.
Gmail has had HTTPS by default since 2010, Microsoft's Outlook.com email service launched in July 2012 that eventually replaced Hotmail had this feature from the beginning, and Facebook started rolling out HTTPS by default to users in November 2012. All companies supported full-session HTTPS on an opt-in basis for some time before making it the standard setting.
The media reports about NSA's data collection programs have also prompted Yahoo to expand its encryption efforts beyond email. The company plans to encrypt information moving between its data centers and to offer users the option to encrypt all data flows to and from Yahoo by the end of the first quarter of 2014, Yahoo CEO Marissa Mayer announced in November.
Sign up for Computerworld eNewsletters.