Who encrypts and who doesn’t?

101

Good encryption ensures safe and private communication – of course, unless someone has messed with this encryption before. Good encryption ensures safe and private communication – of course, unless someone has messed with this encryption before. Therefore, companies that use efficient encryption should be associated with the confidentiality and security of customers.

There is an organization – the Electronic Frintier Foundation – which was established to monitor how companies in the telecommunications and technology industries care about their users' data. This organization does not shy away from creating lists of companies (with their exact names) that grossly neglect this aspect.

Recently published by EFF report, ” Encrypt the Web” was created for this very purpose. We can read there that companies such as Google, SonicNet, Drobpox or SpiderOak take great care of customer data by encrypting them with the use of strong algorithms. These four companies are the big winners of the EFF report – they received approval in all five categories: Data Center Lookup Encryption, HTTPS and HSTS Support, Forward Secrecy and STARTTLS. In short, encrypting links in data centers means that, for example, Google encrypts data that flows between company data centers – the lack of this feature is a weak point that has been used many times by cybercriminals. The use of HTTPS ensures that all communication between the user and a given website takes place via a secure, encrypted channel. HSTS (HTTP Strict Transport Security) is a kind of protection for a web server, which ensures that communication with users always takes place via the HTTPS protocol. Forward secrecy or perfect forward secrecy is an encryption feature that ensures that one compromised key will not pose a threat to further transmissions. STARTTLS is an extension for e-mail that adds encryption to outgoing messages regardless of the e-mail client used by the user.

In its report, the EFF also mentions Facebook, which was conditionally approved in the five categories mentioned. Conditionally, because the king of social networks is just working on implementing the encryption function. Twitter has all categories except STARTTLS.

LinkedIn, Foursquare, and Tumblr are all halfway down the table with three categories. Yahoo got one star and a conditional one because it is just working on new policies. Apple received only one point – for using HTTPS in its iCloud cloud service. Microsoft, Myspace and WordPress also received one star each.

Companies that do not pay any attention to encryption are according to EFF Amazon, AT&T, Comcast and Verizon – they failed any test.

Earlier this year, a group promoting the digital environment also released a similar report – „Who’s Got Your Back?” – and the conclusions were similar. This report aimed to identify which tech and telecom companies are secretly collecting data for the government, and which actually care about their users. Both reports appreciated the efforts of companies such as Twitter, Google, SonicNet and SpiderOak. Similarly, the following companies got their way in these two reports: Apple, Yahoo, Verizon, AT&T, Comcast, and Amazon.

Of course, much has changed between the publication of the reports – we now know a lot more about governments' efforts to keep track of everyone. Looking at the results, it can be concluded that some companies are better and better at securing themselves and their clients against spying (regardless of who is spying). Unfortunately, you can also see that some organizations have an opinion on this, and it is not necessarily beneficial to users.

„We hope the results of our report will motivate companies that do not pay much attention to security and encryption to change their approach,” said EFF’s Kurt Opsahl.

For the report to be created, EFF sent surveys to individual companies. Not all companies responded. We can therefore guess that their security is not the best …

And what does all this mean for us, ordinary computer and internet users? Well, it’s not our goal to tell you what online services to use and which not to use. However, I think that all of us – including the people at EFF – will be reluctant to rely on services that bypass security and encryption. It is important that we make informed decisions with as much information as possible.