[liberationtech] HTTPS by default campaign launch today

Tue Nov 9 08:46:40 PST 2010

Hi,

We (Access) are launching a new online campaign today calling for HTTPS by
default <https://www.accessnow.org/ProtectOurPrivacy> (http://bit.ly/ajYIaJ).
Our primary focus is on security for human rights defenders (as well as the
privacy of ordinary users). We now have a number of cases of partners
(particularly Iranians using Yahoo) who have had their private online
communications used against them. Whilst it is clear that HTTPS is not a
silver bullet, it certainly helps stops governments sniffing, reduces the
capacity of governments to censor, as well as limiting vulnerabilities in
wireless environments. All really important matters when it comes to human
rights defenders the world over. We have been advocating for https by
default for some time; the work of Eric and Ian has been a catalyst to put
this extremely important issue firmly on the agenda. Given that costs and
technical factors are no longer a real barrier to HTTPS by default (as the
EFF and others have bee arguing), we think its now time that the world's top
100 sites (at a minimum) install it.

Here is the email we are sending out to our members. While the pressure is
rising on these platforms, please feel free to sign it, forward it or tweet
about it (http://bit.ly/ajYIaJ) . Best wishes,

Brett

----
Dear friends,

Anyone can now walk into your local Starbucks, and with a new downloadable
software, view the online activity of every single person using that
wireless network - they could *look at your photos, download your address
book, even update your status on your Facebook wall*.

 But the websites you trust your information with (including *Facebook,
Yahoo, and Twitter*) apparently don't care enough about your privacy to
protect you from these kinds of threats.

Avoiding public wireless hotspots like those at Starbucks won't solve the
underlying security problem, *encouraging the world's most visited websites
to properly encrypt their sites will*. *Sign this petition*, and while the
pressure's rising, we'll demand a commitment from them to install HTTPS (a
trusted and relatively inexpensive security solution) *before we all get
hacked*:*
 <http://www.accessnow.org/ProtectOurPrivacy>*

*www.accessnow.org/ProtectOurPrivacy*

It's hard to believe, but *only one of the top 100 most visited websites in
the world offers HTTPS by default on all pages*. However, Google has shown
with Gmail that the cost of this type of encryption is now comparatively
minimal.

For many of us privacy is a serious matter; for human rights defenders
online, security can be a matter of life and death. Given that these
websites are aware of the risks human rights defenders face when their
online information is intercepted, *their failure to install HTTPS is
unconscionable.*

Regardless of whether a wireless network is password protected, ISPs and
governments can still view online activity on all non-HTTPS
sites.*Encrypting a site on the other hand, also helps limit
censorship
*, as governments have a much harder time blocking and hijacking online
activity if they can't monitor it. But privacy matters to all of us, *so demand
HTTPS now* to protect our privacy and other's very security:

*www.accessnow.org/ProtectOurPrivacy*

Firesheep, the new software, was developed to show users and companies how
easy it is to hack online accounts that don't use HTTPS encryption. Even so,
some of the major sites have consciously chosen not to implement HTTPS even
though *they have the technical and financial capacity to do so*.

*Y**ou may not be the only person reading this emai*l. Encryption should be
a right, now it's not even an option. To demand privacy and security
for *everyone
everywhere,* go to:

*www.accessnow.org/ProtectOurPrivacy*

For HTTPS by default,

The Access Team

-- 
Brett Solomon
Executive Director
Access
www.accessnow.org
* shortlisted for the 2010 Sakharov
Prize<http://www.europarl.europa.eu/parliament/public/staticDisplay.do?language=en&id=42>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20101109/f637add9/attachment.html>