Slashdot Mirror
2016 Saw A Massive Increase In Encrypted Web Traffic (eff.org)
EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes:
In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review
A true hero to anyone concerned about internet privacy.
That was a close one, wasn't it? We could almost have had DNSSEC based key management, but instead "we" managed to perpetuate the borken certificate authority system, now with less verification.
The goal is to stop mass surveillance. If GCHQ or the NSA really want that data, they will hack the site anyway.
By using HTTPS everywhere it just makes their job harder, so they can't spy on everyone by default.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
HTTPS doesn't hide what computers contacts other computers. I doubt NSA cares that much about the actual content of the communication. By just checking the metadata they can see if someone is communicating with someone on their naughty-list and add them to it. It doesn't matter if you just asked what time it was. If you are talking with a terrorist you are considered to be a terrorist.
The metadata NSA is after is not your computer contacting to facebook.com, it's Alice sending a Facebook message to Bob. They very much want to unwrap HTTPS to get to their level of metadata. And I'm pretty sure they slurped up the content too, because we're the NSA and the rules don't apply to us.
Live today, because you never know what tomorrow brings
The goal is to stop mass surveillance. If GCHQ or the NSA really want that data, they will hack the site anyway.
By using HTTPS everywhere it just makes their job harder, so they can't spy on everyone by default.
Specifically it stops them from 'tapping glass' in places like Room 641a:
* https://en.wikipedia.org/wiki/Room_641A
There are valid reasons for surveillance and wire tapping on individuals; there are few-to-no valid reasons for mass surveillance. HTTPS everywhere stops the latter.
> It also destroys trust in the CA, which means people switch to another on that cannot be so easily compromised by that specific government.
$DEITY, I wish. CAs have inappropriately issued _wide_ certs (for names such as "mail" or "news") to people, issued certs to entities that clearly didn't control those domains, left their private keys on a publicly accessible portion of their website (!), issued certs that could be used to issue _more_ certs for _any_ domain(!!), and on and on and on. AFAIK, only _one_ CA has ever been removed from web browsers' trusted issuer lists, and that's DigiNotar.
CAs should have been getting killed left and right for the shit many of them have done, but that just doesn't happen.