It has been a very up and down week for Yahoo Mail in terms of security. The service was recently hacked via an XSS exploit, which Yahoo has since patched, and now we’re learning the company has also quietly rolled out an HTTPS option (finally).
If you use Yahoo Mail, you should enable the feature now (unfortunately it’s not on by default). To do so, click the gear wheel in the upper right corner, select “Mail Options,” go to “Advanced Settings,” and click “Turn on SSL” as shown in the screenshot below:
For those who don’t know, Hypertext Transfer Protocol Secure (HTTPS) is a secure communications protocol. Actually, it’s not technically a protocol in itself: it consists of the SSL/TLS protocol with an HTTP layer on top.
We say the feature has been added “quietly” because Yahoo hasn’t announced it via a press release nor a blog post. The first to cover the news was actually the Electronic Frontier Foundation (EFF), which is naturally happy about the move.
In fact, the EFF was one of the 26 organizations (along with the ACLU, Reporters Without Borders, and many others) that in November urged Yahoo CEO Marissa Mayer to add an HTTPS option for the sake of improving users’ privacy and security. You can read the full letter here to see what made Yahoo get its act together.
While not everyone has the feature yet, and it has come very late in the game, the EFF has nevertheless applauded Yahoo for the move:
Thanks to Yahoo! for taking this important step to protect its users’ privacy and security. And thanks to everyone involved with our letter for helping emphasize the importance of this security measure (particularly to Front Line Defenders, the Tactical Technology Collective, and Aspiration for bringing many of us together).
While support for HTTPS has been requested for a long time (we’re talking years) by Yahoo Mail users and privacy advocates alike, it seems the letter was the straw that broke the camel’s back. The option helps improve privacy when accessing email, especially over public WiFi connections, where anyone can attempt to hijack packets going between Yahoo and your browser.
We have contacted Yahoo about the new option. We will update this article if we hear back.
Image credit: Miguel Saavedra