We're really happy that Yahoo! is starting 2013 right by letting Yahoo! Mail users use HTTPS to access their e-mail accounts securely. (That means that, just a few days into 2013, we got one of the items on our holiday wishlist!)
EFF helped organize a coalition of human rights and press freedom organizations that sent a letter in November asking Yahoo! to take this step—one we've been advocating for a long time. Without HTTPS, anybody on a wifi network can read all the data sent to or received from a web site (for example, the full text of all the e-mail that Yahoo! Mail users sent or received). Yahoo!'s main competitors in the U.S. webmail market, Google and Microsoft, already use HTTPS on their webmail services (in Google's case, it's been the default for three years running).
For the time being, using HTTPS on Yahoo! Mail is optional and users have to enable it in their accounts. The setting to enable it is found under Options and looks like this:
If you're a Yahoo! Mail user, please take this step right away to protect your privacy when reading and writing e-mail. We'll also be looking into how HTTPS Everywhere can automatically protect users by making all access to Yahoo! Mail secure, even if users don't realize that this option exists.
Thanks to Yahoo! for taking this important step to protect its users' privacy and security. And thanks to everyone involved with our letter for helping emphasize the importance of this security measure (particularly to Front Line Defenders, the Tactical Technology Collective, and Aspiration for bringing many of us together).