Our oath: Put consumers first

An oath is a commitment. Our company’s name reflects who we are, what we stand for, and the promises we make to our users. We know that our users place their trust in us, and we take seriously their privacy and our role in respecting and promoting free expression.

As part of our commitment to and concern for your privacy, security and freedom of expression, we publish our transparency report along with information about our approach to handling requests for user data or to remove content. But it doesn’t stop there. Here are some ways we’re putting this commitment into action.

Our approach in action

Our commitment to put consumers first translates into action in three concrete ways:

Protecting users
  • When faced with government requests for user data or to remove content, we follow our Global Principles for Responding to Government Requests. This means we consider all appropriate options in order to protect the rights of our users. This can include seeking clarification or modification of the government demands we receive or contesting these demands, such as by challenging them in court. We also work to narrowly interpret such demands and minimize the disclosure of user data or the impact on free expression. We share information about these efforts in our Transparency Report for Government Data Requests and Government Removal Requests.

  • We’ve encrypted many of our most important products and services to make them more secure for our users. This includes:

    • Encryption of the traffic moving between Oath data centers;

    • Making browsing over HTTPS the default on Yahoo Mail, Yahoo Homepage, Tumblr, AOL, and many other Oath properties;

    • Implementing the latest in security best-practices, including supporting TLS 1.2 with 2048-bit RSA keys and strong encryption ciphers as well as Forward Secrecy for many of our global properties;

    • The addition of modern protection mechanisms to many of our products, services, and domains such as HTTP Strict Transport Security (HSTS), HTTP Public Key Pinning (HPKP), OCSP Stapling, Certificate Transparency, and Certification Authority Authorization (CAA) DNS Resource Records, and;

    • We are committed to notifying users when we strongly suspect they may have been the target of a state-sponsored attack.

Advocating for users
  • As a global internet company, Oath is committed to respecting our users’ rights to privacy and freedom of expression across the globe. Our Global Public Policy team advocates for public policy solutions that protect our users, including by advocating in favor of surveillance reform consistent with these principles, working with partners to develop smart policies for the flow of data across borders, and supporting laws and regulations that protect our users data and right to freedom of expression, as well as our platforms.

Respecting human rights
  • We are committed to respecting and promoting free expression and privacy on the internet. Oath’s Business & Human Rights Program (BHRP) coordinates and leads our efforts to make responsible business decisions in the areas of free expression and privacy.

  • Oath is a member of the Global Network Initiative (GNI), and currently serves on the organization’s Board of Directors. GNI is a multi-stakeholder coalition of information and communications technology companies, human rights organizations, academics, investors and other experts that aims to collectively address the challenges we and other companies face in the critical areas of privacy and free expression when bringing transformative communications technologies to markets around the world.