Web browser giants Google and Mozilla have implemented practices encouraging users to take care of their online privacy and security in an ongoing shift towards data encryption.
Google has begun informing users of the security of websites they visit, warning them when a site does not use an HTTPS secure connection. This is intended to have the effect of “encryption shaming” users from risking their data integrity on unsecure sites.
Firefox, on their end, is stepping up measures to deal with insecure encrypted connections. The browser will block connections to HTTPS secure servers employing weak encryption. Firefox is establishing a minimum of 1023 bits for TLS handshakes using Diffie-Hellman keys, as a result of recent attacks on Diffie-Hellman keys.
Data security more valuable than ever
In an increasingly digital age, hacks and thefts of data are becoming more prevalent, and as such good security practices are paramount. Apple’s iOS 10 update makes devices 2,500 times easier to hack via a brute force attack than previous iterations, meaning that strong passphrases, rather than simple passwords, are a must.
Even when personal security is adequately handled, large companies present increasingly easy targets for wide-scale data breaches. Yahoo recently suffered a hack, resulting in a staggering 500 million accounts being accessed, their users’ data compromised.
The encryption debate has taken a front row seat since Snowden’s leak
Following the famed revelation by whistleblower Edward Snowden that the NSA was engaged in a mass secret collection of metadata, the importance of security has risen to the forefront. Facebook’s popular Messenger recently added an end-to-end encryption option. Apple, recently in a widely publicized struggle with the FBI over installing security backdoors in their devices, reaffirmed their commitment to privacy, with CEO Tim Cook declaring that encryption keeps the public safe. Even Hillary Clinton, the former secretary of state and current US presidential candidate and one of the bigger critics of Snowden’s leaks, uses Signal encrypted messaging for her campaign staff.
As available options for data encryption increase, however, so do methods of rendering them obsolete. According to Snowden, Google’s new encrypted messaging app Allo is insecure, and might as well be called “Google surveillance.” Popular encrypted messaging app WhatsApp may also be insecure, as an Israeli firm claimed it can break WhatsApp’s encryption via a man-in-the-middle attack from a backpack-sized device. In response to the increasingly challenging world of security, several new encrypted tools are on the horizon to provide a level of security beyond what tools such as Tor are able to provide.
These improvements to encryption technology come none too soon, as government around the world prepare to push back. The FBI announced an intention to crack down on encryption next year, after the attention from the US presidential election has died down. France and Germany want the European Union to ban end-to-end encryption, supposedly in a bid to fight against terror financing.