{"id":3215,"date":"2013-11-25T10:00:33","date_gmt":"2013-11-25T15:00:33","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=3215"},"modified":"2020-02-26T18:37:12","modified_gmt":"2020-02-26T16:37:12","slug":"whos-using-encryption-whos-not","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/whos-using-encryption-whos-not\/3215\/","title":{"rendered":"Who&#8217;s Using Encryption? Who&#8217;s Not?"},"content":{"rendered":"<p><a href=\"https:\/\/www.kaspersky.co.za\/blog\/encrypt-your-data\/\" target=\"_blank\" rel=\"noopener\">Strongly encrypted communications are secure and private communications<\/a> (as long as there is no monkey-business going on in the way the encryption is implemented into communications software or protocols). Therefore, the companies that use strong encryption would appear to be the same companies that are concerned with the privacy and security of their customers.<\/p>\n<p>The Electronic Frontier Foundation is always looking to herald the tech and telecom companies that handle their users\u2019 data with care. They also don\u2019t shy away from naming and shaming the firms that store user-data frivolously.<\/p>\n<p>Their recently published \u201c<a href=\"https:\/\/www.eff.org\/deeplinks\/2013\/11\/encrypt-web-report-whos-doing-what\" target=\"_blank\" rel=\"noopener nofollow\">Encrypt the Web<\/a>\u201d report does just that. It positively reinforces companies like the search giant Google, the Internet service provider SonicNet, and the cloud-storage providers Dropbox and SpiderOak for protecting their customer\u2019s data with strong, across the board encryption. These four companies are the big winners of the EFF report, earning a check in all five of the following categories: encrypts data center links, supports <a href=\"https:\/\/www.kaspersky.co.za\/blog\/digital-certificates-httpss\/\" target=\"_blank\" rel=\"noopener\">HTTPS<\/a>, HSTS, forward secrecy, and STARTTLS. Briefly, the encryption of data center links basically means that Google encrypts data as it passes between their data centers, a weak-spot known to have been exploited in the past. The implementation of HTTPS, or hypertext transfer protocol secure, ensures that all communications between a user and a given website pass through an encrypted channel. HSTS, or HTTP Strict Transport Security, is basically a Web server security policy mandating constant HTTPS communication with users. Forward secrecy, or perfect forward secrecy, is essentially a cryptographic property or ideal that guarantees that one compromised key won\u2019t compromise further transmissions. STARTTLS is more or less an email extension that updates plain-text email communications to encrypted communications so that emails are encrypted no matter what email client you are using.<\/p>\n<div class=\"pullquote\">\u201cThere\u2019s nothing like a little peer pressure to nudge someone toward doing the right thing.\u201d<\/div>\n<p>Now that we have that out of the way, again, Google, SonicNet, Dropbox, and SpiderOak are the big winners here. Honorable mention to Facebook, which received all five checks conditionally, because they are in the process of implementing all of these encryption features. Twitter received high marks as well, receiving a check-mark for every category except STARTTLS.<\/p>\n<p>LinkedIn, Foursquare, and Tumblr are right in the middle here, with three checks. Yahoo got one check and an additional conditional check for policies they plan to implement. Apple got one check for supporting HTTPS on their iCloud. Microsoft, Myspace, and WordPress all earned just one check mark as well.<\/p>\n<p>The companies that are not putting in the effort to encrypt are, according to the EFF, Amazon, AT&amp;T, Comcast, and Verizon. Altogether, these four companies received zero checks.<\/p>\n<p>Perhaps not surprisingly, earlier this year, the San Francisco-based digital advocacy group published a report called \u201c<a href=\"https:\/\/www.kaspersky.co.za\/blog\/eff-report\/\" target=\"_blank\" rel=\"noopener\">Who\u2019s Got Your Back?<\/a>\u201d and the findings were similar. The Who\u2019s Got Your Back report explored which tech and telecom companies are rubber stamps for government data collection and which one\u2019s guard the privacy rights of their users. Both reports vindicated the efforts of Twitter and Google and SonicNet and SpiderOak, while both reports wagged their fingers at <a href=\"https:\/\/www.kaspersky.co.za\/blog\/apples-ios-7-has-a-major-security-flaw\/\" target=\"_blank\" rel=\"noopener\">Apple<\/a>, Yahoo, Verizon, AT&amp;T, Comcast, and Amazon.<\/p>\n<p>Of course, a lot has changed in the time between the two reports: namely a lot more is known about government-sponsored surveillance efforts. If there is a correlation between the reports, and I think there is, then there seems to be a general movement toward better privacy protections from government and other malicious spying among some of the tech firms.<\/p>\n<p>\u201cWe want to use this as a positive encouragement where if companies see other folks getting good reports, they may want to apply more crypto,\u201d said Kurt Opsahl, a senior staff attorney with the EFF.<\/p>\n<p>The EFF conducted the report by sending each company a survey. Not every company replied, so other sources were also considered including the companies\u2019 websites and news reports. The companies were asked whether they support HTTPS, HSTS, Forward Secrecy, STARTTLS, and whether they encrypt data center links.<\/p>\n<p>So what does this all mean for you? Well, I won\u2019t advocate for which services you should or shouldn\u2019t use. I think all of us \u2013 including our friends at the EFF \u2013 likely rely on some services that aren\u2019t putting in enough effort as far as encryption is concerned. The point here, as noted by Threatpost\u2019s Mike Mimoso, is this: \u201c<a href=\"https:\/\/threatpost.com\/eff-scorecard-shows-crypto-leaders-and-laggards\/102987\" target=\"_blank\" rel=\"noopener nofollow\">There\u2019s nothing like a little peer pressure to nudge someone toward doing the right thing.<\/a>\u201c<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Strongly encrypted communications are secure and private communications (as long as there is no monkey-business going on in the way the encryption is implemented into communications software or protocols). Therefore,<\/p>\n","protected":false},"author":42,"featured_media":3216,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[261,344],"class_list":{"0":"post-3215","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-encryption","9":"tag-online-protection"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/whos-using-encryption-whos-not\/3215\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/whos-using-encryption-whos-not\/2692\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/whos-using-encryption-whos-not\/2582\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/whos-using-encryption-whos-not\/2892\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/whos-using-encryption-whos-not\/2708\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/whos-using-encryption-whos-not\/3215\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/whos-using-encryption-whos-not\/3215\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/encryption\/","name":"encryption"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/3215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=3215"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/3215\/revisions"}],"predecessor-version":[{"id":25993,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/3215\/revisions\/25993"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/3216"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=3215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=3215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=3215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}