Electronic Frontier Foundation - secure messaging scorecard

Impetus · 05-11-2014 8:08pm #1

https://www.eff.org/secure-messaging-scorecard

The good, the bad and the downright fraudulently ugly services/protocols

There is room for a similar table on eBanking - one often reads of banks who have 7 or 8 character password limitations - and nothing but A to Z and 0 to 9 please and no multi-factor - especially in North America.

And also payment cards - to show up and shame the many banks in Ireland and Britain who don't have DDA in their EMV cards - too mean to spend the extra 50c per card for DDA (which uses random numbering compared with the same old number every time with SDA), not to mention the many US banks who are now finally issuing EMV chip based cards - so called "chip and sign" - ie no PIN is required - where you have three chances to get a 4 to 10 digit PIN correct, and the card locks up. The thief just scribbles a signature and s/he is good to go, as they would be with 50 year old mag stripe technology.

And airlines who don't employ strong encryption to their check-in data storage and transmission, allowing three and four letter agencies based in rogue states to track one's travel itinerary.

Time to name and shame the *astards who are an affront to one's basic human rights - which includes the right of security to one's private property.

Khannie · 06-11-2014 1:48pm

Read that yesterday. Was glad to see the stuff I use regularly doing well.

Harold Finchs Machine · 07-11-2014 5:54am

The Electronic Frontier Foundation (EFF)’s new Secure Messaging Scorecard is designed to answer one important question: Which apps and tools actually keep your messages secure and safe from prying eyes?

The results have been mixed. In the midst of many positive reactions from technology companies and users, the scorecard stoked a wave of criticism from several prominent figures in the security industry, who deemed the effort inaccurate, misleading, and vague.

dailydot.com/politics/eff-secure-messaging-scorecard-critics/

Impetus · 07-11-2014 9:26pm

Nothing remains static. Bugs are discovered in otherwise reliable software and have to be patched. I’d use the EFF list to decide which solutions not to bother with. And then treat the all “green” products with an open mind.
Skype was probably fairly solid when Niklas Zennstrom brought it out (from a security perspective anyway).

• It was then sold to eBay – a US company, who in turn
• Sold it to Microsoft

(Don’t tell me that there aren’t “strong links” between one or both of these corporations and the NSA etc)

• Skype started using BT to deliver traffic to PSTN/ISDN numbers. It would be naïve in the extreme to think that BT doesn’t have the fattest pipe to GCHQ – Anglo-Saxon cousins of the NSA etc.
Whoever was responsible for the “9/11” atrocities has a lot to answer for in terms of giving an excuse a corrupt political establishment to create a “surveillance” monster that is out of control, arrogant and hitleristic.

One country has resisted this trend – Germany.

No national ID numbers (eg PPSN). The German constitution forbids them.

My favourite airline is Lufthansa and my favourite hub airport is Munich.

You arrive at MUC-T2 and once you are off the aircraft you can go directly to your connecting flight or do shopping, eating, reading (free newspapers) - no passport checking (thank you Schengen), and your checked luggage is inter-lined to the next flight automatically. The food is better than at any French or Italian airport. Lufthansa aircraft are spotlessly clean – as are the toilets in Munich airport – unlike certain Irish airports where cheap poorly designed urinals in the male toilets guarantee an undesirable smell 24/24h.

The MCT (minimum connecting time) at Munich T2 is 30 minutes – but if your inbound flight is delayed, they will take you from your arriving aircraft to your next aircraft directly using a car – if you have a connecting flight – no charge and no seat- class limitations.

Assuming you are boarding normally at the gate, the aircraft fills quickly, using airbridges, and the passengers simply scan their boarding pass or mobile phone image at a turnstile. No checking of IDs. Board the aircraft and it is Guten Tag – and not (another cause of delay) with flight attendants wanting to see your boarding pass.

In aviation, both Germany and Lufthansa have put two fingers to Brussels and Washington originated police state regulations, which they have sought to enforce all over Europe.

In Ireland, every EU/US regulation imaginable has been implemented and enforced, and to rub salt into the wound, it is done in a yobbish manner (eg hand baggage screening – usually manned by stupid, casual, people who ask dumb questions).

Air travel “security” read "harassment" is visible. It is much less visible in the IT and network/telecom environment. The same bureaucratic/political hackers fingerprints are visible in both systems, as well as in the "Eircode" - Ireland's fake postcode that isn't a real postcode, and it is useless to anybody who wants to find an address or deliver something. It is no more than an incompetently designed alpha-numeric randomised number allocated to each property..

Unlike Irish airports, Munich focuses on displaying the local "produce" - such as the new i8 electric/hybrid car - (I had 1h and a bit between flights the other day and had time for lunch and to take a few hundred photos of Bavaria's newest cars - eg).... I had all this productive time to enjoy myself because I didn't have to go through and security bureaucracy.

https://s3-eu-west-1.amazonaws.com/krz2000/DSC00845.JPG

http://www.munich-airport.de/en/consumer/aufenthalt_trans/airportstop/minconntime/baggage/index.jsp

http://www.munich-airport.de/en/consumer/aufenthalt_trans/airportstop/minconntime/hcc/index.jsp

Electronic Frontier Foundation - secure messaging scorecard

Comments