US ISPs are stripping email encryption

Discussion in 'BlackHat Lounge' started by foundme, Nov 12, 2014.

  1. foundme

    foundme Newbie

    Nov 11, 2014
    Likes Received:
    The Electronic Frontier Foundation just posted an interesting article about ISPs in US and Thailand stripping the STARTTLS flag from email traffic. I can't link but the article is called ISPs Removing Their Customers' Email Encryption so just google it. This comes on the heels of Verizon getting caught injecting cookies into customers mobile traffic so they can better spy on their paying customers.

    So now in addition to legendarily bad customer service and the de facto monopoly from US ISPs we also get to enjoy malicious man in the middle attacks that make their spying activities easier and open our communications to more shenanigans from third parties. What's next, sniffing for nude photographs to use as blackmail?

    It's malicious attacks like these that makes me appreciate things like PGP and Tor. Tor may have it's own problems with MITM attacks but at least it's a lot harder for a single adversary to assure that my traffic goes through one of their end nodes, and that's assuming the email provider you're using doesn't have a hidden service.