Relaxed Browser Security Opens Web To Prying Eyes

Browsing the internet will be less secure for many expats when an important security algorithm is retired during 2016.

Expats living in countries where governments closely monitor the internet will not notice a difference in their online browsing experience, but their web activities will become easier for prying eyes to see.

Web browser developers have agreed to replace the aging SHA-1 security protocol with a newer version, SHA-256, during 2016.

However, some social media web sites such as Facebook are warning that millions of people will lose the safeguards offered by SHA-1 as the new browser code does not go as far in protecting their online activity.

Facebook’s chief security officer Alex Stamos has pursued a policy of informing the social network’s 1.5 billion users worldwide of suspected state interference in their access to the web.

Millions left without online safeguards

In a blog post, he claims that up to 7% of older browsers accessing the internet daily will not run the new security protocol.

“That adds up to tens of millions of people unable to securely access the internet from January 1, 2016,” he said in a blog.

Stamos highlights work by internet security firm Cloudflare that shows the countries where older browsers are most in use almost exactly matches a list of countries where freedom to access the internet is repressed by the state or other organisations involved in civil strife.

Rather than scrap the old certificate, Facebook will try to identify the user’s browser and divert their access to the social network through a pathway using the older or newer certificate.

Facebook has also released open source code to help developers with this task.

However, the question is whether security protocols really have a point when government bodies like the US National Security Agency and Britain’s GCHQ are demanding internet and mobile phone providers ‘back up’ the internet every day so that they can screen emails and web traffic for suspected organised crime and terrorism links.

Have yourself a cryptographic Christmas

Meanwhile, GCHQ has ditched the traditional seasonal greetings card with a cryptography test.

The challenge is to fill in the card to show an image.

The contest has several increasingly difficult stages, but a prize is on offer in a draw should anyone complete the coded puzzle.