Let's Encrypt (previously) a joint EFF-Mozilla-Linux Foundation project that lets anyone easily create an SSL certificate for free in minutes and install and configure it so that visitors to their Websites will be shielded from surveillance, came out of beta this week, and it's already making a huge difference.
Let's Encrypt is a joint project from EFF, Mozilla and others that allows anyone to create a free HTTPS certificate in minutes, this being a critical piece of infrastructure, necessary for making connections between a web-server and a browser secure and private.
It will be overseen by Internet Security Research Group with backing from EFF, Mozilla, Cisco, Akamai and others, and will offer free HTTPS certificates to all comers, making it radically easier and cheaper to encrypt the Web and make it resistant to mass surveillance. — Read the rest
Chrome security engineer and EFF alumna Chris Palmer's State of Software Security 2019 is less depressing than you might think: Palmer calls out the spread of encryption of data in transit and better signaling to users when they're using insecure connections (largely attributable to the Let's Encrypt project); and security design, better programming languages and bug-hunting are making great strides.
When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions.
In 2012, Google rolled out Certificate Transparency, a clever system to spot corrupt "Certificate Authorities," the entities who hand out the cryptographic certificates that secure the web. If Certificate Authorities fail to do their jobs, they put the entire electronic realm in danger — bad certificates could allow anything from eavesdropping on financial transactions to spoofing industrial control systems into accepting malicious software updates.
An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end — at some unspecified date — by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites.
When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to.
Lisa Rein writes, "While the San Francisco Aaron Swartz International Hackathon is going on downstairs at the Internet Archive, we're having a little privacy-enabling mini-conference upstairs."
The Electronic Frontier Foundation always has a huge presence at Las Vegas's DEFCON, but this year, we're hosting our first-ever badge-hack contest!
EFF, Mozilla and pals are launching Let's Encrypt, an all-free certificate authority, in September — but they've released a transparency report months in advance.