Yahoo ramps up security but Tumblr users have to do it themselves

Following last month's announcement that Yahoo Mail connections would be getting default HTTPS encryption, the company has gone a stage further, enabling HTTPS access to Yahoo Contacts and Profile APIs.

In a post on its developer blog Yahoo advises that API settings will need to be changed by February 27.

From February 28 all access to Yahoo Contacts APIs and Profile APIs will be limited to SSL connections. User data won’t be available over HTTP after that date.

Yahoo's Tumblr blogging service has also announced this week that SSL encryption will be available to prevent hackers snooping on their activity. However, Tumblr's SSL won’t be activated by default, users will have to go to their Account Settings and turn it on.

As the Tumblr staff blog says in its usual chirpy style:

"Any reason I shouldn’t do this?" Nope, not really. It doesn’t change anything about the dashboard, it just encrypts your connection to it. We’ve been using it for weeks and haven’t even noticed. So, yeah, turn it on and forget about it. Easy.

Well, yes it may be easy but why not just turn it on by default, ensure everyone is protected and make it easier still?