In last week’s blog post, I was surprised, disappointed and generally ticked off to learn that Microsoft had publicly admitted that their server-to-server data was still unencrypted. Their corporate message was an empty promise to evaluate “additional changes that may be beneficial to further protect our customers’ data.” 319 words of blog therapy later, the best summary of my feelings on the topic was simply the title of the post: “WTF Microsoft?”
On Monday, I got a message with a link. I could not ignore it, since I already called out the boys of Redmond, so here goes.
WTF Yahoo!?
In a corporate Tumblr post on Monday, Marissa Mayer wrote that Yahoo will “encrypt all information that moves between our data centers by the end of Q1 2014” and “offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014.” But all I understood was “Yahoo is currently not encrypting our server-to-server data.” Just like Microsoft.
So despite my appreciation for your “Commitment to Protecting Your Information”, Marissa, this was nothing more than a guilty disclosure disguised as a positive announcement. Lots of heavy spin on this one. Nice work, Yahoo! PR team. I hope you didn’t spend too much time picking out the proper shade of lipstick for that pig, because it didn’t cover up anything.
End of Q1 2014 is too late. Tomorrow is too late. In fact, yesterday was too late, but at least it would be in place already.
I said it last week and I’ll say it again. Implementing world class cryptography is within the reach of every vendor, product, solution, and app. No more excuses.