"let's encrypt"

Survey of the 2019 security landscape reveals some surprising bright spots

Chrome security engineer and EFF alumna Chris Palmer's State of Software Security 2019 is less depressing than you might think: Palmer calls out the spread of encryption of data in transit and better signaling to users when they're using insecure connections (largely attributable to the Let's Encrypt project); and security design, better programming languages and bug-hunting are making great strides. Read the rest

EFF has released STARTTLS Everywhere: free tools to encrypt email between mail servers

When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions. Read the rest

Google: Chrome will no longer trust Symantec certificates, 30% of the web will need to switch Certificate Authorities

In 2012, Google rolled out Certificate Transparency, a clever system to spot corrupt "Certificate Authorities," the entities who hand out the cryptographic certificates that secure the web. If Certificate Authorities fail to do their jobs, they put the entire electronic realm in danger -- bad certificates could allow anything from eavesdropping on financial transactions to spoofing industrial control systems into accepting malicious software updates. Read the rest

Baratunde Thurston explains why encryption matters

Rainey from EFF writes, "EFF just launched a new video about its efforts to encrypt the web. It features bestselling author Baratunde Thurston explaining why encryption matters and two simple ways to ensure the web we love is encrypted." Read the rest

Chrome is about to start warning users that non-HTTPS sites are insecure

An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end -- at some unspecified date -- by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites. Read the rest

Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites

When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to. Read the rest

Let's Encrypt is actually encrypting the whole Web

Let's Encrypt (previously) a joint EFF-Mozilla-Linux Foundation project that lets anyone easily create an SSL certificate for free in minutes and install and configure it so that visitors to their Websites will be shielded from surveillance, came out of beta this week, and it's already making a huge difference. Read the rest

Let's Encrypt enters public beta: free HTTPS certificates for everyone!

Let's Encrypt is a joint project from EFF, Mozilla and others that allows anyone to create a free HTTPS certificate in minutes, this being a critical piece of infrastructure, necessary for making connections between a web-server and a browser secure and private. Read the rest

To do in San Francisco: Aaron Swartz Day mini-con on privacy-enabling tech

Lisa Rein writes, "While the San Francisco Aaron Swartz International Hackathon is going on downstairs at the Internet Archive, we're having a little privacy-enabling mini-conference upstairs." Read the rest

Going to DEFCON? EFF's got your back

The Electronic Frontier Foundation always has a huge presence at Las Vegas's DEFCON, but this year, we're hosting our first-ever badge-hack contest! Read the rest

EFF's new certificate authority publishes an all-zero, pre-release transparency report

EFF, Mozilla and pals are launching Let's Encrypt, an all-free certificate authority, in September -- but they've released a transparency report months in advance. Read the rest

:)