Yahoo Faces Balancing Act Between Ads, Encryption

Yahoo is facing a challenge as it seeks to encrypt its vast network of websites and services to block hackers and government spooks: data security can clash with its business model.

The same is true for all Internet companies, but particularly so for Yahoo, the original search giant that has disappointed investors with weak revenue in recent quarters.

Yahoo on Wednesday announced new progress in previously announced efforts to beef up encryption, partly as a response to last years Edward Snowden leaks. The company now encrypts all traffic between its data centers and turned on encryption by default for the Yahoo homepage, said Alex Stamos, Yahoos new chief information security officer and a former security researcher who used to point out holes in commercial software.

Google made a similar announcement about mail traffic between its data centers last month.

But for now, there are limits as to how far Yahoo can take that encryption, Stamos said. Websites for Good Morning America on Yahoo, Yahoo News, Yahoo Sports and Yahoo Finance wont feature the encryption by default, for now, because the company still needs to bring advertisers on board, he said.

At issue is the fact that technology being used, called HTTPS, is an all-or-nothing proposition.

When a website uses HTTPS, it prevents outsiders from watching data people submit to the site or watch what articles they are reading. But if the site is going to use such encryption, it has to persuade every advertising network running ads on that page to do the same.

For large media companies that rely on lots of ad networks, that can take a lot of coordination.

Its a little harder than to just flip a switch, Stamos said. Its just a bigger project than I expected.

(Full disclosure: The Wall Street Journal doesnt use HTTPS encryption either.)

See the original post here:
Yahoo Faces Balancing Act Between Ads, Encryption