Who Keeps Your Data Safe(ish) From the NSA?

J.D. Tuccille | 12.6.2013 12:48 PM

For those concerned about National Security Agency interception of commercial data—information that you might share with Facebook, Google, and other online outfits—the Electronic Frontier Foundation keeps a running tally of encryption measures implemented by such firms. Since the NSA often hacks into data links without any legal niceties, such encryption has the potential to dramatically improve security. Even when government officials come with rubber-stamp court authorization in hand, or other tools for compelling compliance, tools like the perfect forward secrecy recently implemented by Twitter can limit the snoops' take. It can even make it impossible for companies to do as the official eavesdroppers ask. That's important for American firms that find their ability to compete both locally and globally seriously hindered by assumptions that their data storage systems are effectively reading rooms for the NSA.

According to the EFF, the table below shows where major online firms stand at the moment in their encryption efforts. This is a moving target, of course, so keep checking back with the EFF for new developments.

Definition-wise, encrypted data center links are important, because the NSA has been tapping into the free flow of information between servers owned by companies like Google. Encrypting that flow means snoops will nab scrambled and incomprehensible information (unless they crack the encryption).

HTTPS provides a secure connection to Web pages, so that your activity is less easily observed.

HSTS is basically a more secure form of HTTPS.

Perfect Forward Secrecy encrypts each session you spend on a service like Facebook independently, so that even if snoops or hackers get access to one encryption key, they can't retroactively decrypt everything you've done in the past.

STARTTLS is a means on encrypting communications between email servers. Those with their status listed in red, above, provide email to the public, making it a bigger deal than those whose status is in grey, and provide only internal email.

Of course, all of this could be bypassed if the government forces online companies to build in technology that eases wiretapping, which it has already done to telecoms. In that case, look to overseas services—or implement your own encryption.

The Rattler is a weekly newsletter from J.D. Tuccille. If you care about government overreach and tangible threats to everyday liberty, this is for you.

NEXT: Rep. Sensenbrenner Wants Intelligence Director Clapper Prosecuted for Lying

Hide Comments (66)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Snark Plissken 12 years ago

Why did they leave off AOL?
1. JW 12 years ago
  
  "You've got spies!"
hamilton 12 years ago

Could I get the ratings for fleshbot, Youporn, Xtube, and Epismom.com? One of my friends wanted to know.
1. Nazdrakke 12 years ago
  
  Everyone's already seen Epismom so they don't collect data on it anymore.
2. jesse.in.mb 12 years ago
  
  Whoa, I haven't been on fleshbot in forever.
  
  *sets google reminder to check it out when I get home*
  1. hamilton 12 years ago
    
    They redid their format which is a little irri...uh, I mean, yeah I haven't been there either, been way to busy at work.
  2. Warty 12 years ago
    
    Only Gawker could make porn boring.
    1. JW 12 years ago
      
      Who doesn't like fat lesbian tattoo porn?
      1. jesse.in.mb 12 years ago
        
        See, this is why you shouldn't have women in your porn. Someone is going to complain about objectification and then next thing you know your porn doesn't meet fantasy expectations. No one cares if you objectify men, so we're able to retain the full porn experience.
        
        Scruffy Nerfherder 12 years ago
        
        I'll suffer to keep those women employed.
    2. hamilton 12 years ago
      
      You knew they were going to fuck up the content when they blew the branding strategy by failing to name it Wankette.
    3. jesse.in.mb 12 years ago
      
      Damn, I was about to point out that it was spun off from the Gawker network a few years ago, but apparently that was a PR ruse to make it seem more women friendly.
Hugh Akston 12 years ago

Looks like it might be time for Epi to finally abandon his MySpace account.
1. JW 12 years ago
  
  Look, his boy band is just about to hit the big time. Where else is he going to market their music to the masses?
  1. jesse.in.mb 12 years ago
    
    I think you meant "'boy' band" there, JW.
    1. JW 12 years ago
      
      Actually, the quote should be around 'band.'
Scruffy Nerfherder 12 years ago

And what is Reason doing to protect our data? I don't see any https up there.
1. Dweebston 12 years ago
  
  Given the unkind words for the h&r commentariat from Postrel et. al., I imagine they're rooting for the NSA on that count.
Heroic Mulatto 12 years ago

If I'm reading the chart correctly, then Dropbox rocks! I'm glad I support their service as a customer.
Pro Libertate 12 years ago

I'm a little dubious about that chart, given how good it makes Facebook look. They're notoriously not good, right?
1. Archduke von Pantsfan 12 years ago
  
  You know who else was Notorious?
  1. hamilton 12 years ago
    
    Girls? - they'll keep the secrets, so long as boys make a noise.
    Fools run rings to break up something they'll never destroy.
  2. sarcasmic 12 years ago
    
    Damn you
    1. hamilton 12 years ago
      
      I...I... there's no good way to say this.
      
