How safe is your online data — emails, social media posts, files stored online — from the prying eyes of hackers and government snoops?
The Electronic Frontier Foundation (EFF), a digital-rights advocacy organization, asked 18 of the top websites and services about the encryption measures each uses. Results showed that many fail to provide enough protections for your data.
The EFF asked whether a site took any of 5 measures:
- Encryption of data-center links: Does the company encrypt the data traveling among its own servers?
- HTTPS support: Does the company encrypt traffic to and from its public websites?
- HTTP Strict Transport Security (HSTS) support: Do the company's Web servers accept only encrypted incoming connections?
- Perfect Forward Secrecy: Are encryption keys used to secure communications used only once, so that someone using the key from one encrypted session can't use it to read other messages?
- STARTTLS: Does the service add encryption to standard email, file-transfer and instant-messaging connections?
How did the companies do? Only four companies — Dropbox, Google, SpiderOak and Sonic.net — used all five measures. Twitter used four of the measures, but the rest of the sites and services offered encryption and privacy protection at various lower levels.
Why is encryption within a company's internal data network, which is isolated from the Internet, so important? It matters because recently revealed documents leaked by Edward Snowden showed that the National Security Agency's MUSCULAR program, helped by an unnamed telecommunications company, was tapping into Google's and Yahoo's internal networks.
Tipped off by journalists who had seen the Snowden documents, Google implemented full internal encryption this past summer. Yahoo plans to do the same by April 2014.
The EFF's analysis follows up on items identified in its latest annual "Who Has Your Back" report, released in April. Each company had been examined to see how committed it was to protecting users when the government wanted access to its data.
The Electronic Frontier Foundation describes itself as "a nonprofit that fights for the public's rights involving the Internet and other technology, including educating the public and the press, filing lawsuits against bad legislation and mobilizing 140,000 members of its Action Center."