The Solution to NSA Snooping?
Thanks a lot, you dirty traitor, Ed Snowden. Even though the clowns in Washington can't decide if, when, or how to protect American citizens from the prying eyes of the NSA, FBI and CIA, Snowden's revelations have prompted several Internet heavyweights into taking action on Internet privacy while they dither. Here's what's going on, and how you can benefit from it...
Is Privacy Possible on the Internet?
It’s been nearly a year since Edward Snowden blew the whistle on the NSA’s domestic spying activity. To my knowledge, no secret agents have had their covers blown; none has been captured, tortured, or executed. There have been no reports of years-long, billion-dollar intelligence operations ruined by the unpatriotic perfidy of Ed Snowden. Instead, quite a bit of good has come of his revelations.
First, We The People have had our rose-colored glasses shattered. We have seen irrefutable proof that our government has been monitoring, collecting, and sifting through data about our online activities on a scale far larger than we ever imagined authorizing. The sleeping citizenry has been rudely shaken awake, and many of us are getting cranky with our Congresscritters about privacy laws.
Our dully (sic) elected representatives may be taking their sweet time about reining in the NSA, but the private sector is already doing a lot. Google, Micosoft, Yahoo, and Facebook (seriously) have done more to beef up privacy protections than all the jawboning about it in Congress has.
And really, letting the private sector handle as much of the problem as possible, rather than waiting for the federal government to screw things up even further, is the best course of action.
Google was instrumental in making encrypted HTTPS connections standard between users and Webmail servers, a simple technique that protects your passwords and prevents eavesdropping on email while it’s in transit. That was in 2010; since then the words “secure connection” have become commonplace, signifying that the user and website are communicating over an encrypted Internet “channel.” Embarassingly, AOL, Yahoo, and Outlook.com (formerly Hotmail) dragged their feet for a few more years before following suit.
Snowden’s 2013 assertion that the NSA had actually hacked Google’s internal network to collect data on users’ search activity prompted Google to encrypt all of its internal search-related traffic. Now, everything is encrypted between user and Google; between Google’s search servers and storage servers; and on every storage device. (Try going to HTTP://www.google.com and you'll magically end up on HTTPS://www.google.com)
Encryption adds quite a bit of overhead to any computing process. Some incomprehensible math has to be done to scramble your data in a way that keeps it secure and allows it to be reconstituted on demand. To keep searches, webmail and other online transactions speedy, Google must have invested a ton of money in additional infrastructure. But Google didn’t stop there.
All of the third-party ad networks that dish ads to Google users must now deliver ads via encrypted connections. Also, Google has tweaked its search algorithm to give higher result-rankings (greater visibility, more clicks) to sites that require HTTPS connections by default.
Google also has private, commercial customers to placate. Foreign companies, especially, have been shying away from Google Apps and Docs services for fear of having their confidential data raided by the U. S. government. That fear extends to doing any electronic business with other U. S. firms.
To alleviate these concerns – and sell more business services - Google is working on an improved version of Pretty Good Privacy (PGP), the open-source public key encryption scheme developed by Phil Zimmerman. When PGP is implemented, even Google won’t be able to read users’ email. You know Google is getting serious about privacy when it’s willing to sacrifice its ability to invade it (in order to serve you better, of course).
Yahoo has never been known as a bulwark against hackers. It wasn’t until Snowden singled out Yahoo as one of the easiest-to-hack major service providers that Marissa Mayer, CEO and ex-Google exec, hastily ordered HTTPS enabled by default on Yahoo email.
What is End-to-End Encryption?
Remember, HTTPS means the content is encrypted on the sending computer before hitting the Internet, transmitted via an encrypted connection, and then decrypted on the receiving end, where it's presumably safe. That's enough protection to keep snoops from seeing your data as it passes over the Internet. But it does nothing to protect your data once it's stored at the destination.
If you are concerned about your data once it reaches a server owned by Google, Yahoo, Microsoft, Dropbox, or any other cloud service, you need “end-to-end” encryption, which ensures that the data is readable only by the intended recipient. Put another way, it means that your data can't be viewed by people on the other end, be they employees, hackers, or the Feds -- because they lack the keys to unscramble the data.
Google made end-to-end encryption available as a Chrome browser extension in June, 2014. Yahoo won’t have it ready before 2015, according to the company.
Microsoft gave end-to-end encrypted email options to its Office 365 customers in November, 2013. But if you use the free Outlook.com (formerly Hotmail) Webmail service, Redmond has nothing for you.
Facebook enabled HTTPS connections by default back in 2011. Of course, Facebook can still rifle through everything you upload to it and do pretty much whatever it wants with what used to be yours, according to its TOS. That's because your data travels securely to Facebook's servers, but is decrypted once it arrvives. (No end-to-end encryption.)
Facebook is taking additional steps to ensure that only it can spy on its users, with the planned rollout of “Perfect Forward Secrecy” in its HTTPS encryption. PFS basically means the encryption key on the HTTPS server is changed much more frequently, so a hacker who obtains a key can pilfer less data. Facebook also acquired security firm PrivateCore recently; it remains to be seen what that company will do for Facebook users’ privacy.
Yes, we owe a big shout-out to that dirty, backstabbing Edward Snowden. Whatever his motives may have been, whether you believe he's a hero or a traitor, it turns out he stabbed just the right backs.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 25 Aug 2014
|For Fun: Buy Bob a Snickers.|
Is Apple Spying on Your iPhone?
The Top Twenty
Where is the Internet Fastest?
There's more reader feedback... See all 45 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- The Solution to NSA Snooping? (Posted: 25 Aug 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved