Gov't, Hackers Spy on Yahoo Messages, Video: Report

A new report shows that Yahoo instant messages can be easily intercepted and read by government spies and hackers. The problem: Yahoo fails to encrypt those messages.

A recent study by CNET shows that Yahoo continues to transmit message content in unencrypted form. This makes the instant messages vulnerable and exploitable by third parties.

To compound the problem, a recent article by UK-based The Guardian shows that a number of government agencies are, in fact, spying on Yahoo's unencrypted messages. (Source: cnet.com)

Government Agents Spying on Everyday People

Worse still, evidence shows that many of the intercepted messages -- including webcam video and images -- have nothing to do with criminal activity. In other words, government agents are spying on everyday people.

According to The Guardian's report, a special surveillance platform known as "Optic Nerve" has been used to intercept and store "the webcam images of millions of Internet users not suspected of wrongdoing." (Source: theguardian.com)

Making that possible is Yahoo's failure to use a standard security technology known as SSL (or Secure Sockets Layer). SSL is often used to establish an encrypted link between a server and client, thereby making it harder to eavesdrop. (Source: digicert.com)

For many years, SSL was primarily used to secure online transactions (such as banking, Paypal, and similar). However, many web sites are now using SSL as the default connection to their servers, rather than simply using it for securing only financial transactions.

Unlike Yahoo, both Microsoft and Google have adopted SSL to protect their users. Using SSL is one part of an ongoing campaign by both Google and Microsoft to keep their users (at least somewhat) protected against prying eyes, including the National Security Agency (NSA).

Yahoo's Position Angers ACLU Expert

Yahoo's failure to protect its users irks the American Civil Liberties Union's (ACLU) Chris Soghoian, who is currently a principal technologist with the organization's Speech, Privacy, and Technology Project.

"We have ample evidence now that Yahoo doesn't really care about security or the confidentiality of its customers' communications," Soghoian said. "Whether it's the lack of encryption in Webmail, or the video issue, Yahoo has ignored repeated warnings from researchers, [and] from human rights activists."

Yahoo does use SSL, but not much. Its use of the technology is limited to scrambling a user's password during the initial authentication process. The firm admits that it "does not use encryption for message delivery." (Source: cnet.com)

Yahoo CEO Promises to Improve Security Measures

Yahoo's chief executive officer, Marissa Mayer, has promised that Yahoo will introduce a better system for protecting its users' privacy, but so far that system hasn't been made public.

A spokesperson for Yahoo recently had this to say on the matter: "We are committed to preserving our users' trust and security and continue our efforts to expand encryption across all of our services."

Yahoo currently does protect its Yahoo Mail users with SSL. However, Soghoian says that was a reactionary move.

"The only reason they're encrypting email with Webmail now was a front-page story in The Washington Post," Soghoian said. "It was only then, in response to that coverage, that Yahoo turned on SSL by default." (Source: cnet.com)

What's Your Opinion?

Are you concerned about the possibility of governments or hackers eavesdropping on your messages, webcam, and video images? Are you a Yahoo user, and if so, would you consider abandoning the service for a more security minded competitor such as Gmail, Hotmail, or similar? Lastly, do you think that fears about government agents snooping on citizens are overblown?