Who Keeps Your Data Safe(ish) From the NSA?


For those concerned about National Security Agency interception of commercial data—information that you might share with Facebook, Google, and other online outfits—the Electronic Frontier Foundation keeps a running tally of encryption measures implemented by such firms. Since the NSA often hacks into data links without any legal niceties, such encryption has the potential to dramatically improve security. Even when government officials come with rubber-stamp court authorization in hand, or other tools for compelling compliance, tools like the perfect forward secrecy recently implemented by Twitter can limit the snoops' take. It can even make it impossible for companies to do as the official eavesdroppers ask. That's important for American firms that find their ability to compete both locally and globally seriously hindered by assumptions that their data storage systems are effectively reading rooms for the NSA.

According to the EFF, the table below shows where major online firms stand at the moment in their encryption efforts. This is a moving target, of course, so keep checking back with the EFF for new developments.

Online firms' encryption efforts

Definition-wise, encrypted data center links are important, because the NSA has been tapping into the free flow of information between servers owned by companies like Google. Encrypting that flow means snoops will nab scrambled and incomprehensible information (unless they crack the encryption).

HTTPS provides a secure connection to Web pages, so that your activity is less easily observed.

HSTS is basically a more secure form of HTTPS.

Perfect Forward Secrecy encrypts each session you spend on a service like Facebook independently, so that even if snoops or hackers get access to one encryption key, they can't retroactively decrypt everything you've done in the past.

STARTTLS is a means on encrypting communications between email servers. Those with their status listed in red, above, provide email to the public, making it a bigger deal than those whose status is in grey, and provide only internal email.

Of course, all of this could be bypassed if the government forces online companies to build in technology that eases wiretapping, which it has already done to telecoms. In that case, look to overseas services—or implement your own encryption.

NEXT: Rep. Sensenbrenner Wants Intelligence Director Clapper Prosecuted for Lying

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Why did they leave off AOL?

    1. “You’ve got spies!”

  2. Could I get the ratings for fleshbot, Youporn, Xtube, and Epismom.com? One of my friends wanted to know.

    1. Everyone’s already seen Epismom so they don’t collect data on it anymore.

    2. Whoa, I haven’t been on fleshbot in forever.

      *sets google reminder to check it out when I get home*

      1. They redid their format which is a little irri…uh, I mean, yeah I haven’t been there either, been way to busy at work.

      2. Only Gawker could make porn boring.

        1. Who doesn’t like fat lesbian tattoo porn?

          1. See, this is why you shouldn’t have women in your porn. Someone is going to complain about objectification and then next thing you know your porn doesn’t meet fantasy expectations. No one cares if you objectify men, so we’re able to retain the full porn experience.

            1. I’ll suffer to keep those women employed.

        2. You knew they were going to fuck up the content when they blew the branding strategy by failing to name it Wankette.

        3. Damn, I was about to point out that it was spun off from the Gawker network a few years ago, but apparently that was a PR ruse to make it seem more women friendly.

  3. Looks like it might be time for Epi to finally abandon his MySpace account.

    1. Look, his boy band is just about to hit the big time. Where else is he going to market their music to the masses?

      1. I think you meant “‘boy’ band” there, JW.

        1. Actually, the quote should be around ‘band.’

  4. And what is Reason doing to protect our data? I don’t see any https up there.

    1. Given the unkind words for the h&r commentariat from Postrel et. al., I imagine they’re rooting for the NSA on that count.

  5. If I’m reading the chart correctly, then Dropbox rocks! I’m glad I support their service as a customer.

  6. I’m a little dubious about that chart, given how good it makes Facebook look. They’re notoriously not good, right?

    1. You know who else was Notorious?

      1. Girls? – they’ll keep the secrets, so long as boys make a noise.
        Fools run rings to break up something they’ll never destroy.

        1. I…I… there’s no good way to say this.

          I paid money to see them in concert some decades ago, and had their cassette on my Walkman.

          There. I feel cleansed.

          1. I bet that would have been a good show. They are an underrated group.

            1. It was. One of the few concerts I actually remember from that time. Big bright lights that spelled “NOTORIOUS” that flashed incessantly. Odd that no one went into an epileptic fit; maybe we were stronger then.

          2. As a child of the 80s, there’s very little shame in that.

            1. Back in junior high I had a copy of Rio. I’m not proud of this.

            2. Sixties nostalgia started as soon as the seventies began. Seventies nostalgia started the day Reagan was elected. Eighties nostalgia… Uh, what’s eighties nostalgia?

              1. Oingo Boingo is 80’s nostalgia, not this DD teenybopper stuff. Although I did enjoy the Power Station

              2. 80s nostalgia is an affliction suffered by millions. My wife is prone to debilitating knee weakness whenever she hears A Flock of Seagulls, The Cure, or Modern English. I’ve tried to get her help, but currently, there is no cure.

                1. Remind her about Men At Work.

          3. I saw them in high school. Mom insisted she drag us young’ns along for the culture, or something.

            I passed out in my seat.

