Related Posts

Cloudflare Steps Up To Help Protect Elections with Project Athenian

It’s no exaggeration to say the US election ecosystem faces a number of challenges in the wake of the 2016 election cycle. We learned of new threats from disinformation campaigns, to attacks on state voter registration websites, to direct attacks on election officials themselves. While the philanthropic sector has been very active from grants to organizations to funding deep academic analysis of threats to the election system, the private sector has been slower to recognize the important role they can play to help better protect US elections. That is changing, particularly with the launch of Cloudflare’s Athenian Project, which will provide free-of-charge protection and content distribution for official election websites.

Read More

It’s Time to Move to HTTPS

You’ve heard us talk extensively about the importance of moving the web to HTTPS – the encrypted version of the web’s HTTP protocol. CDT has released a one-pager aimed at website system administrators (and their bosses!) that describes the importance of HTTPS. And we are excited to announce a partnership to increase HTTPS adoption for online adult entertainment.

Read More

Censorship Transparency Comes to the Web

Last month, the IETF approved a new HTTP status code that could help solve this problem of online censorship. The code, which gives websites and ISPs a standardized way to notify users that content cannot be served due to a legal order, is an enormous step forward for understanding the scale of censorship on the web.

Read More

Unsanctioned Web Tracking is Harmful

Recently, the Technical Architecture Group (TAG) of the World Wide Web Consortium (W3C), a group within the W3C charged with stewardship of the Web’s architecture, released a statement that “unsanctioned tracking” is harmful to the web. Specifically, the TAG noted three types of unsanctioned tracking technologies that are especially harmful to users’ privacy: browser fingerprinting, super cookies, and header enrichment.

Read More

The NSA’s Split-Key Encryption Proposal is Not Serious

NSA Director Michael Rogers has launched a new trial balloon to address what law enforcement and intelligence agencies are calling “Going Dark.” Admiral Rogers shared a proposal that would require tech companies to create a “golden key” that would allow access to encrypted data and communications. The new twist in Rogers’ proposal was to cut this golden key into pieces so that no one entity. Sorry Admiral Rogers, but requiring split-key encryption is not a serious proposal.

Read More

“Open Caching,” Open Standards, and Privacy

In a recent letter, FCC Commissioner Ajit Pai claims that Netflix took steps to “impede open caching software from correctly identifying and caching Netflix traffic.” Absent from that letter is a discussion of what “open caching” is, whether software used by ISPs and others should be able to identify the source and content of traffic requested by Internet users, and what limitations should apply to how such information is used.

Read More

The Beginning of the End of Passwords

With the help of new standards from the FIDO Alliance and the support of companies like Google, the new Security Key may change how you login forever. The new U2F – “Universal Two-Factor” promises to make two-step login easier and more convenient.

Read More

House Committee Moves to Break Statutory Link Between NSA and NIST

The House Committee on Science, Space, and Technology approved an amendment to a bill that, if enacted, would remove the statutory requirement that the National Institute of Standards and Technology (NIST) consult with the National Security Agency in developing information security standards. This is a positive step that will help to restore the credibility and scientific objectivity of NIST.

Read More

Our Comments On NIST’s Cryptographic Standards Review Process

The US National Institute of Standards and Technology (NIST) has taken a first, important step in making sure no flaws or trapdoors end up in their cryptographic standards: they put out for public comment a document that describes the high-level principles for standardizing cryptography at NIST. In this post, Joe Hall discusses recent events that lead NIST to take this step and the comments CDT submitted in response.

Read More