[liberationtech] HTTPS by default campaign launch today

Tue Nov 9 10:44:32 PST 2010

I fully support the call for Yahoo, Facebook and Twitter to add https and
setting their default to https. However, there is also a simple solution for
Starbucks or other places offering public wireless to protect their users.
Most wireless routers come with the option of *Access Point Isolation. *With
AP isolation enabled, wireless devices can't talk to each other and as a
result won't be able to monitor the traffic within the network.
Firesheep/Wireshark doesn't work with AP isolation enabled.

You can even enable it for your on your home wireless router. The benefit is
that if someone hacks into your network won't be able to steal your
passwords using Firesheep. The downside is that you won't be able to see the
itunes of the other people in your network or print to your wireless
printer.

-mehdi

On Tue, Nov 9, 2010 at 9:46 AM, Brett Solomon <brett at accessnow.org> wrote:

> Hi,
>
> We (Access) are launching a new online campaign today calling for HTTPS by
> default <https://www.accessnow.org/ProtectOurPrivacy> (
> http://bit.ly/ajYIaJ). Our primary focus is on security for human rights
> defenders (as well as the privacy of ordinary users). We now have a number
> of cases of partners (particularly Iranians using Yahoo) who have had their
> private online communications used against them. Whilst it is clear that
> HTTPS is not a silver bullet, it certainly helps stops governments sniffing,
> reduces the capacity of governments to censor, as well as limiting
> vulnerabilities in wireless environments. All really important matters when
> it comes to human rights defenders the world over. We have been advocating
> for https by default for some time; the work of Eric and Ian has been a
> catalyst to put this extremely important issue firmly on the agenda. Given
> that costs and technical factors are no longer a real barrier to HTTPS by
> default (as the EFF and others have bee arguing), we think its now time that
> the world's top 100 sites (at a minimum) install it.
>
> Here is the email we are sending out to our members. While the pressure is
> rising on these platforms, please feel free to sign it, forward it or tweet
> about it (http://bit.ly/ajYIaJ) . Best wishes,
>
> Brett
>
> ----
> Dear friends,
>
> Anyone can now walk into your local Starbucks, and with a new downloadable
> software, view the online activity of every single person using that
> wireless network - they could *look at your photos, download your address
> book, even update your status on your Facebook wall*.
>
>  But the websites you trust your information with (including *Facebook,
> Yahoo, and Twitter*) apparently don't care enough about your privacy to
> protect you from these kinds of threats.
>
> Avoiding public wireless hotspots like those at Starbucks won't solve the
> underlying security problem, *encouraging the world's most visited
> websites to properly encrypt their sites will*. *Sign this petition*, and
> while the pressure's rising, we'll demand a commitment from them to install
> HTTPS (a trusted and relatively inexpensive security solution) *before we
> all get hacked*:*
>  <http://www.accessnow.org/ProtectOurPrivacy>*
>
> *www.accessnow.org/ProtectOurPrivacy*
>
> It's hard to believe, but *only one of the top 100 most visited websites
> in the world offers HTTPS by default on all pages*. However, Google has
> shown with Gmail that the cost of this type of encryption is now
> comparatively minimal.
>
> For many of us privacy is a serious matter; for human rights defenders
> online, security can be a matter of life and death. Given that these
> websites are aware of the risks human rights defenders face when their
> online information is intercepted, *their failure to install HTTPS is
> unconscionable.*
>
> Regardless of whether a wireless network is password protected, ISPs and
> governments can still view online activity on all non-HTTPS sites.*Encrypting a site on the other hand, also helps limit censorship
> *, as governments have a much harder time blocking and hijacking online
> activity if they can't monitor it. But privacy matters to all of us, *so demand
> HTTPS now* to protect our privacy and other's very security:
>
> *www.accessnow.org/ProtectOurPrivacy*
>
> Firesheep, the new software, was developed to show users and companies how
> easy it is to hack online accounts that don't use HTTPS encryption. Even so,
> some of the major sites have consciously chosen not to implement HTTPS even
> though *they have the technical and financial capacity to do so*.
>
> *Y**ou may not be the only person reading this emai*l. Encryption should
> be a right, now it's not even an option. To demand privacy and security for
> *everyone everywhere,* go to:
>
> *www.accessnow.org/ProtectOurPrivacy*
>
> For HTTPS by default,
>
> The Access Team
>
>
> --
> Brett Solomon
> Executive Director
> Access
> www.accessnow.org
> * shortlisted for the 2010 Sakharov Prize<http://www.europarl.europa.eu/parliament/public/staticDisplay.do?language=en&id=42>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20101109/8e80eb33/attachment.html>