Tell Yahoo! to Protect Email Privacy

Nov 13, 2012
By:
Chris Conley

Page Media

ACLU of Northern CA

This morning, 26 individuals and organizations including the ACLU of California sent an open letter to new Yahoo! CEO Marissa Mayer asking her to add HTTPS security to Yahoo! Mail. Without secure connections, the email sent and received by Yahoo! users around the world — from dissidents living under repressive regimes to Americans communicating about sensitive topics — is vulnerable to interception by ISPs, WiFi "sniffers," and others. Please join us by telling Yahoo! (via Twitter or Yahoo's feedback form) to take this basic step to protect your email.

HTTPS allows users to connect to a remote web site using a technology called Secure Socket Layer, or SSL. While no security method is foolproof, SSL is generally effective in preventing "eavesdroppers" from listening in on—or even hijacking—a connection with a web site. Without it, anyone who has access to your communications with the site, including not only an Internet Service Provider or other intermediary but also anyone else who is on the same unsecured network.

Yahoo! Mail does protect your password in transit using HTTPS, but everything else you do – including reading and composing email – is done over regular HTTPS. As a result, the messages you send and read, and even access to your account itself, is vulnerable to interception that could easily be prevented. In contrast, every other major web mail provider, including Gmail and Hotmail, provide at least the option of HTTPS protection at all times.

Protecting user data using basic techniques like HTTPS isn't just good for users; it's good for businesses too. Please join us and our co-signers and tell Yahoo! to take this much-needed step to protect the privacy of its users along the world.

Chris Conley is the Technology and Civil Liberties Fellow with the ACLU of Northern California.