}

Towards an encrypted web?

2015/01/01 Leturia Azkarate, Igor - Informatikaria eta ikertzaileaElhuyar Hizkuntza eta Teknologia Iturria: Elhuyar aldizkaria

Ever since Edward Snowden, a former employee of the CIA and NSA agencies in the US, discovered and spied on communications and data from our network, the concern about network privacy has been growing. And not only to the users, but also to the managers and engineers of the network, who have gradually evolved towards a safer web.
Ed. psdesing1/Dollarphotoclub

Edward Snowden, a former employee of the U.S. security and information agencies CIA and NSA, was in charge of publicizing the PRISM and Tempora programs and the XKeyscore system, all of them designed to detect communications and data on our network on behalf of security.

Faced with this, there are a series of measures that the user can adopt and that we tell you in the article on web security. For example, ensure the use of the HTTPS protocol when we must provide confidential information on any website (passwords, bank accounts…). There are extras for browsers like HTTPS Everywhere, which will take care of it. And for the mail we can use the program PGP (Pretty Good Privacy) or its free version GPG (GNU Privacy Guard), which will encrypt our messages so that only the recipients are deciphered.

These alternatives, however, always require additional work for installation and use, which in some cases is not so simple...

Making the web base more secure

A safer website should not be the responsibility of users, what demontres! Those responsible for the web should do so, right? They are doing it to a certain extent.

The IETF (Internet Engineering Task Force), a consulting entity for the development of Internet protocols, has a working group called HTTPB is, responsible for the HTTP protocol. This working group worked the following version of the HTTP/2 protocol and presented it in December as a proposal for the new version of the standard. This new version was proposed to always use the TLS encryption (used by HTTPS) in November last year, but the controversy arose and, for the sake of consensus, will finally not propose the obligatory. However, some browsers have said they will only use HTTP/2 along with TLS, but will use the older version. So, whenever possible, a secure connection will be used.

Another initiative in 2015 will be the EFF or Electronic Frontier Foundation, the Mozilla Foundation (author of the Firefox browser) and others: Let’s Encrypt. It is a new issuer of certificates that, for free and in a few seconds, will provide us with a certificate to be able to offer the HTTPS service (specifically the one that we explain to you in the Internet authentication article of April 2013). With this type of facility it is to assume that in the future many more websites will offer a secure and encrypted HTTPS connection.

In addition, there is the intention to make the DNS (Domain Name System) service more secure and confidential. The DNS service is responsible for converting a domain name that we put on the web (bullet.elhuyar.org, google.com…) into the IP number that uses the Internet to designate servers and computers (54.235.134.181, 212.142.160.208...). But since this information is not encrypted, anyone can view or manipulate it. They have now created the DNSC rypt protocol for communications between our computer and the DNS server to be encrypted. There are several DNS servers already implemented and it is logical that the browsers will be implemented.

On the other hand, although we always use secure HTTPS, SMTPS or IMAPS protocols for communications with our email provider, messages can be detected from one provider to another. To avoid this, more and more mail providers use TLS encryption in their message transfers.

In the end, although slowly, its managers try to make the web more and more secure. In fact, the spirit of the web has always been opened and for the benefit of the user, and the organization that runs the web, W3Ck, and its director and inventor, Tim Berners Lee, have always shown an attitude favorable to open standards, the security of communications and the well-being of society.

But this will be of no use if users continue to use more and more mobile device applications instead of using the web. These applications are carried out by companies, companies with interests and use their own communications protocols; no one knows how those protocols work, whether they are safe or not... We know what is the most used messaging program on mobile, although your security issues are known…

The solution would be to encrypt all communications between all computers and nodes that make up the Internet. Thus, both the protocol and the application we are using, everything will be encrypted so that no third party can detect it. He has also proposed IAB or Internet Architecture Board

The organization, responsible for the technical development and engineering of the Internet: Encrypt all Internet communications at the lower level.

In any case, although at some point the maximum security and confidentiality will be achieved in all communications that circulate on the web, with this we would have third parties not have the opportunity to access our communications. But can we be sure of the recipient? Snowden reports that in the PRISM program several web providers supply all information to NSA: Google, Yahoo, Skype, Dropbox… If we use them, we cannot be sure that our data will remain private. To achieve this, there is no choice but to use the most complicated encryption and protection systems mentioned above...