Deep Dive: A Look at Top Retailers’ Security Practices
In April 2019 the Internet Society’s Online Trust Audit released its 10th Online Trust Audit and Honor Roll. One of the longest-running sectors covered in the Audit is online retailers. In this blog post we will look at the top 500 online retailers in the US based on online sales and how they fare in security best practices advocated by OTA.
Overall 65% of online retailers in the top 500 made the honor roll this year, a marked improvement over 2017 when just over half (51%) did. With the upcoming holidays many consumers will be doing much of their shopping online, therefore it is more important than ever that any online retailer practices good email and site security. After all, consumers are sending highly-sensitive data like credit cards and addresses at a much higher rate during the holidays.
In site security retailers fared well, as did most sites. Fully 92% of the top 500 online retailers has AOSSL/HSTS on their sites (virtually the same as 91% of sites overall). The good news this year is that this is a significant increase over the the 38% that had AOSSL/HSTS in 2017. The bad news is that the fact that this is Continue reading
What Is a Man in the Middle (MITM) Attack?
Simply put, MITM is an attack in which a third party gains access to the communications between two other parties, without either of those parties realising it. The third party might read the contents of the communication, or in some cases also manipulate it. So, for example, if Gerald sends Leila a message, intending it to be private, and Max intercepts the message, reads it, and passes it on to Leila, that would be a MITM attack. If Gerald wants to transfer £100 to Leila’s bank account, and Max intercepts the transaction and replaces Leila’s account number with his own, that would also be a MITM attack (in this case, Max is putting himself ‘in the middle’ between Gerald and his bank).
Why should I care?
Partly because MITM attacks can undermine so much of our modern way of life. In a connected life, we depend on the reliability and security of every connection. It’s not just about your conversations, messages and emails, either. If you can’t trust the connections you make to websites and online services, you may be vulnerable to fraud or impersonation, and if your connected devices and objects can’t communicate securely and reliably, they may put Continue reading
The Week in Internet News: Balloon-Based Internet Comes to the Amazon
Internet from the skies: Loon, Google’s sister company, is teaming up with Internet provider Telefonica to provide Internet access to remote areas of the Amazon rainforest in Peru, TechCrunch reports. Loon, the high-altitude balloon company, plans to have the service available in 2020. The area of Peru targeted by the service has about 200,000 residents.
Internet from the highway: Meanwhile, Osceola County Schools in Florida has equipped an unused bus with computer equipment in an effort to bring Internet access to homeless students living in motels, WSBTV.com reports. The school district, south of Orlando, has about 500 students living in motels, some with limited Internet access.
Investigating encryption: A top official at the U.S. Department of Justice has hinted that end-to-end encryption services could be part of a sweeping investigation into some big tech companies, the New York Times reports. The DOJ and law enforcement agencies from other countries have been pushing large tech companies like Facebook to drop their end-to-end encryption services, to the chagrin of many security experts.
Iran shuts it down: The Iranian government shut down Internet access for citizens for several days in response to protests about huge hikes in fuel prices, CNN.com reports. Continue reading
Rachel Player Honored by Internet Security Research Group with Radiant Award
Internet security is accomplished by many unsung heroes. People who put their talent and passion into improving the Internet, making it secure and trustworthy. This is a feature of the Internet: security isn’t achieved through a central mandate but through the hard work and tenacity of individuals working across the globe.
Rachel Player, a cryptographic researcher, is one of those unsung heroes. She’s just been awarded the Radiant Award from the Internet Security Research Group, the folks behind Let’s Encrypt, for her work in post-quantum cryptography and homomorphic encryption. Homomorphic encryption allows people to do computations on encrypted data, so that information can remain private and still be worked with. This is a highly-relevant field in any area that deals with sensitive and personal data, such as medicine and finance. Player is also interested in lowering the barriers for young people – young women, especially – to work professionally on topics like cryptography.
Want to know more about Let’s Encrypt? Read a comprehensive overview of the initiative – from inspiration to Continue reading
Alain Aina: 2019 Jonathan B. Postel Service Award Winner
Alain Aina has been a key player in the Internet in Africa. While the winner of this year’s Jonathan B. Postel Award has had support from organizations and others, his leadership in building technical communities has helped countless people to spread the Internet across Africa and the world.
