[Chapter-delegates] Global Encryption Day: Advocacy Toolkit Is Here!

Jeff Wilbur wilbur at isoc.org
Mon Sep 27 10:39:39 PDT 2021 

Hi Hank –

My name is Jeff Wilbur and I am one of the project leads for ISOC's encryption project. Thank you for the feedback and questions, and for your support of strong encryption!

I'd like to address your comments and questions. First, Global Encryption Day is meant to be a celebration of strong encryption and everything that it enables. Given the wide variety of understanding of use of encryption in our daily lives, we have tried to focus on a simple starting point that nearly everyone can relate to - messaging apps and device encryption - rather than try to cover every use of encryption and potentially overwhelm everyday users. What many people don't know is that use of these services is under threat in many countries around the world, so the more can we promote their use and raise awareness about the importance of end-to-end encrypted services, the better they can be defended. This is an urgent matter.

Regarding your comment about the list of recommendations on the "Protect Yourself<https://ged.globalencryption.org/protect-yourself-make-the-switch-to-encrypted-services/>" page, we agree with your point that not all items are directly related to encryption. However, they each involve using encryption where it was not used before or being sure to maintain the security of an encrypted system or service in such a way that it is not trivially defeated, so they are relevant in a holistic security context. We will look at adding language to the top of the page that will make it more clear how the entire list relates to use of encrypted services.

Regarding the reference to how to select appropriate end-to-end encrypted services, this is a multi-faceted choice where there is no "one size fits all". We believe the EFF article is still relevant for overall use (and thank you for providing other references). Yet we have found that implementation of the encryption is just one factor. The user's tolerance for risk as well as the "social network" reality of the service (i.e., who else is using it?) are also key determinants. As we have done education on encryption around the world, we have found that different apps are preferred in different countries for different reasons.

This in fact points out the value of the ISOC community, who can localize the recommendations to their audience. More than 40 ISOC chapters are members of the Global Encryption Coalition<https://www.globalencryption.org/> (of which ISOC is a founder and which is hosting Global Encryption Day), and many have taken advantage of the grants<https://app.smartsheet.com/b/form/91bc1be9e1084c18b1d5e309bb3025c6> we are offering to Coalition members to host events for Global Encryption Day. We would encourage the entire community to help promote encryption in ways appropriate to their audiences and are happy to provide pointers or material to assist in that effort.

Regarding your reference to other uses of encryption (e.g, TLS, DoH/DoT), you make great points, and we can use these for ongoing education and calls to action for users to make wise choices regarding encryption. Thanks again for your feedback - together we can all help build a more secure and trustworthy Internet for everyone!

Regards,

Jeff Wilbur
Senior Director, Online Trust
Internet Society

From: Chapter-delegates <chapter-delegates-bounces at elists.isoc.org> on behalf of Hank Nussbacher via Chapter-delegates <chapter-delegates at elists.isoc.org>
Organization: ISOC-IL
Reply-To: Hank Nussbacher <hank at isoc.org.il>
Date: Friday, September 24, 2021 at 2:41 AM
To: Global Membership <globalmembership at isoc.org>, ISOC Chapter Delegates <chapter-delegates at elists.isoc.org>
Subject: Re: [Chapter-delegates] Global Encryption Day: Advocacy Toolkit Is Here!

Dear Chapter Delegates,

This will be a bit long so apologies in advance.

I hope someone can help me understand Global Encryption Day.  I understand and totally agree with the need for strong end to end encryption but I don't understand what our message is.  I have gone through the Toolkit and understand we should create petitions and news releases as well as a media blitz but I don't understand what we are asking for.

The closest page I have found is:
https://ged.globalencryption.org/protect-yourself-make-the-switch-to-encrypted-services/<https://us-west-2.protection.sophos.com?d=globalencryption.org&u=aHR0cHM6Ly9nZWQuZ2xvYmFsZW5jcnlwdGlvbi5vcmcvcHJvdGVjdC15b3Vyc2VsZi1tYWtlLXRoZS1zd2l0Y2gtdG8tZW5jcnlwdGVkLXNlcnZpY2VzLw==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=YWRORm1OQTNSdTkvaEZSamRUdlZuVGw0MXBtQnJpMU1aT3I2ZEVINHp6OD0=&h=0cd2721ce1224d45b735b2a5e847181b>
which asks for 6 things to be done.

