recentpopularlog in

eff

« earlier   
How to get Michael Bierut to design your logo for free
Called “Insider,” the entire logo is modular, with each letter of EFF taking up the same amount of space–meaning it can stack vertically or horizontally or transform into an L shape. Pentagram designer Katie Rominger, who worked on the project as well, designed it so that the organization’s full, very lengthy name could sit inside of the acronym.
eff 
8 days ago by electroponix
A Technical Deep Dive into STARTTLS Everywhere | Electronic Frontier Foundation
Prevent STARTTLS downgrade attacks.
In order to detect downgrade attacks, we’re hosting a policy list of mailservers that we know support STARTTLS. This list acts essentially as a preload list of MTA-STS security policies. We’ve already preloaded a select number of big-player email domains, like Gmail, Yahoo, and Outlook.
starttls  tls  encryption  eff  privacy 
15 days ago by bwiese
EFF Launches Encryption Initiative for Email Domains Named STARTTLS Everywhere
The Electronic Frontier Foundation (EFF) announced a new project named STARTTLS Everywhere that aims to provide guidance to server administrators on how to set up a proper email server that runs STARTTLS the correct way.
STARTTLS Everywhere is eerily similar to Let's Encrypt, another pro-encryption initiative the EFF launched together with Mozilla and Cisco two years ago.
But this initiative aims to bring encrypted communications to email servers, instead of web servers (Let's Encrypt's purpose).
EFF  email  encryption  privacy  security 
19 days ago by rgl7194
A Technical Deep Dive into STARTTLS Everywhere | Electronic Frontier Foundation
Today we’re announcing the launch of STARTTLS Everywhere, EFF’s initiative to improve the security of the email ecosystem.
Thanks to previous EFF efforts like Let's Encrypt, and Certbot, as well as help from the major web browsers, we've seen significant wins in encrypting the web. Now we want to do for email what we’ve done for web browsing: make it simple and easy for everyone to help ensure their communications aren’t vulnerable to mass surveillance.
Note that this is a technical deep dive into EFF’s new STARTTLS Everywhere project, which assumes familiarity with SMTP and STARTTLS. If you’re not familiar with those terms, you should first read our post intended for a general audience, available here.
email  security  privacy  EFF  encryption 
19 days ago by rgl7194
Announcing STARTTLS Everywhere: Securing Hop-to-Hop Email Delivery | Electronic Frontier Foundation
Today we’re announcing the launch of STARTTLS Everywhere, EFF’s initiative to improve the security of the email ecosystem.
Thanks to previous EFF efforts like Let's Encrypt, and Certbot, as well as help from the major web browsers, we've seen significant wins in encrypting the web. Now we want to do for email what we’ve done for web browsing: make it simple and easy for everyone to help ensure their communications aren’t vulnerable to mass surveillance.
email  security  privacy  EFF  encryption 
19 days ago by rgl7194
STARTTLS Everywhere
Secure your email server with STARTTLS Everywhere! Your email service can be insecure in numerous different ways. The service below performs a quick check of your email server's security configuration, including whether STARTTLS is supported, and whether it may qualify for the STARTTLS Policy List.
eff  tls  Email 
23 days ago by wck
Announcing STARTTLS Everywhere: Securing Hop-to-Hop Email Delivery
Yesterday, EFF announced the launch of STARTTLS Everywhere, an OTF-supported Core Infrastructure project https://www.opentech.fund/project/starttls-everywhere-securing-delivery-email focused on securing the delivery of email. EFF explained the program in a blog post, stating how STARTTLS Everywhere aims "to do for email what we’ve done for web browsing," comparing the tool to previous security-boosting efforts like Let's Encrypt https://letsencrypt.org/ and Certbot. https://certbot.eff.org/. As those tools helped make it easier to secure websites via HTTPS encryption, STARTTLS Everywhere will "make it simple and easy for everyone to help ensure their communications aren’t vulnerable to mass surveillance" with a program that is easy for sys admins to configure.

From the EFF blog post: "TARTTLS Everywhere provides software that a sysadmin can run on an email server to automatically get a valid certificate from Let’s Encrypt. This software can also configure their email server software so that it uses STARTTLS, and presents the valid certificate to other email servers. Finally, STARTTLS Everywhere includes a “preload list” of email servers that have promised to support STARTTLS, which can help detect downgrade attacks. The net result: more secure email, and less mass surveillance. Mailserver admins can read more about how STARTTLS Everywhere’s list is designed, how to run it on your mailserver, and how to get your mailserver added to the preload list."

The blog contains great context on the gap STARTTLS Everywhere seeks to fill, explaining why email is generally so insecure in the first place. Also, as EFF notes, it's good to know that "...STARTTLS Everywhere is designed to be run by mailserver admins, not regular users." With that said, EFF made a cool email provider security check-up tool that anyone can use: just enter your email address domain at https://www.starttls-everywhere.org/ to try it out.
eff  starttlseverywhere  projects  email  security 
23 days ago by dmcdev
Is Multi-Stakeholder Internet Governance Dying? | Electronic Frontier Foundation, Dec 2017
"Over the last three months of 2017, EFF has been representing the interests of Internet users and innovators at three very different global Internet governance meetings; ICANN, the Global Conference on Cyberspace (GCCS), and this week in Geneva, the global Internet Governance Forum (IGF). All of these to some extent or other are held out as representing a so-called multi-stakeholder model of Internet governance. Yet in practice there are such vast differences between them—with the GCCS being mostly government-organized, ICANN being mostly privately-organized, and the IGF falling somewhere in between—that it’s difficult to see what this multi-stakeholder model really represents."

"This is one reason why EFF has generally eschewed promoting a particular model of governance by name, but rather has emphasized how fair processes with the characteristics of inclusion, balance, and accountability, can lead to better outcomes. Last month UNESCO issued a report [PDF] with a more detailed list of its own criteria of multi-stakeholder governance processes, according to which such processes should be inclusive, diverse, collaborative, transparent, flexible and relevant, private and safe, and accountable. The use of criteria such as these, rather than merely the application of the buzzword “multi-stakeholder”, enables us to critique how particular global meetings fall short in effectively involving users in the development of policies that impact them. "

"governments are increasingly bypassing civil society and concluding agreements directly with companies. "
EFF  multi-stakeholder  ICANN  GCCS  IGF  governance 
24 days ago by pierredv

Copy this bookmark:





to read