But can they remove the NSA code from their servers now?
Yahoo! has announced major encryption improvements designed to thwart dragnet surveillance efforts by the likes of the NSA. Alex Stamos, Yahoo!'s recently appointed CISO (chief information security officer), said the internet giant has finished encrypting traffic between its data centres. Stamos also outlined a roadmap for …
But can they remove the NSA code from their servers now?
How long will it take the NSA to get the keys ?
Once the NSA have the keys then the comms might just as well be in plain text.
My guess is that the NSA have already got hold of the keys.
"We are now encrypting all our traffic to reduce the public fear - don't worry NSA here is your copy of the keys"
Can't do that with PFS. Each session has a different encryption key.
Well done Yahoo (never thought I'd say that)...
Not very long...
Because those yahoo's at yahoo know that they are required by law to hand them over...
Leaks by whistleblower Edward Snowden revealed that Google and Yahoo! data centre interconnects were being tapped by
the Obama's NSA 's spies as part of a programme code-named MUSCULAR.
There. Fixed it for ya', seeing as Obama signed the Executive Order for MUSCULAR.
Bush signed THE PATRIOT act, which is quite terrifyingly worse. With the NSA you could almost apply "If you have nothing to hide you have nothing to fear... But boy will they dig deep!", with the Patriot act everyone is held in fear. You can be declared a terrorist for no significant reason and be held outwith due process just for stepping out of line.
So, you lose.
Bush signed THE PATRIOT act
So did Obama. Twice. Obama even expanded upon the PATRIOT act.
What's your point?
And FISA and the secret "courts", the legal foundations for the PATRIOT act and PRISM and MUSCULAR, date from 1978 (that's Carter). The only lesson of this history is that a two-party democracy is not guaranteed to act any better towards its citizens (or others) than one-party repressive regimes.
To be fair, "is not guaranteed to" != "never does".
all sixteen of Yahoo's users appreciate this effort.
Well, they had to do something to make it worthwhile navigating that eyeball-gougingly bad "user interface upgrade" they rolled out and snottily announced wouldn't be rolling back no matter how many people begged them to do so.
The masses of sheeple can't buy a clue. The NSA and other authorities are not the enemy they are the ones protecting your clueless arse. Nobody gives a rats arse about your e-mail or other conversations unless you are a crim or terrorist. Naturally if you are then you deserve what you get. The reason why governments don't divulge their security efforts is because of clueless sheeple who can't handle reality. Yahoo won't be able to stop authorities from properly monitoring conversations, as they should and that's a good thing.
Why are you posting anonymously? Something to hide?
Obvious trolling and I shouldn't bite but...
If you genuinely believe governments should be monitoring all electronic communications what the hell have you been smoking. How about in real life, lets imagine for a moment ten years down the line there are another series of leaks outlining how the government is using microphones and cameras on every connected device to monitor all conversations would you also think this is something they should be doing?
I take it you view 1984 as an instruction manual rather than a cautionary tale?
Sleepwalking into a total surveilance state has gone on for too many years mainly down to idiots parroting if you've nothing to hide then nothing to fear. Since your so certain no one is interested and theres no harm would you mind popping your email address and password on here?
Just to clarify the reason governments aren't volunteering details on surveilance methods isn't because of clueless sheeple instead as we have discovered due to Snowdon it's because they are either illegal or a totally unnecessary invasion of privacy.
How do you feel about the US monitoring all european communications, or if your that side of the atlantic how do you feel about GCHQ in the UK monitoring yours?
AC because you work for who exactly? Guessing it's a company that makes a lot of money from selling the kit necessary for the monitoring or your an out and out shill.
if you've nothing to hide then nothing to fear
I pity the AI/serf that has to trawl through my inbox, lets have a look:
Humble Bundle spam
Amazon spam again
Ebuyer spam again
Would be nice to have something to at least blush over (other than my taste in books from Amazon) if someone was to intercept it...
"Would be nice to have something to at least blush over (other than my taste in books from Amazon) if someone was to intercept it..."
We see that you bought a copy of Sandra Hill's Rough and Ready. We... we'll stop looking at your stuff now.
per the ratings, it seems there's more criminals reading and rating these comments. who you trust is quite a relative relationship these days, i dare say very few persons are 'as pure as the driven snow(den)' and most are in some way complicit in some crime or accessories to breaking some 'law'. lets start with the bare essentials, those who create these laws that protect specialized groups while eliminating ones who don't serve the needs of those specialized groups.
I'm just asking.
Somehow without a single question mark...
Don't! You! Change! On! Us! Now! El Reg!
And about time you fixed your mistake dio :P Stop slacking around the water cooler telling stories about your night out with a lovely young blonde from accounting and get back to making sure these headlines are right :P
God I love these comments.
..." the project to improve security at Yahoo! will never be completed."
I am sure it won't.
Asychronous encryption i.e RSA is not safe. Any encryption software
from a US company is vulnerable to US court orders and RSA back doors.
We also know that AES 256 takes a couple of weeks to crack but that
means we can protect information with a news value.
But despite any attempts from the World and his dog to protect information by
encryption is doomed to fail as someone always keep an un-encrypted copy
on US soil or accessible from the US and by that accessible by the US courts
even if it protects from casual snooping by NSA.
The only full protection is bespoke hardware encryption devices and an
intelligent key distribution scheme. Any software based encryption schemes
are just doomed to fail!
So what if Snowden was a plant to make the US companies go all in with encryption to protect them from Chinese hackers?
If only that was the case.
intel agencies do seem to come up with some clever chess moves too. makes for good entertainment at least. the problem is, humans are a dicey blob of fairly predictable emotional reactions, making very little real use of their grey matter, and instead relying on their proclivity to have sex (and offspring) as a hedge against extinction.
Does this mean that the Yahoo hosted email service which my ISP uses won't be compromised every month now. Not that I use that poorly hosted shit anyway but at least normal users might get a less frustrating experience.
All the naughty boys are now using Yahoo to avoid the NSA Hahaha - the NSA are already there waiting with the decrypt keys.
fscked by SHA-1 collision? Not so fast, says Linus Torvalds