As the chief technology officer of the West and Central Africa Research and Education Network (WACREN), Aina has been building a Regional Research and Education Network to interconnect National Research and Education Networks (NRENs) in the region and connect them to the global Research and Education Network. He wants the world to see the work of Africa’s premier researchers and carve out its spot in the academic world – in a way that would be impossible without the resources of this new network and community. He also contributes to AfricaConnect2, a project that supports the development of high-capacity networks for research and education across Africa, by building on existing networks in Eastern, Northern, and Southern Africa to connect to West and Central Africa’s WACREN.
Aina fell into this work after graduating in the early 90s with a degree in electrical engineering and in the maintenance and analysis of computer systems. He was hired to be a technical seller Continue reading
Five Key Takeaways from the Summit in Asia-Pacific on Deploying, Sustaining and Scaling Community Networks
Community networks (CNs) offer a solution to connect the unconnected billions. They are becoming all the more important as recent trends reveal a slowdown in Internet connectivity growth through national operators in the Asia-Pacific region.
Late August, the Internet Society and the United Nations Economic and Social Commission for Asia and the Pacific organized the Asia-Pacific Regional CN Summit 2019 in Bangkok, Thailand. The event brought together about 110 participants that included high-level government officials from Asia and the Pacific, and a multidisciplinary group of regional experts on community networks, civil society groups, industry representatives, and academics and researchers to deliberate on critical issues surrounding CNs.
What are Community Networks?
They are “do-it-yourself” networks built by people for people. They are not just connecting communities, but are empowering rural and remote communities to improve their lives. Speakers and participants at the Summit shared some successful examples from the region, including India’s Garm Marg Rural Broadband Project, which has improved communities’ access to government and financial services, Nepal’s community networks, which have helped communities recover from the devastating Gorkha Earthquake in 2015 and prepare for future disasters, and Pakistan’s community network, which has enhanced learning for girls at a remote Continue reading
The Week in Internet News: Let’s Encrypt Doubles the Number of Secure Websites
A more secure Internet: Let’s Encrypt, the nonprofit certificate authority, has helped the percentage of websites protected with HTTPS encryption jump from 40 percent in 2016 to 80 percent now, TechXplore notes. The free certificate service has “turned the implementation of HTTPS from a costly, complicated process to an easy step that’s within reach for all websites.” Let’s Encrypt has become the world’s largest certificate authority and provides more HTTPS certificates than all other certificate authorities combined.
The right to the Internet: A new study by Merten Reglitz, a lecturer in global ethics at the University of Birmingham, suggests Internet access should be a human right, Vice reports. Internet access is “highly conducive to a multitude of crucial human interests and rights,” the study says. “Internet access is a uniquely effective way for lobbying and holding accountable global players like global governance institutions and multinational corporations.”
You must include these apps: The Russian government may require PC and smartphone makers to pre-load Russia apps, ZDNet reports. The Russian parliament is debating a bill to require the pre-loaded apps. If the bill passes, the Russian government would publish a list of electronic devices that will need to comply Continue reading
IETF 106 Begins Nov 16 in Singapore – Here is how you can participate remotely in building open Internet standards
Starting Saturday, November 16, 2019, the 106th meeting of the Internet Engineering Task Force (IETF) will begin in Singapore. Over 1,000 engineers from around the world will gather in the convention center to join together in the debates and discussions that will advance the open standards that make the Internet possible. They are gathered, in the words of the IETF mission, “to make the Internet work better“.
Pick your protocol – the future of DNS, DOH, TLS, HTTP(S), QUIC, SIP, TCP, IPv6, ACME, NTP… and many, many more will be debated in the rooms and hallways over the next week.
What if you cannot be IN Singapore?
If you are not able to physically be in Singapore this week, the good news is you can participate remotely! The IETF website explains the precise steps you need to do. To summarize quickly:
- Register as a remote participant. There is no cost.
- Review the agenda to figure out which sessions you want to join. (I will note that there are some very interesting (to me!) Birds-of-a-Feather (BOF) sessions at IETF 106.)
