Web giants encrypt their services—but leaks remain

One of these sites is not like the others....

It's been a year since Edward Snowden's leak of National Security Agency documents triggered a firestorm around cloud service providers' privacy protections (or lack thereof). Since last summer, the giants of the Internet have pledged to do more to encrypt their Internet traffic—and in some cases, their internal network traffic—to protect it from both government surveillance and other prying eyes. But an Ars investigation reveals that data continues to leak.

Although companies have made great strides in securing their Internet services, implementations of SSL and other security standards aren’t always consistent across applications. And some of the gaps are intentional—left there to meet the demands of certain customers, to support older applications, or to make integration with other services faster (and more profitable).

The Electronic Frontier Foundation (EFF) has published a chart that shows which major Internet services support SSL and other security “best practices,” including encrypted data center links, perfect forward secrecy, and encrypted communications with other providers’ e-mail services. Eight major Internet companies—Google, Microsoft, Yahoo, Twitter, Facebook, Dropbox, Sonic.net, and SpiderOak—have implemented or are in the process of implementing all of EFF’s recommended security practices.

Read 20 remaining paragraphs | Comments