November 13, 2013
Internet Archive to Implement HTTPS Encryption
Recently I was browsing through the Amazon website to buy a book online. Suddenly I noticed that there is an option at the bottom of the page that allows you to share what book you purchased, on social media sites like Facebook, Twitter etc. The simple act of buying a book gets publicized automatically. Besides that, when you read a book online, the makers of the online reading device have the ability to track your reading habits. They can even make sure what sections of the book you read and what you skipped. I realized one thing, that reading is no longer a private act these days.
The Internet archive is a nonprofit digital library that provides permanent storage of and free public access to collections of digitized materials, including websites, music, moving images, and nearly three million public-domain books. It allows people to upload and download digital material to its data cluster. The company has recently announced to introduce new privacy protections to shield its users from the prying eyes of the government. With the PRISM revelations it is seen that the government is tracking the online behavior of the general public. As a result more and more companies are coming forward in order to protect the privacy of their users. People are starting to lose trust on the majority of the online services as they feel that the service providers can share their data anytime with the government by just receiving a court warrant. Keeping the customer privacy and security on the forefront, the Internet Archive has decided to implement encrypted Web protocol standard HTTPS to protect its user’s reading behavior. This security protocol is designed to protect against eavesdropping and Man-In-the Middle attack. The Internet archive claims to have more than 3 million daily users.
In a blogpost the company said the reason behind this move is the recent revelations of government surveillance programs like PRISM. Pointing to the NSA’s XKeyscore” too, the post said, “Based on the revelations of bulk interception of web traffic as it goes over the Internet, we are now protecting the reading behavior as it transits over the Internet by encrypting the reader’s choices of webpages all the way from their browser to our website”.
The NSA boasts in training materials that the program, called XKeyscore, is its “widest-reaching” system for developing intelligence from the Internet. XKeyscore allows analysts to search through vast databases containing emails, chat messages and browsing history of millions of individuals without any prior authorization. Under U.S law, the NSA is required to obtain a court warrant in order to carry out surveillance activities against US citizens. But XKeyscore provides the technical capability to target even US persons for extensive electronic surveillance without providing a warrant. With XKeyscore analysts can search metadata along with the content of the email and other Internet activities associated with the target. They can also search for name, telephone number, IP address, keywords, and the language in which the Internet activity was conducted or the type of browser used. Here is an example of one training slide that illustrates the digital activity constantly being collected by XKeyscore and the analyst’s ability to query the databases at any time.
Hopefully Internet Archive’s strong encryption protocols will make it difficult for the surveillance programs to monitor user’s reading behavior on the site. The company is also encrypting the Internet Protocol addresses stored on the servers for Archive.org and OpenLibrary.org. They have modified the servers so that they would encrypt the IP addresses with a key that changes each day. As a result they can make sure how many people used their service but will not be able to figure out who they are or where they are coming from. Wayback Machine, which allows the users to see previous versions of certain sites across the Internet, will also implement HTTPS version by default.
Keeping PRISM Out of Your Cloud
Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.
SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and syncing on the go.