            Now B?C, that’s an 80s group I enjoy.

            1. Now B?C, that’s an 80s group I enjoy.

              Didn’t their music lead teens down the slippery slope of AD&D playing and suicide and stuff like that? I vaguely remember being Warned by Serious People about this.

              1. History shows again and again how nature points out the folly of man.

                1. |-O

                  *Sees what you did there*

              2. In fairness, I did play some D&D back in the day. And I did renounce my family’s religion and join that satanist death-cult for a few years. And the prosecutors floated around some accusations. Nothing was ever proven.

                But come on, B?C was responsible for maybe 40% of that.

                1. Well I presume violent video games on your Atari 2600 were responsible for the other 60%. I mean, Yar’s Revenge makes Grand Theft Auto look like Candyland, for chrissakes.

              3. No, it led to over use of cowbells.

      2. Christopher George Latore Wallace?

    2. What difference does any security on Facebook really make? It’s basically digital oversharing. Why would you put anything on Facebook that you don’t want anybody else to know?

      1. I was thinking the same thing about Twitter.

        Other than your credentials, what is it about Twitter that isn’t already public?

        1. You can have a private account, with tweets only visible to followers you’ve approved. You also don’t have to publicly reveal geographic information, and presumably Twitter has plenty of other metadata about you that’s not public.

          1. You can have a private account, with tweets only visible to followers you’ve approved

            That sounds almost dom/sub.


          2. presumably

            lot of weasel it that word, though. Every time I hear about some company patting itself over their security I smell lawyers at work.

            Robert Heinlein nailed it years ago: Political tags – such as royalist, communist, democrat, populist, fascist, liberal, conservative, and so forth – are never basic criteria. The human race divides politically into those who want people to be controlled and those who have no such desire.

            1. What about those who want others controlled, but have no desire to be controlled? Not that it matters overmuch in practice, but I would be surprised if anyone outside the hardcore progressives/social conservatives will admit to wanting protection from themselves. Everyone else savvy enough to see politics as a means to very personal ends imagines it’s the neighbor, the boss, the rich, or the criminals getting the boot-on-neck treatment from authorities.

    3. I’m a little dubious about that chart, given how good it makes Facebook look. They’re notoriously not good, right?

      Facebook is notoriously bad because its users are notoriously bad.

      Point being, Facebook may encrypt its internal streams so I can’t see your drunk pics by executing a man-in-the-middle attack, but I can just go straight to your facebook page instead.

      1. Precisely this!

        If I install a secure browser, encrypt your data, set up 100 proxies, etc and generally make your computer “hack proof”, it won’t make a lick of difference if you post all your information on an insecure forum.

        It also does nothing to protect against “lawful” orders by the NSA to obtain said data. The companies themselves might be protecting the data, but it would be more accurate to say that they’re protecting against hackers, not the NSA.

        1. It also does nothing to protect against “lawful” orders by the NSA to obtain said data. The companies themselves might be protecting the data, but it would be more accurate to say that they’re protecting against hackers, not the NSA.

          And this is exactly the problem. When the government can just execute a warrant and get all your data, who cares how encrypted it is.

          And when your server is located in a foreign country, the government doesn’t even have to execute a warrant or pretend to be acting under the color of law.

          1. Um. The government will need those encryption keys to ‘get’ your encrypted data. If you have the keys, you can forget them. If FB has them then uh oh.

  7. I keep my data under my mattress.

    1. That’s why we need a central data bank to punish you with data inflation.

    2. I think you’re confused. Data refers to personal information, not porno mags with the pages all stuck together.

      1. I think he meant the… genetic data.

  8. It’s funny that The Facebook gets good marks on protecting data from the NSA, when they’re basically doing the CIA’s job for them, creating a profile on everyone with biographical background, career, hobbies, known associates, favorite vacation spots, interests, political opinions, etc.

  9. Encryption means less than you think. Traffic analysis works regardless, and they can figure out an awful lot that way.

  10. If you like your data…

  11. I’m surprised Amazon is so bad.

    1. Particularly since they want to make AmazonPayments into a serious PayPal competitor. Speaking of PayPal: why you no on chart!?

      1. Or eBay, for that matter.

        1. Yeah, like anything that involves money changing hands isn’t already totally laid bare to Uncle Sugar.

  12. Microsoft Windows 8 is so encryption efficient, it doesn’t even allow its users to access their own information. (Yeah, I know this is about data links…)

  13. This chart is basically useless given what we know about Facebook, Yahoo, Google and Microsoft vis-a-vis the NSA and PRISM. Doesn’t really mean jack fuck if some of your communication is sent securely when the goddamn government has access to the backend.

    1. Everyone is hardening their shells, while not realizing the burglar is already sitting in the living room, drinking your beer and sleeping with your women.

  14. Data security is the big issue. But, till today not having solution to stop it. But after reading this blog, I think now we safe our data online.

Please to post comments

Comments are closed.