[Chapter-delegates] Global Encryption Day: Advocacy Toolkit Is Here!

Olivier MJ Crépin-Leblond ocl at gih.com
Fri Sep 24 16:54:40 PDT 2021 

Dear Hank,

thanks for your email which makes a lot of sense. I wonder how much of 
the message for Global Encryption day is actually derived from the 
wider, previous campaign of ISOC "Security by Design" and "Trust 
Framework"? Could it be that we are in a tilight zone between the 
previous and current campaign, with the previous campaign having been 
judged to be too wide to have an impact and the current one now being 
evaluated as being too narrow if only sticking to "encryption" per-se?
Kindest regards,

Olivier

On 24/09/2021 10:41, Hank Nussbacher via Chapter-delegates wrote:
>
> Dear Chapter Delegates,
>
>
> This will be a bit long so apologies in advance.
>
>
> I hope someone can help me understand Global Encryption Day.  I 
> understand and totally agree with the need for strong end to end 
> encryption but I don't understand what our message is.  I have gone 
> through the Toolkit and understand we should create petitions and news 
> releases as well as a media blitz but I don't understand what we are 
> asking for.
>
>
> The closest page I have found is:
>
> https://ged.globalencryption.org/protect-yourself-make-the-switch-to-encrypted-services/
>
> which asks for 6 things to be done.
>
>
> So let me go through them one by one:
>
>
> 1. _Use end-to-end encrypted messaging apps_: In the FAQ it states 
> "Read more about why it’s difficult to recommend which end-to-end 
> encrypted app to use in this article by Global Encryption Coalition 
> (GEC) member Electronic Frontier Foundation (EFF)." which quotes an 
> article from 2018: 
> https://www.eff.org/deeplinks/2018/03/why-we-cant-give-you-recommendation. 
> How is an end user to decide whether Whatsapp or Signal or Telegram is 
> best?
>
>
> 2. _Turn on encryption on your devices or services_: I might be wrong 
> but "turning on encryption" on Android for example turns on encryption 
> on the device and doesn't play a part in transmitting data in an 
> encrypted fashion - which is up to the app being used - like Whatsapp 
> or Chrome. Same goes for Windows 10.  End to end encryption is handled 
> by the program running.  Here I was expecting a message like something 
> like "never use http" or "if you encounter a site running only http - 
> demand https".    Or a message like "DNS is not encrypted - us DoH or 
> DoT to encrypt your DNS queries".   Or disable TLS 1.1. And then 
> explain how to go about doing it.
>
>
> 3. _Use strong passwords_: I do not understand how using a strong 
> password improves encryption.  I can understand this request if this 
> day was called "Global Internet Security day" - but fail to see how a 
> strong password improves encryption.  A weak password on a banking 
> site will allow a hacker to break into your bank account even if you 
> use the best end to end encryption money can buy.
>
>
> 4. _Keep up with updates_: Same as #3.  This bullet point has nothing 
> to do with the the initial message at the top of the page which is 
> what I had assumed would be the focus: "End-to-end encryption is any 
> form of encryption in which only the sender and intended recipient can 
> read the message. No third party, even the party providing the 
> communication service, has knowledge of the encryption key. End-to-end 
> encryption is the most secure form of encryption that you can use."
>
>
> 5._Turn on two-factor log-in (2FA)_: Same as #4.
>
>
> 6. _Turn on erase-data options_: Same as #4.
>
>
> I was hoping that the toolkit would tackle issues like:
>
>
> - "turn off telnet and only use ssh"
>
>
> - Visit sites like this to determine which messaging app is best for you:
>
> https://getstream.io/blog/most-secure-messaging-apps/
>
> https://www.tomsguide.com/reference/best-encrypted-messaging-apps
>
>    Rather than refer to a 3 year old EFF blog.
>
>
> - check your web sites to see that they implement SSL properly (need 
> to get an A or higher) and here is an easy site to use: 
> https://www.ssllabs.com/ssltest/
>
> Incidentally, ISOC and GED only gets a grade B:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=www.isoc.org&s=104.18.10.177&latest
>
> https://www.ssllabs.com/ssltest/analyze.html?d=ged.globalencryption.org&s=104.18.30.134&latest
>
> primarily since you allow TLS 1.1 which was deprecated in Chrome in 
> early 2020 and the IETF released RFC8996 deprecating TLS 1.0 and TLS 1.1:
>
> https://datatracker.ietf.org/doc/rfc8996/
