Ever since 2013, when the Electronic Frontier Foundation started shaming email providers that did not encrypt their customers' email, more and more mail providers have turned on STARTTLS, which protects email in transit from snooping, without requiring users to take any additional steps.
But ISPs in the USA and Thailand have been caught sabotaging STARTTLS, interrupting the negotiation between mail-servers to prevent the encryption bit from being turned on, leaving millions of peoples' email liable to snooping by crooks, governments, spies and others.
In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1
By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
ISPs Removing Their Customers' Email Encryption
(Image: uncle sam wants your privacy, Jeff Schuler, CC-BY)
Bad legal news for Orange President Kleptocrat today. He’s gonna be in a mood.
Asked about the Justice Department’s intent to drop all criminal charges against impeached President Trump’s first national security advisor, Mike Flynn, Trump’s Attorney General Bill Barr says nothing matters, and “history is written by the winners.”
Conor Burns, Britain’s trade minister, quit Monday after it was revealed he had used his position to threaten a member of public in a financial dispute with his father. The committee’s report found he had made “veiled threats” to use privilege to “further his family’s interests” during the financial dispute involving his father. In February, […]
Game engines aren’t just the lifeblood of the video game industry. They may soon be the lifeblood of Hollywood. Since emerging in the late ’90s, the Unreal game engine has quickly become one of the world’s foremost tools for game creators. Now, Disney’s hit Star Wars spinoff series The Mandalorian is using Unreal as well. […]
Apple AirPods have become the default earbuds beloved by millions. Unfortunately, they also cost $159, so it’s no surprise that since they were first introduced in 2016, companies have battled to produce comparable headphones at a lower price. The UK-designed and engineered Veho STIX true wireless earphones may have cracked that particular problem, striking a […]
Instagram isn’t just for tweens and foodies. In fact, the image-heavy platform not only wants to mint new Instagram influencers — it also wants to make them rich. In the last few weeks, the company announced ad revenue sharing on IGTV videos, special badges you can buy from your favorite accounts through Instagram Live, merchandise […]