- Choose the channel(s) you will use to participate, including:
- Meetecho (video, slides, audio, and chat)
- Audio Continue reading
IoT Security Policy Platform Wants to Raise the Bar On Global IoT Security
By next year, five Internet of Things (IoT) devices are projected to be in use for every person on the planet.
IoT devices offer endless opportunities to improve productivity, economic growth, and quality of life. Think smart cities, self-driving cars, and the ways connected medical devices can monitor our health. The potential growth of IoT is virtually infinite.
But with opportunity comes a significant amount of risk. As much as we’d like to trust manufacturers to make sure burglars can’t watch our homes through data from an automated vacuum, many new devices lack even basic security features. And thousands of new devices are coming online each year without commitment to basic measures such as using unique passwords, encrypting our data, or updating software to address vulnerabilities.
To help people and businesses around the world prepare, a dedicated group is rising to the challenge of securing the Internet of Things though cooperation across borders and sectors.
They are government agencies, non-governmental organizations, and other organizations and experts working on IoT security joined together to form the IoT Security Policy Platform. We are proud to say the Internet Society is amongst them too. Together we’ve been discussing and sharing best practices and Continue reading
The Internet Society & Public Interest Registry: A New Era of Opportunity
Today marks the beginning of an exciting new chapter for the .ORG Community. Earlier today, the Internet Society and Public Interest Registry (PIR) announced that they have reached an agreement with Ethos Capital, an investment firm that helps transform and grow companies in today’s rapidly evolving digital economy, under which Ethos Capital will acquire PIR and all of its assets from the Internet Society.
As brief background – in 2002, the Internet Society won a competitive bidding process for the .ORG registry and established PIR to manage and operate the .ORG domain. Since that time, the Internet Society and PIR have worked to grow .ORG into the largest purpose-driven domain – used today by millions of organizations and others to achieve their online goals – and PIR’s contributions to the Internet Society have helped make the Internet more available, accessible and secure for people around the world.
This transaction aligns PIR with a strong, new strategic partner, Ethos Capital, that not only possesses a deep understanding of the intricacies of the domain industry, but also has the ideal mix of expertise, experience and shared values to further advance the goals of .ORG into the future. Continue reading
Peace and Cyber Hygiene
It doesn’t immediately make sense, does it: the terms peace and cyber hygiene in the same breath. Still, there is a reason why these two come together at the Paris Peace forum this week. That reason is simple though. Cyber hygiene – taking basic and common measures to secure software, devices, and networks – reduces the attack vectors that can be used by criminals and state actors alike. Cyber hygiene will reduce the odds that your network is seen as a belligerent actor just because it has been hacked by others. Cyber hygiene helps to create a more trustworthy and secure environment where people can go about their daily business in confidence that nothing dreadful will happen to them. It is one of the tools in the toolbox of confidence-building measures that enable peace.
Supporters of the Paris Peace Call, which was launched at the Peace Forum last year, are committed to working together to, among other things, “improve the security of digital products and services as well as everybody’s ‘cyber hygiene.’” The Internet Society has joined with a significant number of states, companies, and organizations to sign the Paris Call.
The topic of cyber hygiene is not Continue reading
Heads Up! A Slight Change to the Internet Society Election Process
I’m writing to the Internet Society community today with a notice that there is a key change to the Procedures for Selecting Trustees starting this year. This change reduces the duration of voting period from 28 to 14 days in the Internet Society Board of Trustees elections through which Chapters and Organization Members get to elect candidates to the Board.
If you read the 2019-2020 Elections Timetable carefully, you may notice that the Candidates Forum and the voting period are no longer done in parallel. As the below timeline shows, the 28-day period that used to be allocated for voting and the Candidates Forum is now split into two distinct sequential stages: the first 14 days is for the Candidates Forum and the second 14 days is for voting.
This decision was made for two reasons.
