Latest Front Page News

ISPs Removing Their Customers' Email Encryption

Submitted by: Hologram @ 11:55 PM | Tuesday, November 11, 2014 | (url: https://www.eff.o...)

Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flagcalled STARTTLSfrom email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.

This type of STARTTLS stripping attack has mostly gone unnoticed because it tends to be applied to residential networks, where it is uncommon to run an email server2. STARTTLS was also relatively uncommon until late 2013, when EFF started rating companies on whether they used it. Since then, many of the biggest email providers implemented STARTTLS to protect their customers. We continue to strongly encourage all providers to implement STARTTLS for both outbound and inbound email. Google's Safer email transparency report and are good resources for checking whether a particular provider does.

RIAA Looking to Pin Piracy Surcharges on ISPs

Submitted by: Dark Volcanic @ 09:21 AM | Thursday, March 13, 2008 | (url: http://www.wired....)

"Having failed to stop piracy by suing internet users, the music industry is for the first time seriously considering a file sharing surcharge that internet service providers would collect from users.

In recent months, some of the major labels have warmed to a pitch by Jim Griffin, one of the idea's chief proponents, to seek an extra fee on broadband connections and to use the money to compensate rights holders for music that's shared online. Griffin, who consults on digital strategy for three of the four majors, will argue his case at what promises to be a heated discussion Friday at South by Southwest.

"It's monetizing the anarchy," says Peter Jenner, head of the International Music Manager's Forum, who plans to join Griffin on the panel."

UK ISPs to become Piracy Police

Submitted by: Zengei @ 12:49 PM | Friday, February 22, 2008 | (url:

By 2009 ISPs in the UK may be forced to actively restrict piracy on their networks or face sanctions. Of course this move is lauded by the record industry.

Category: Technology | 3 Comments
Tags: ifpi isp piracy uk

Australia Persistent on Internet Filtering

Submitted by: Zengei @ 10:30 AM | Wednesday, February 20, 2008 | (url: http://www.dslrep...)

The Australian government spent AU$89M on porn filters for Internet users, but the program was an abysmal failure. Of the estimated 2.5 million homes expected to use the software, only 29,000 were actually in use. However, the government is now pushing ISP filtering for the children. In an article from Techdirt on the subject, a politician is quoted as equating resistance to mandatory censorship as supporting child pornography.

ISPs Allowing Ad Companies to Inspect Your Packets

Submitted by: Zengei @ 10:07 PM | Monday, February 18, 2008 | (url: http://www.dslrep...)

Two companies, NebuAD in the US and Phorm in the UK are doing deep packet inspections of ISP user traffic in order to create targeted advertisements. Both companies promise privacy and offer opt-out mechanisms, but users are wary. NebuAD doesn't list the ISPs its working with but Phorm is working with BT, Carphone Warehouse and Virgin Media, which combined account for two-thirds of broadband users in the UK.

Canadian ISP test content injection for websites

Submitted by: KnightMare @ 09:41 AM | Tuesday, December 11, 2007 | (url: http://arstechnic...)

Lauren Weinstein, the co-founder of a net neutrality advocacy group called People for Internet Responsibility (PFIR), has published an example of one of the notices that Rogers has begun embedding in web pages. The notice informs users when they are close to reaching their monthly bandwidth cap. According to Weinstein, Rogers is using software created by in-browser marketing firm PerfTech, which can easily be used for more odious endeavors. Rogers uses the software to modify web pages as they are being transmitted, adding JavaScript code that causes the notice to display.

Category: Technology | 7 Comments
Tags: isp rogers

DirecTV to offer broadband over power lines this year

Submitted by: KnightMare @ 01:02 PM | Wednesday, August 15, 2007 | (url:

DirecTV,the El Segundo, Calif., provider of digital-television services, and Current Group are expected to announce an accord to offer high-speed Internet service over electric-power lines, The Wall Street Journal reported. Closely held Current Group, Germantown, Md., is a specialist in the technology, which delivers broadband communications over power lines. To access the service, a customer plugs a modem into an electric outlet and connects a cable from a computer, the Journal reported.