dslreports logo
 story category
Which Companies Actually Encrypt Your Data

On the heels of companies like Google and Yahoo rushing to encrypt server to server links after the ever-blooming NSA scandal, Techdirt directs our attention to a new report card over at the EFF that grades the Internet's largest companies on their use of encryption.

Just four companies: Dropbox, Google, SpiderOak and Sonic.net get a perfect score on all criteria measured, including encrypting server to server links, https support, https strict support, forward secrecy support, and STARTTLS support.

You'll of course note the dismal ranking of AT&T, Verizon and Comcast who handle traffic for all of these companies -- and then some.
Click for full size
view:
topics flat nest 

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

Metatron2008

Premium Member

Amazon and tumblr have more red.

10char

nekkidtruth
YISMM
Premium Member
join:2002-05-20
London, ON

nekkidtruth

Premium Member

Re: Amazon and tumblr have more red.

nevermind
SunnyD
join:2009-03-20
Madison, AL

SunnyD

Member

Honestly, what does it matter?

The majority of one's internet traffic isn't going to be to one of these sites. A single hole in the damn will still flood the valley eventually. Unless end-to-end encryption is available to EVERY SITE someone visits, this is much ado about nothing.

battleop
join:2005-09-28
00000

battleop

Member

Before you scold others....

Isn't this site's default login page non https?

chip89
Premium Member
join:2012-07-05
Columbia Station, OH

chip89

Premium Member

Re: Before you scold others....

Yes it is!

mackey
Premium Member
join:2007-08-20

mackey to battleop

Premium Member

to battleop
The actual data is sent to the https server though (view-source and you will see the form POSTs to https secure.dslreports.com). It's still bad as a MitM can inject malicious code to grab the info out of the form before it's sent.

/M
gene32
join:2004-05-03
Reynoldsburg, OH

gene32

Member

Caught red handed

I love how a week or so ago when Google's techs were all publicly "mad" about the NSA tapping into their servers and started encrypting the traffic. Why weren't these techs raging YEARS AND YEARS ago when all this started? **tumbleweed goes by**

Fact is, all these tech companies were complicit from the get go. These companies should have went public with this the second the NSA started down this slippery slope since it is a violation of the Constitution. But hey, forget I said anything..........go back to tweeting and watching Kim Kardashian and football. `MURICA!!!!!!!!!!!!!!!! We need to snoop on everyone to catch terrorist. You DO love `MURICA, right????? It's for the children also!
easonin
Rock Ridge, FL
join:2008-07-08

easonin

Member

Re: Caught red handed

said by gene32:

Fact is, all these tech companies were complicit from the get go. These companies should have went public with this the second the NSA started down this slippery slope since it is a violation of the Constitution. But hey, forget I said anything..........go back to tweeting and watching Kim Kardashian and football. `MURICA!!!!!!!!!!!!!!!! We need to snoop on everyone to catch terrorist. You DO love `MURICA, right????? It's for the children also!

That's so funny, and true!!! Most people will do exactly that, put their heads back in the sand, or TV, as it were, and not think about any of this.
I would like to be free. Especially from those types of people. How about you?
»freestateproject.org/ --"...an agreement among 20,000 participants to move to New Hampshire for "Liberty in Our Lifetime.""

battleop
join:2005-09-28
00000

battleop to gene32

Member

to gene32
I thought these companies bragged that they OWNED their networks, i.e. the fiber and gear end to end. IF that's the case then how is the NSA getting physical taps into their networks without knowing what's going on?
HeadSpinning
MNSi Internet
join:2005-05-29
Windsor, ON

HeadSpinning

Member

Re: Caught red handed

said by battleop:

I thought these companies bragged that they OWNED their networks, i.e. the fiber and gear end to end. IF that's the case then how is the NSA getting physical taps into their networks without knowing what's going on?

They probably own long term IRUs on existing cable, meaning that they can treat it like an owned asset on the books, but it's really someone else's infrastructure.

Fibre can be tapped without the owner knowing it is happening. It could be as simple as a splitter tucked inside a splice closure, or simply the underlying cable owner granting access. We use contractors for our splicing, and if they came across a small splitter inside an existing tray, they'd likely just assume it was supposed to be there and carry on with their work.

jlivingood
Premium Member
join:2007-10-28
Philadelphia, PA

jlivingood

Premium Member

Missing some nuance.

Re "You'll of course note the dismal ranking of AT&T, Verizon and Comcast who handle traffic for all of these companies -- and then some."

I think this issue is a bit more complex for network operators than websites...
Skippy25
join:2000-09-13
Hazelwood, MO

1 recommendation

Skippy25

Member

Re: Missing some nuance.

And I would expect you to think no less.
openbox9
Premium Member
join:2004-01-26
71144

openbox9

Premium Member

Re: Missing some nuance.

So you think that backbone providers should encrypted all traffic traversing their networks? That's silly and horribly inefficient.

Dropbox
@cox.net

Dropbox

Anon

Dropbox ete encryption is great...

...so long as they don't hit the wrong button rendering it all moot.

Trust no one with anything.
LSTA
join:2010-11-25
North York, ON

LSTA

Member

Nice list...

But they forgot certificate pinning! It helps catch the MITM bad guys

Google does it.

A better list would include mobile apps on different platforms. And would have fewer "undetermined" entries because you can, in fact, check for yourself.