A year after the Snowden leaks, a great number of Internet companies remain sluggish in implementing a default encryption system, except for Google and Yahoo and Facebook. Some have already followed suit, and WordPress will be joining the fray later in 2014 in the name of fighting government snooping programs.
The popular blogging platform has promised to provide all wordpress.com websites and subdomains through an SSL encryption protocol before the year ends, so that all its traffic will be secured from eavesdroppers.
The move by Automattic, parent company to WordPress, is in keeping with an ongoing effort by the technology community to ward off invasive surveillance, beginning with each website and platform that support the advocacy.
The activity called Reset the Net day, launched right after discovery of the NSA’s surveillance program, calls on various websites to encrypt their networks using the protocols such as SSL, HSTS and PFS, as well as certificate pinning and technologies to maintain privacy for online communications.
The announcement is also a welcome development at WordPress, which previously remained lax in implementing a default encrypted service.
Currently, and as can be observed by most users of WordPress, the platform does not implement and display the HTTPS Strict and STARTTLS protocols on the left corner of its domains by default. However, for tech savvy users this is easy to activate. Whether the website supports the Perfect Forward Secrecy and encrypts the data center connections remains to be known.
HTTPS Strict is an indication of a secure connection because browsers built with this system communicate over the HTTPS links only while Perfect Forward Secrecy works to make private session keys for an encrypted connection as random as can be in order to avoid the spreading of threats when a compromise takes place.
That is why privacy and security proponents are calling on technology companies to implement this protocol in order to secure connections and exclude snoopers from the wire. Companies with lax security infrastructure in a way are helping government surveillance programs proliferate their efforts, and unless these companies heed the call for a more robust encryption in place, it will go on to an interminable time.
Luckily, some have made it a point this time to coordinate actions in order to stop those surveillance programs that may compromise individual user data, with Google and Yahoo taking the lead. In fact, Google recently introduced an end-to-end encryption technology, which is a good start to securing users.
We’ll see if the likes of Amazon, Apple, Foursquare and LinkedIn will do the same.