>
> I hope this can be corrected before some newspaper picks up on how GED 
> uses a non-secure encryption protocol.
>
>
> - how to turn on DoH in Chrome or Firefox
>
>
> I hope someone can explain to me what message we are attempting to 
> deliver via this media blitz since I do not understand it.
>
>
> Regards,
>
> Hank Nussbacher
>
> ISOC-IL
>
>
>
>
>
>
>
>
>
>> Global Encryption Day: Advocacy Toolkit Now Available (Sep 23, 2021)
>> Having trouble viewing this email? Click here 
>> <http://portal.internetsociety.org/622619/bulletin/ViewSent/c3057354-f652-4f67-aba6-1cd8dcedab52/31766f45-2efd-4b97-86e3-db61543f054a?mid=f10e2528-3e2b-4891-9075-95cec783a4d5&type=e> 
>> to view it online.
>>
>> Internet Society
>>
>>
>> Hello Hank
>> Global Encryption Day is less than a month away!  To advocate for a 
>> strong and secure Internet we need to empower people everywhere to 
>> stand up for encryption. So the Global Encryption Coalition (GEC) has 
>> created an advocacy toolkit to help you and your communities grow a 
>> voice that is too powerful to ignore. You'll find case studies, 
>> advocacy guides, campaign guides, social media toolkits, press 
>> toolkits and much more. Take a look at the toolkit 
>> <https://ged.globalencryption.org/advocacy-toolkit/>.
>>
>> *Planning an Event? *
>> Organizations, advocacy groups and communities are planning 
>> encryption related events on and around Global Encryption Day - 21 
>> October. Check out the updated global events 
>> <https://ged.globalencryption.org/events/> calendar and let us know 
>> <https://ged.globalencryption.org/event-registration/>if you're 
>> planning an event that you want included.
>>
>> *This Week's Campaign News: *
>>
>>   * Individuals all over the world have signed the pledge to Make the
>>     Switch to end-to-end encrypted apps and platforms. What are you
>>     waiting for?
>>     <https://ged.globalencryption.org/pledge-to-switch-individual/>
>>   * Want to find out more about how to Make the Switch and protect
>>     yourself? Take a look.
>>     <https://ged.globalencryption.org/protect-yourself-make-the-switch-to-encrypted-services/>
>>
>>   * The campaign website <http://ged.globalencryption.org> is now
>>     available in multiple languages and has several accessibility
>>     features.
>>   * Take a look at our new Frequently Asked Questions
>>     <https://ged.globalencryption.org/faqs/> (FAQs) section.
>>   * Don't forget to follow and share on Twitter
>>     <https://twitter.com/encryption_day> and Facebook.
>>     <https://www.facebook.com/GlobalEncryptionDay/>
>>
>> Thank you for all your work,
>> Susannah Gray
>> Director, Communications
>> Internet Society
>>
>> Internet Society
>>
>>
>>     Don't miss a thing.
>>
>> Twitter <https://twitter.com/internetsociety> | Facebook 
>> <https://www.facebook.com/InternetSociety> | LinkedIn 
>> <https://ca.linkedin.com/company/internet-society> | YouTube 
>> <https://www.youtube.com/user/InternetSocietyVideo> | Instagram 
>> <https://www.instagram.com/internetsociety/>
>> This message was sent to Hank Nussbacher by the Internet Society.
>> Please add us to your safe list to ensure delivery.
>> Unsubscribe 
>> <http://portal.internetsociety.org/622619/Email/Unsubscribe?Eid=f10e2528-3e2b-4891-9075-95cec783a4d5> 
>> | Unsubscribe via email <mailto:globalmembership at isoc.org> | Update 
>> your preferences 
>> <http://portal.internetsociety.org/622619/emailpreferences/edit?EntityId=f10e2528-3e2b-4891-9075-95cec783a4d5> 
>> | View Online 
>> <http://portal.internetsociety.org/622619/bulletin/ViewSent/c3057354-f652-4f67-aba6-1cd8dcedab52/31766f45-2efd-4b97-86e3-db61543f054a?mid=f10e2528-3e2b-4891-9075-95cec783a4d5&type=e> 
>> | Privacy Policy <https://www.internetsociety.org/privacy-policy/> | 
>> Contact Us <https://www.internetsociety.org/contact-us/>
>> © Copyright 2021 Internet Society
>> 11710 Plaza America Drive, Suite 400, Reston, VA 20190-5108, USA, +1 
>> 703-439-2120
>> Rue Vallin 2, CH-1201, Geneva, Switzerland, +41-22-807-1444
>> Have questions? Contact globalmembership at isoc.org 
>> <mailto:globalmembership at isoc.org>
>>
>
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society Chapter Portal (AMS):
> https://admin.internetsociety.org/622619/User/Login
> View the Internet Society Code of Conduct: https://www.internetsociety.org/become-a-member/code-of-conduct/

-- 
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20210925/c5bcb130/attachment.htm>

More information about the Chapter-delegates mailing list