      I paid money to see them in concert some decades ago, and had their cassette on my Walkman.
      
      There. I feel cleansed.
      1. sarcasmic 12 years ago
        
        I bet that would have been a good show. They are an underrated group.
        
        hamilton 12 years ago
        
        It was. One of the few concerts I actually remember from that time. Big bright lights that spelled "NOTORIOUS" that flashed incessantly. Odd that no one went into an epileptic fit; maybe we were stronger then.
      2. Andrew S. 12 years ago
        
        As a child of the 80s, there's very little shame in that.
        
        Mad Scientist 12 years ago
        
        Back in junior high I had a copy of Rio. I'm not proud of this.
        
        sarcasmic 12 years ago
        
        Sixties nostalgia started as soon as the seventies began. Seventies nostalgia started the day Reagan was elected. Eighties nostalgia... Uh, what's eighties nostalgia?
        
        Scruffy Nerfherder 12 years ago
        
        Oingo Boingo is 80's nostalgia, not this DD teenybopper stuff. Although I did enjoy the Power Station
        
        Mad Scientist 12 years ago
        
        80s nostalgia is an affliction suffered by millions. My wife is prone to debilitating knee weakness whenever she hears A Flock of Seagulls, The Cure, or Modern English. I've tried to get her help, but currently, there is no cure.
        
        hamilton 12 years ago
        
        Remind her about Men At Work.
      3. Dweebston 12 years ago
        
        I saw them in high school. Mom insisted she drag us young'ns along for the culture, or something.
        
        I passed out in my seat.
        
        Now B?C, that's an 80s group I enjoy.
        
        hamilton 12 years ago
        
        Now B?C, that's an 80s group I enjoy.
        
        Didn't their music lead teens down the slippery slope of AD&D playing and suicide and stuff like that? I vaguely remember being Warned by Serious People about this.
        
        Mad Scientist 12 years ago
        
        History shows again and again how nature points out the folly of man.
        
        Scruffy Nerfherder 12 years ago
        
        |-O
        
        *Sees what you did there*
        
        Dweebston 12 years ago
        
        In fairness, I did play some D&D back in the day. And I did renounce my family's religion and join that satanist death-cult for a few years. And the prosecutors floated around some accusations. Nothing was ever proven.
        
        But come on, B?C was responsible for maybe 40% of that.
        
        hamilton 12 years ago
        
        Well I presume violent video games on your Atari 2600 were responsible for the other 60%. I mean, Yar's Revenge makes Grand Theft Auto look like Candyland, for chrissakes.
        
        The Last American Hero 12 years ago
        
        No, it led to over use of cowbells.
  3. Hugh Akston 12 years ago
    
    Christopher George Latore Wallace?
2. Scruffy Nerfherder 12 years ago
  
  What difference does any security on Facebook really make? It's basically digital oversharing. Why would you put anything on Facebook that you don't want anybody else to know?
  1. JW 12 years ago
    
    I was thinking the same thing about Twitter.
    
    Other than your credentials, what is it about Twitter that isn't already public?
    1. Nikki just says no 12 years ago
      
      You can have a private account, with tweets only visible to followers you've approved. You also don't have to publicly reveal geographic information, and presumably Twitter has plenty of other metadata about you that's not public.
      1. JW 12 years ago
        
        You can have a private account, with tweets only visible to followers you've approved
        
        That sounds almost dom/sub.
        
        #lickmyboots
      2. Nazdrakke 12 years ago
        
        presumably
        
        lot of weasel it that word, though. Every time I hear about some company patting itself over their security I smell lawyers at work.
        
        Robert Heinlein nailed it years ago: Political tags - such as royalist, communist, democrat, populist, fascist, liberal, conservative, and so forth - are never basic criteria. The human race divides politically into those who want people to be controlled and those who have no such desire.
        
        Dweebston 12 years ago
        
        What about those who want others controlled, but have no desire to be controlled? Not that it matters overmuch in practice, but I would be surprised if anyone outside the hardcore progressives/social conservatives will admit to wanting protection from themselves. Everyone else savvy enough to see politics as a means to very personal ends imagines it's the neighbor, the boss, the rich, or the criminals getting the boot-on-neck treatment from authorities.
3. Paul. 12 years ago
  
  I'm a little dubious about that chart, given how good it makes Facebook look. They're notoriously not good, right?
  
  Facebook is notoriously bad because its users are notoriously bad.
  
  Point being, Facebook may encrypt its internal streams so I can't see your drunk pics by executing a man-in-the-middle attack, but I can just go straight to your facebook page instead.
  1. itsnotmeitsyou 12 years ago
    
    Precisely this!
    
    If I install a secure browser, encrypt your data, set up 100 proxies, etc and generally make your computer "hack proof", it won't make a lick of difference if you post all your information on an insecure forum.
    
    It also does nothing to protect against "lawful" orders by the NSA to obtain said data. The companies themselves might be protecting the data, but it would be more accurate to say that they're protecting against hackers, not the NSA.
    1. Paul. 12 years ago
      
      It also does nothing to protect against "lawful" orders by the NSA to obtain said data. The companies themselves might be protecting the data, but it would be more accurate to say that they're protecting against hackers, not the NSA.
      
      And this is exactly the problem. When the government can just execute a warrant and get all your data, who cares how encrypted it is.
      
      And when your server is located in a foreign country, the government doesn't even have to execute a warrant or pretend to be acting under the color of law.
      1. Cytotoxic 12 years ago
        
        Um. The government will need those encryption keys to 'get' your encrypted data. If you have the keys, you can forget them. If FB has them then uh oh.
Fist of Etiquette 12 years ago

I keep my data under my mattress.
1. Jordan 12 years ago
  
  That's why we need a central data bank to punish you with data inflation.
2. sarcasmic 12 years ago
  
  I think you're confused. Data refers to personal information, not porno mags with the pages all stuck together.
  1. Dweebston 12 years ago
    
    I think he meant the... genetic data.
CE 12 years ago

It's funny that The Facebook gets good marks on protecting data from the NSA, when they're basically doing the CIA's job for them, creating a profile on everyone with biographical background, career, hobbies, known associates, favorite vacation spots, interests, political opinions, etc.
PapayaSF 12 years ago

Encryption means less than you think. Traffic analysis works regardless, and they can figure out an awful lot that way.
Mad Scientist 12 years ago

If you like your data...
BakedPenguin 12 years ago

I'm surprised Amazon is so bad.
1. jesse.in.mb 12 years ago
  
  Particularly since they want to make AmazonPayments into a serious PayPal competitor. Speaking of PayPal: why you no on chart!?
  1. JW 12 years ago
    
    Or eBay, for that matter.
    1. Nazdrakke 12 years ago
      
      Yeah, like anything that involves money changing hands isn't already totally laid bare to Uncle Sugar.
B.P. 12 years ago

Microsoft Windows 8 is so encryption efficient, it doesn't even allow its users to access their own information. (Yeah, I know this is about data links...)
PM 12 years ago

This chart is basically useless given what we know about Facebook, Yahoo, Google and Microsoft vis-a-vis the NSA and PRISM. Doesn't really mean jack fuck if some of your communication is sent securely when the goddamn government has access to the backend.
1. Paul. 12 years ago
  
  Everyone is hardening their shells, while not realizing the burglar is already sitting in the living room, drinking your beer and sleeping with your women.
Sophiya Gibson 11 years ago

Data security is the big issue. But, till today not having solution to stop it. But after reading this blog, I think now we safe our data online.
Pro Libertate 12 years ago

That's okay. I love them otherwise.

Please log in to post comments

Who Keeps Your Data Safe(ish) From the NSA?

Latest

Milton Friedman Disproved Trump's Argument for Tariffs Decades Ago

If Viewers Love PBS So Much, Let Them Pay for It

Florida Woman Fined $165,000 for Trivial Code Violations Takes Her Case to the Florida Supreme Court

Nathan Fielder's 737 Stunt Involved Elaborate Workaround of Ridiculous 1,500-Hour Rule

A Teen Killed Himself After Talking to a Chatbot. His Mom's Lawsuit Could Cripple the AI Industry.

Recommended

Login Form