EFF in the News
PrivacyActivism, the Electronic Frontier Foundation, the Privacy Rights Clearinghouse, IP Justice, Beat the Chip, and the Bill of Rights Defense Committee submit these comments in opposition to the proposed rules.
But groups such as the Electronic Frontier Foundation have come out against those rules, saying they would “pose a grave threat to the rights of freedom of association, due process, and privacy” in San Francisco.
GoDaddy was the worst offender, but other CAs were also guilty, said the EFF's Chris Palmer, who warned that the practice aids attackers targeting the mail servers and intranets of huge numbers of companies.
“Although signing 'localhost' is humorous, CAs create real risk when they sign other unqualified names,” Palmer wrote. “What if an attacker were able to receive a CA-signed certificate for names like 'mail' or 'webmail'? Such an attacker would be able to perfectly forge the identity of your organization's webmail server in a 'man-in-the-middle' attack!”
The Electronic Frontier Foundation has published research showing that the SSL certificate system that underpins web security is far from trustworthy.
Some are questioning the social network’s desire to get involved in China now, during what Jillian York of the Electronic Frontier Foundation and Global Voices Online calls “one of the worst online crackdown periods in years.”
Amongst the more egregious abuses of democratic norms, EFF revealed that FBI investigators could be criminally charged with "submitting false or inaccurate declarations to courts, using improper evidence to obtain federal grand jury subpoenas" and "accessing password protected documents without a warrant."
Facebook, Freedom House, Yahoo, the Electronic Frontier Foundation, the National Alliance for Media Art and Culture and 44 law professors are siding with YouTube and Google against Viacom’s newest legal appeal.
In a report issued this week, online watchdog group the Electronic Frontier Foundation said that certificate authorities are issuing SSL certificates for unqualified domains in large numbers, a practice that the report’s author Chris Palmer says could impact the integrity of the whole SSL system, and puts Internet users at increased risk of attack.
The EFF has issued a report that's gaining some attention in the media. It exposes the bad habit of issuing SSL certificates to unqualified domains. In the process of revealing this issue, some focus has also been given to the discovery of incorrectly assigned EV SSL certificates.
Internet certificate authorities are creating security risks for everyone by signing off on unqualified domain names - thousands of them - according to Chris Palmer, technology director of the Electronic Frontier Foundation.