The first is to allow candidates to be heard fully before votes are cast. Upon examining the activity log of the last elections, we realized that some voters cast their ballots before the candidates had a chance to interact with the community. Voting before hearing what candidates have to say in the Candidates Forum is detrimental to the elections process as it encourages Continue reading
The Week in Internet News: Facebook Moves Forward with Encryption, Despite Concerns
Forging ahead: Facebook plans to move ahead with plans to expand encryption despite concerns from law enforcement agencies that it will be used by criminals, the New York Times reports. Facebook’s decision to expand encryption across its Messenger platform comes after complaints by top law enforcement officials in the United States, United Kingdom, and Australia that Facebook’s plan to encrypt messaging on all its platforms would make it more difficult to find child sex predators and pornographers.
Investigate the ISPs: Mozilla has asked Congress to investigate data collection by Internet service providers following reports that Comcast is lobbying against browser plans to implement the encryption scheme DNS-over-HTTPS, Vice reports. Mozilla’s rollout of DNS-over-HTTPS “has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over internet usage,” the browser maker wrote.
The next billion: The next billion Internet users will have significantly different goals and needs than the first billion, Quartz says. While many observers have talked about the Internet being a tool to deliver basic needs, many new users will be focused on using the Internet for leisure activities, the article predicts. And while many users in the West are focused on privacy, many Continue reading
Social Media Crisis Drives Ongoing Decline In Global Internet Freedom
Global Internet freedom declined for the ninth consecutive year in 2019, largely as a result of social media increasingly being used by governments around the world as a conduit for mass surveillance and electoral manipulation. The Freedom on the Net 2019 report, the latest edition of the annual country-by-country assessment of Internet freedom, was released on November 5 by Freedom House, and highlights the shift in social media from a level playing field for civic discussion to an instrument of political distortion and societal control.
The Freedom on the Net 2019 report analyzed Internet freedom in 65 countries worldwide, covering 87% of global Internet users. Surveyed countries are designated as ‘Free’, ‘Partly Free’, or ‘Not Free’ based on an examination of, and scoring against, three categories: obstacles to access, limits on content, and violations of user rights.
Of the 65 countries assessed, 33 of them saw Internet freedom decline over the last year, with the biggest drops observed in Sudan and Kazakhstan. The longtime presidents of both countries were ousted, leading to widespread blocking of social media platforms, disruptions of Internet connectivity, and the increased use of electronic surveillance to undermine free expression.
The report called digital platforms Continue reading
A Step Further in Making Pakistan Digitally Accessible
In a bid to improve digital accessibility in Pakistan – a country with about 30 million persons with disability (PWDs), according to the World Health Organization – we recently partnered with the Ministry of IT (MoIT) and the National IT Board (NITB) so that more existing government websites could include accessibility features and future websites could incorporate such designs. We set out to make five websites more accessible – as a start – and are already seeing encouraging results.
According to local study and research paper, a majority of websites in Pakistan, including government, are not accessible for PWDs. PWDs face various challenges in using websites based on their impairment.
For example, persons with visual impairments can face compatibility challenges when screen reader software is used to access visual displays that are not labelled or hyperlinks that do not make sense when read out of context. Those with low vision are not able to access websites that cannot be adjusted for font type and size, contrast, and use of colors, and individuals who are deaf are not able to understand the narration in an online video if it is not properly captioned.
As part of this commitment given by Continue reading
Owning Your Keys: The Technical and Human Side of Encryption
Ever wonder if your next doctor’s appointment will result in jail time? Luckily most of us never have to think about that. But LGBT Tech Executive Director Chris Wood says for people in countries where their truth is outlawed, the prospect of finding a trusted healthcare provider without encrypted messaging apps is worse than grim. It could be deadly.
Efforts to weaken encryption threaten our ability to keep our most vulnerable communities safe online. As the best tool available to protect our digital security, encryption helps ensure that data and messages are kept private and make it much more difficult for outside parties to get access to sensitive information. Encryption helps ensure that your digital bank transactions are secure, your passwords are kept safe, and your stored data can’t be accessed by any unintended parties.
