• Hosted by Branzone
  • PayPal Donate

ISPs Removing Their Customers' Email Encryption

Submitted by: Hologram @ 11:55 PM | Tuesday, November 11, 2014 | (url: https://www.eff.o...)

Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flagcalled STARTTLSfrom email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.

This type of STARTTLS stripping attack has mostly gone unnoticed because it tends to be applied to residential networks, where it is uncommon to run an email server2. STARTTLS was also relatively uncommon until late 2013, when EFF started rating companies on whether they used it. Since then, many of the biggest email providers implemented STARTTLS to protect their customers. We continue to strongly encourage all providers to implement STARTTLS for both outbound and inbound email. Google's Safer email transparency report and starttls.info are good resources for checking whether a particular provider does.


11-11-14 - 11:59 PM
Good thing Republicans are protecting us from Net Neutrality so shit like this doesn't happen.
11-12-14 - 12:02 AM
Good thing there are idiots who actually think it is a R vs D fight..
11-12-14 - 12:06 AM
IM FULLY ENCRYPTED
11-12-14 - 12:07 AM
I SHIT ON NON CRYPTS
11-12-14 - 12:10 AM
it's cool doods..we don't need encryption anyways

Originally posted by cogzinofa  
the government can't bug your house and tap your communications without a warrant.
11-12-14 - 12:11 AM
Originally posted by LouCypher  
Good thing Republicans are protecting us from Net Neutrality so shit like this doesn't happen.


You realize that the government getting involved in internet regulation is the exact opposite of net neutrality, right? Just like the USA PATRIOT act, and the Affordable Care Act, the names of such legislation are paradoxical to their content.
11-12-14 - 12:11 AM
Originally posted by LouCypher  
Good thing Republicans are protecting us from Net Neutrality so shit like this doesn't happen.


:lol:

we need the best protection that comcast ceo campaign adviser can give us.

Originally posted by LouCypher  
You realize that the government getting involved in internet regulation is the exact opposite of net neutrality, right? Just like the USA PATRIOT act, and the Affordable Care Act, the names of such legislation are paradoxical to their content.


of course he doesn't realize that
11-12-14 - 12:35 AM
Originally posted by Hologram  
You realize that the government getting involved in internet regulation is the exact opposite of net neutrality, right?
Who else can tell ISPs not to throttle traffic on a site-by-site basis?
11-12-14 - 12:48 AM
in a less fucked up world

the custumers paying for their service. that is who

this is like saying who will tell car companies not to make cars that can only go 5mph?

that's how piss poor of an argument this is.

Verizon Kills $2 Fee After Consumer Outrage

The company made the decision in response to customer feedback about the plan, which was designed to improve the efficiency of those transactions. The company continues to encourage customers to take advantage of the numerous simple and convenient payment methods it provides.

“At Verizon, we take great care to listen to our customers. Based on their input, we believe the best path forward is to encourage customers to take advantage of the best and most efficient options, eliminating the need to institute the fee at this time,” said Dan Mead, president and chief executive officer of Verizon Wireless.


:lol:

holy fuk...waaaa? they backed down after customer outraged and the ability to switch service providers??

but i thought only government could fix things like this?
11-12-14 - 12:51 AM
good luck im behind 5 proxies and 2 vpns
11-12-14 - 12:55 AM
the costumers paying for their service. that is who


what about those working outside of the clothing industry?
11-12-14 - 12:59 AM
Originally posted by LouCypher  
Who else can tell ISPs not to throttle traffic on a site-by-site basis?


Customers can, by taking their business elsewhere or complaining en mass to the ISP. Bitching about things in the comments section on reddit is different than directing the comments where they can make the most impact.
11-12-14 - 01:00 AM
Except that in the US you cant really take your business elsewhere.
11-12-14 - 01:05 AM
which is the issue

not that government isn't more dick deep in bed with fukin monopolies

but that would mess everything up. monopolies would have to compete and government would have a harder time tracking/controlling everything we do or say.

neither of those outcomes is acceptable for them. that type of capitalism would be anarchy. it would lead to a market of choices for consumers to pick from and total chay-os for those that wish to control it.
11-12-14 - 03:02 AM
Originally posted by Nash  
Except that in the US you cant really take your business elsewhere.
This.

Even when there are choices in a marketplace, what options do customers have when every ISP decides to do it? Every ISP I know of has discontinued newsgroup service, forcing their users to pay a third party provider. We don't have that option if every ISP decides to start throttling competitor's traffic to protect their own business offerings or extort fees from content providers.
Login to comment.