Deeplinks Blog posts about Encrypting the Web
Over the past week many more details have emerged about the HTTPS-breaking Superfish software that Lenovo pre-installed on its laptops for several months. As is often the case with breaking security incidents, most of what we know has come from security engineers volunteering their time to study the problem and sharing their findings via blogs and social media.
News broke last night that Lenovo has been shipping laptops with a horrifically dangerous piece of software called Superfish, which tampers with Windows' cryptographic security to perform man-in-the-middle attacks against the user's browsing. This is done in order to inject advertising into secure HTTPS pages, a feature most users don't want implemented in the most insecure possible way.
Terrorists, hackers, and journalists. According to a recent Guardian article covering new Snowden documents, British spy agency GCHQ considers all of these individuals threats—various levels of threats, but threats nonetheless. One intelligence report goes so far as to say, "Of specific concern are 'investigative journalists' who specialise in defence-related exposés either for profit or what they deem to be of the public interest."
Last month we were very pleased to announce our work with Mozilla, the University of Michigan, Cisco, Akamai and IdentTust on Let's Encrypt, a totally free and automated certificate authority that will be launching in summer 2015. In order to let mainstream browsers seamlessly connect securely to your web site, you need a digital certificate. Next year, we'll provide you with that certificate at no charge, and, if you choose, our software will install it on your server in less than a minute. We've been pursuing the ideas that turned into Let's Encrypt for three years, so it was a great pleasure to be able to share what we've been working on with the world.
2014 has seen a flurry of events surrounding the issues of privacy and security when it comes to mobile devices. Here are some highlights.
EFF started the year by releasing HTTPS Everywhere on Firefox for Android. Before, HTTPS Everywhere could only protect web browsing on desktop platforms, but with the release of HTTPS Everywhere for Firefox for Android, that same protection became available for Android devices as well.
Pages
Subscribe to EFF Updates
Deeplinks Archives
Deeplinks Topics
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Innovation
- International
- Know Your Rights
- Privacy
- Trade Agreements
- Security
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anonymity
- Anti-Counterfeiting Trade Agreement
- Biometrics
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- CALEA
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- CyberSLAPP
- Defend Your Right to Repair!
- Defending Digital Voices
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA
- DMCA Rulemaking
- Do Not Track
- DRM
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2014 Copyright Review Process
- FTAA
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- OECD
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- Patents
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Printers
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- RFID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- Trans-Pacific Partnership Agreement
- Travel Screening
- TRIPS
- Trusted Computing
- Video Games
- Wikileaks
- WIPO
- Transparency
- Uncategorized
eff.org/nsa-spying
