Google has changed its procedures to enable "forward secrecy" by default on all its search-traffic. This means that part of the key needed to decrypt the traffic is never stored, so that in the event that there is a security breach at Google, older, intercepted traffic can't be descrambled. It's the absolute best practice for secure communications, and Google is to be commended for adopting it.
Other web sites have implemented HTTPS with forward secrecy before — we have it enabled by default on https://www.eff.org/ — but it hasn’t yet been rolled out on a site of Google’s scale. Some sites have publicly resisted implementing forward secrecy because it is more CPU intensive than standard HTTP or HTTPS. In order to address that problem, Google made improvements to the open source OpenSSL library, and has incorporated those changes into the library for anybody to use.
Forward secrecy is an important step forward for web privacy, and we encourage sites, big and small, to follow Google’s lead in enabling it!
Long Term Privacy with Forward Secrecy
NCR reports in-the-wild sightings of “deep skimmers” (tiny, disposable card-skimmers that run on watch batteries and use crude radios to transmit to a nearby base-station) on ATMs around the world: “Greece, Ireland, Italy, Switzerland, Sweden, Bulgaria, Turkey, United Kingdom and the United States.”
After decades of fighting for open Web standards that let anyone implement software to receive and render online data, the World Wide Web Consortium changed course and created EME, a DRM system that locks up video in formats that can only be played back with the sender’s blessing, and which also gives media giants the […]
It’s World Password Day and you can celebrate it by fixing your crappy passwords.
White hat hackers get paid to find holes in their own employers’ online systems, and plug those holes before they become serious security risks. It’s a job that pays handsomely…mostly because few job candidates, even experienced IT professionals, have the skills to scamper over firewalls and infiltrate the deepest recesses of a battle-tested network. But […]
Why buy one of those expensive and confusing universal remotes, clogged with enough buttons to launch a space shuttle, when you could accomplish the same electronic control right on your favorite mobile device? The Blumoo Universal Remote, now just $52.99 in the Boing Boing Store, harnesses the audio power of all your household equipment right […]
You may not love Microsoft Word, but you’ve definitely used it. Other than being one of the most ubiquitous programs on the planet, it’s been the go-to word processing system for more than a quarter-century because it’s as basic as it gets. But occasionally, you’ve got assignments that beg for a lot more options than simple […]