This security tool protects all Internet users, but it is critical for vulnerable communities. For example, there is an alarming and growing threat of abusive partners using Internet-connected devices and other online tools to surveil and control their partners. This can make it even more difficult for victims to seek help. However, by using devices and services that encrypt web traffic, communications, and location info, Continue reading
The Week in Internet News: Russian Law Allows Country to Disconnect from Internet
Walking away: A Russian law that allows the country to disconnect from the outside Internet in the case of a cyberwar has gone into effect, PC Mag reports. The law allows the government there to serve up its own approved version of the Internet to residents. Some critics say the law could make the entire Internet more open to attacks.
Gone missing: The Internet has lost its soul by pushing commercial interests ahead of the public good, argues Janet Abbate, a professor of science, technology, and society at Virginia Tech in a column at the Washington Post. “Expanding access to the Internet, combined with looser government regulations, ultimately produced a situation no one foresaw or intended,” she writes. “On today’s Internet, conspiracy theories run rampant, identities can be faked and our real-life elections are vulnerable to manipulation. A network designed for spreading truth became a profit-driven industry, a public sphere that threatens to undermine the public good.”
Into middle age: There were a lot of recent articles about an important Internet milestone in late October. Ars Technica notes that the original ARPANET had just four nodes when it launched in 1969. “The first letters transmitted, sent from UCLA to Stanford Continue reading
What Scary Movies Can Teach Us About Internet Trust
Mad geniuses. Evil dolls. Slow zombies. This Halloween, we’ll see all of these horror film clichés come to life. Sure they’re fun, but are there lessons we can learn from them? What if they could teach us what not to do? We looked at seven scary tropes and what they might teach us about Internet trust.
The call is coming from inside the house.
The phone calls keep coming, each one scarier than the last. Ring. “Are you home alone?” Ring. “Have you locked the doors?” Ring. “Look in the basement.” It’s only then you realize the stalker has been in the house all along.
We lock our doors to make our homes more secure, but we don’t always think about the security of the things we connect to our home networks. An insecure connected device can put your whole network and the devices on it at risk. Meaning, yes, the cybersecurity threat could be coming from inside the house. By protecting your home network, you limit your devices’ exposure to online threats and help mitigate the risk they may pose to others. You can make your network more secure by using encryption, a strong password, and Continue reading
The Invisible Internet
Editor’s Note: Fifty years ago today, on October 29th, 1969, a team at UCLA started to transmit five letters to the Stanford Research Institute: LOGIN. It’s an event that we take for granted now – communicating over a network – but it was historic. It was the first message sent over the ARPANET, one of the precursors to the Internet. UCLA computer science professor Leonard Kleinrock and his team sent that first message. In this anniversary guest post, Professor Kleinrock shares his vision for what the Internet might become.
On July 3, 1969, four months before the first message of the Internet was sent, I was quoted in a UCLA press release in which I articulated my vision of what the Internet would become. Much of that vision has been realized (including one item I totally missed, namely, that social networking would become so dominant). But there was a critical component of that vision which has not yet been realized. I call that the invisible Internet. What I mean is that the Internet will be invisible in the sense that electricity is invisible – electricity has the extremely simple interface of a socket in the wall from which something called Continue reading
The Week in Internet News: U.S. Big Tech Firms Skip Chinese Internet Conference
Not our model: Google, Twitter, Facebook, and Apple skipped a Chinese conference focused on a global governance model for the Internet, Asia One reports. During the conference, China promoted its highly restrictive model of the Internet. Google, Twitter, and Facebook are blocked in China, while Apple must use a local partner to offer cloud services, the story notes.
No news for you: Meanwhile, the Chinese government’s Great Firewall blocks 23 percent of the news organizations that have journalists stationed in the country, reports the South China Morning Post, citing statistics from the Foreign Correspondents’ Club of China. Nearly a third of English-language sites are blocked. Blocked sites include the BBC, The Guardian, The New York Times, The Wall Street Journal, and the Washington Post.
Flying cars and smart mirrors: Among the Internet of Things trends to look for in 2020 are flying cars and mirrors that deliver news and weather while you’re brushing your hair, What Mobile says. Widespread use of flying cars may be a way off, but one startup is working on them. Multilingual voice assistants and flexible displays are other things to watch for.
Opposed to encryption: A large U.S. Internet service provider is lobbying lawmakers in opposition to Continue reading