HTTP Must Die!

Presented at HOPE X (2014), July 18, 2014, 5 p.m. (60 minutes).

We all know that HTTP is insecure, but the Snowden revelations of 2013 showed that insecurity runs far, far deeper than most of us could have imagined. It's bad enough, in fact, that anyone who still supports it is contributing to the weaponization of the Internet by government spy agencies. The speakers believe that nobody at HOPE X has any excuse to be using plain HTTP instead of HTTPS in 2014. In this talk, they will summarize what the Snowden revelations mean for protecting data in transit: scary stuff like how supposedly secure cookies on social network sites can be turned into custom beacons for marking victims of targeted malware. They'll talk about what every web service provider needs to do at the very minimum to mitigate these attacks, and what clients can do to protect themselves. Finally, they will share some success stories from the last year that show how Edward Snowden has raised the bar for web security and created a safer online landscape for the average user.


Presenters:

  • Parker Higgins
    Parker Higgins is an activist and blogger at EFF, working to advance policy and technology fixes to online freedom of speech and privacy violations. He was a leader of the San Francisco CryptoParty, and tweets at @xor.
  • Yan Zhu
    Yan Zhu is a staff technologist at EFF, specializing in projects to protect Internet users' privacy and maximize the use of encryption on the web. She is the lead maintainer of EFF's browser security extension, HTTPS Everywhere.

Links:

Similar Presentations: