November 29, 2013 No Comments-
With every passing year, we share more and more of our data online, exchanging our details for free services or much-needed online tools. But which of these web services go the extra mile to keep our information safe?
An investigation from the Electronic Frontier Foundation, a not-for-profit organisation that fights for users’ rights online, investigated the ways the big companies like Google, Facebook, Amazon and Apple protect our information on the web.
Before we explain how well each company did, let’s take a quick look at the five criteria the EFF monitored, and what each of them does for web safety:
What was tested
The five criteria below were used to test how well companies secure your data as it travels between their servers and your computer. So what are the criteria?
Encrypted data centre links
This ensures that the data is encrypted when it moves between the company’s computers. This means that if someone is tapping the company’s connections, your data is still secured.
HTTPS is the basic form of encryption on the web, ensuring your connection with the website is encrypted from prying eyes.
HSTS insists on using HTTPS communications, preventing attacks where a network will pretend that the site has asked to communicate insecurely.
Forward security prevents attackers who have cracked the company’s encryption from going back and reading your previous communications with the company.
This technology ensures that emails are encrypted between email providers, so the messages are safe in transit.
So which company cares the most?
Unsurprisingly, it’s the world’s largest internet-based company that comes out on top: Google. The company uses all five methods to secure users’ data transmissions, meaning the company is serious and about keeping your data safe.
Twitter also performs admirably, scoring 4/5 and offering every security feature but STARTTLS, which is only applicable to email providers anyway.
Facebook scores a 3.5/5, with HTTPS and Forward Secrecy enabled. The encryption of data centre links and STARTTLS are in progress, with HSTS planned.
Apple (1/5), Amazon (0.5/5) and Microsoft (1/5), however, all performed rather poorly. Amazon only provided evidence of limited HTTPS support (not great from the world’s largest online retailer!), while Apple only proved that it offered HTTPS on its iCloud product, with no other security features on its products. Microsoft also supports HTTPS but none of the other technologies.
Will this information change your current internet lifestyle? Almost certainly not. But it’s nice to know which companies seem to take your data seriously for future decisions.
For example, you now know it’s probably better to open a new email account with Google than Microsoft or Apple, judging by how seriously they’re taking data transmission.
Data from: https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what#crypto-chart
Norman Safeground Blogs Archive