The measures include: encrypting traffic between their datacenters, enabling HTTPS by default, enabling the StartTLS e-mail encryption protocol (for Web mail companies), implementing forward secrecy, fighting surveillance in court and Congress.
“By enabling encryption across their networks, service providers can make backdoor surveillance more challenging, requiring the government to go to courts and use legal process,” noted the EFF. “While Lavabit’s travails have shown how difficult that can be for service providers, at least there was the opportunity to fight back in court.”
Last week, the organization has released its “Encrypt the Web” report to reflect the recently made changes by a number of companies in that regard, and the results are as follows (click on the screenshot to enlarge it):
“We’re pleased to see that four companies—Dropbox, Google, SpiderOak and Sonic.net—are implementing five out of five of our best practices for encryption,” says the EFF. “In addition, we appreciate that Yahoo! just announced several measures it plans to take to increase encryption, including the very critical encryption of data center links, and that Twitter has confirmed that it has encryption of data center links in progress.”
Others, like Facebook and Twitter are very close to checking all the boxes. Unfortunately, some of the companies haven’t responded to the survey, and the EFF couldn’t independently discover and confirm whether they are doing something about it.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.