Articles About Encryption

Want to encrypt files or folders on the fly? Here's how to secure your data with OpenSSL in Linux.

We experience encryption daily, mostly without our conscious engagement, by dint of browsers (encrypting data-in-motion) and devices (encrypting data-at-rest).

Bob Covello notes that if some technology exists to break encryption, then we must increase our efforts to teach better security awareness as well as good password security.

Everyone's talking about encryption, but finding yourself lost or confused? Here are some key encryption terms you need to know.

Want to keep outsiders from listening in on your chats, phone calls, and more? Encrypt them. All of them.

Sharing your DNA with science could help cure disease. But once it's out there, you can't get it back. Encryption can at least keep it safe.

A new ransomware strain called Mamba opts to encrypts hard drives rather than individual files and folders stored on the local disk.

Encrypt Your Cloud Files With Cryptomator (Open Source, Cross-Platform) ~ Ubuntu / Linux blog

Let's start with the basics: so what is encryption? Encryption is used to ensure that certain information doesn’t get into the wrong hands. It does this

Jeff sez, "Tuts+ has made my six part introduction to PGP encryption, email and networking privacy available to readers for free." While encryption ease of use needs further improvement, these…

21WIRE + The Switch | One third of Americans don't even know what e-mail encryption is.

You’ve probably heard the word “encryption” a million times before, but if you still aren’t exactly sure what it is, we’ve got you covered. Here’s a b

You can encrypt email on an iPhone with your standard Mail app or with apps from the App Store, no jailbreaking required. The Apple experts at Stack

File Lock is a free security web application that allows users to encrypt files in their browser without uploading or installing software.

Several cloud storage services use encryption to protect data of user accounts from being accessed by third parties. While this may be reassuring for many users, some prefer to add encryption of […]

The web has largely switched from non-secure HTTP to the more secure HTTPS protocol. All web servers use one of these two protocols to get web pages from the server to your browser. HTTP has serious problems that make it vulnerable to eavesdropping and content hijacking. HTTPS fixes most of these problems. That's why EFF, and many like-minded supporters, have been pushing for web sites to adopt HTTPS by default. As of 2021, about 90% of all web page visits use HTTPS. This is a big win for encryption and security for everyone. It’s easier than ever to implement HTTPS by default, and we're providing the tools to do it. For many years, web site owners chose to only implement HTTPS for a small number of pages, like those that accepted passwords or credit card numbers. However, over the last ten years, the Internet security community has come to realize that all web pages need protection. Pages served over HTTP are vulnerable to eavesdropping, content injection, and cookie stealing, which can be used to take over your online accounts. Content injection is when someone adds data or code to your communications with an HTTP web page. For example, it's how GCHQ and NSA took over a Belgian ISP's computers. Content injection is also how China took down GitHub with a massive DDoS attack, dubbed "The Great Cannon". Content injection is also becoming popular with ISPs. Verizon injected tracking headers into every request made by their customers. And Comcast injects pop-ups into sites where they don't belong. All of these attacks can be stopped by HTTPS, provided it is implemented and made default on enough sites. What you can do as an individual You can only use HTTPS on websites that support it, and there are still sites that don't send visitors to the HTTPS version by default. You can now force HTTPS by default in Chrome, Firefox, and Microsoft Edge. Firefox Settings > Privacy & Security > Scroll to Bottom > Enable HTTPS-Only Mode enable_httpsonly1.gif Chrome Settings > Privacy and security > Security > Scroll to bottom > Toggle “Always use secure connections” This feature is also under the flag chrome://flags/#https-only-mode-setting. chrome_https_only1.gif Edge This is still considered an “experimental feature” in Edge, but is available in Edge 92. Visit edge://flags/#edge-automatic-https and enable Automatic HTTPS Hit the “Restart” button that appears to restart Microsoft Edge. edge_https_only.gif EFF’s browser extension, HTTPS Everywhere will retire at the end of 2022, because default HTTPS is now available on most websites without the extension. We see this as a great victory. HTTPS Everywhere was always meant to be a stopgap solution until more of the web was automatically encrypted. What you can do as a web site owner We're encouraging everyone who runs a web site to offer HTTPS and redirect visitors to HTTPS by default. Offering HTTPS has gotten a lot cheaper in the last 10 years.r. In fact, offering HTTPS makes it possible for sites to implement the modern HTTP/2 standard, which can dramatically speed up web browsing relative to HTTP. This also future proofs for even more up to date protocols that promise even more performance gains like HTTP/3-QUIC. Offering HTTPS requires getting a certificate from a certificate authority. It used to be expensive and complicated to get a certificate, but since 2016, a new certificate authority, Let's Encrypt, offers free certificates to the public using an API that enables easy automation. Let's Encrypt is a joint project of EFF, Mozilla, and many other sponsors. If you manage your web site entirely through a web interface, the easiest approach is for your hosting provider to integrate Let's Encrypt support as a setting you can turn on. Many hosting providers already support Let's Encrypt, and many more add support all the time. If you have shell access on your hosting provider, you can use Certbot, a tool developed by EFF. Certbot can get you a free certificate from Let's Encrypt. It can also automatically configure your Apache or Nginx server to correctly use that certificate. What you can do as a hosting provider We encourage all hosting providers and CDNs to offer HTTPS by default for their customers, at no additional cost versus their HTTP services. Many already have, like Cloudflare, OVH, WordPress.com, and SquareSpace. The Let's Encrypt integration guide has additional details on how to best implement HTTPS by default. We continue to celebrate free, automatic HTTPS being the industry standard for web hosting.