So let me go through them one by one:

1. Use end-to-end encrypted messaging apps: In the FAQ it states "Read more about why it’s difficult to recommend which end-to-end encrypted app to use in this article by Global Encryption Coalition (GEC) member Electronic Frontier Foundation (EFF)." which quotes an article from 2018: https://www.eff.org/deeplinks/2018/03/why-we-cant-give-you-recommendation<https://us-west-2.protection.sophos.com?d=eff.org&u=aHR0cHM6Ly93d3cuZWZmLm9yZy9kZWVwbGlua3MvMjAxOC8wMy93aHktd2UtY2FudC1naXZlLXlvdS1yZWNvbW1lbmRhdGlvbg==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=RExmZk96dy94czYxSm5ZN2hYcEQ2Uks5TXVvaVVOa2tVL2FpTm4ySm9lZz0=&h=0cd2721ce1224d45b735b2a5e847181b>.  How is an end user to decide whether Whatsapp or Signal or Telegram is best?

2.  Turn on encryption on your devices or services: I might be wrong but "turning on encryption" on Android for example turns on encryption on the device and doesn't play a part in transmitting data in an encrypted fashion - which is up to the app being used - like Whatsapp or Chrome. Same goes for Windows 10.  End to end encryption is handled by the program running.  Here I was expecting a message like something like "never use http" or "if you encounter a site running only http - demand https".    Or a message like "DNS is not encrypted - us DoH or DoT to encrypt your DNS queries".   Or disable TLS 1.1.  And then explain how to go about doing it.

3.  Use strong passwords: I do not understand how using a strong password improves encryption.  I can understand this request if this day was called "Global Internet Security day" - but fail to see how a strong password improves encryption.  A weak password on a banking site will allow a hacker to break into your bank account even if you use the best end to end encryption money can buy.

4.  Keep up with updates: Same as #3.  This bullet point has nothing to do with the the initial message at the top of the page which is what I had assumed would be the focus: "End-to-end encryption is any form of encryption in which only the sender and intended recipient can read the message. No third party, even the party providing the communication service, has knowledge of the encryption key. End-to-end encryption is the most secure form of encryption that you can use."

5. Turn on two-factor log-in (2FA): Same as #4.

6. Turn on erase-data options: Same as #4.

I was hoping that the toolkit would tackle issues like:

- "turn off telnet and only use ssh"

- Visit sites like this to determine which messaging app is best for you:
   https://getstream.io/blog/most-secure-messaging-apps/<https://us-west-2.protection.sophos.com?d=getstream.io&u=aHR0cHM6Ly9nZXRzdHJlYW0uaW8vYmxvZy9tb3N0LXNlY3VyZS1tZXNzYWdpbmctYXBwcy8=&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=QUprTnFuTmRVWm9HQjVnd1BXVlZXKy9sY09PNWR0ZFVkR1lQVVozbTlyMD0=&h=0cd2721ce1224d45b735b2a5e847181b>
   https://www.tomsguide.com/reference/best-encrypted-messaging-apps<https://us-west-2.protection.sophos.com?d=tomsguide.com&u=aHR0cHM6Ly93d3cudG9tc2d1aWRlLmNvbS9yZWZlcmVuY2UvYmVzdC1lbmNyeXB0ZWQtbWVzc2FnaW5nLWFwcHM=&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=OFRUMWk1ZmFlRHlKUDJOQUN6bkRkbEt2OG9DYlhSQ25CSmR6NnZENVh5VT0=&h=0cd2721ce1224d45b735b2a5e847181b>
   Rather than refer to a 3 year old EFF blog.

- check your web sites to see that they implement SSL properly (need to get an A or higher) and here is an easy site to use: https://www.ssllabs.com/ssltest/<https://us-west-2.protection.sophos.com?d=ssllabs.com&u=aHR0cHM6Ly93d3cuc3NsbGFicy5jb20vc3NsdGVzdC8=&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=bUN4dzhYNElCTTBOVmx2V0UxTHIwKzQrcEZYZWJnUmplRytpMjNyNllLRT0=&h=0cd2721ce1224d45b735b2a5e847181b>
Incidentally, ISOC and GED only gets a grade B:
https://www.ssllabs.com/ssltest/analyze.html?d=www.isoc.org&s=104.18.10.177&latest<https://us-west-2.protection.sophos.com?d=ssllabs.com&u=aHR0cHM6Ly93d3cuc3NsbGFicy5jb20vc3NsdGVzdC9hbmFseXplLmh0bWw_ZD13d3cuaXNvYy5vcmcmcz0xMDQuMTguMTAuMTc3JmxhdGVzdA==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=Zm5abEdwUmxZOVNSTm9nam94QUltTzQwZWJyVWduLzVqYVFCZ3dPOUJRWT0=&h=0cd2721ce1224d45b735b2a5e847181b>
https://www.ssllabs.com/ssltest/analyze.html?d=ged.globalencryption.org&s=104.18.30.134&latest<https://us-west-2.protection.sophos.com?d=ssllabs.com&u=aHR0cHM6Ly93d3cuc3NsbGFicy5jb20vc3NsdGVzdC9hbmFseXplLmh0bWw_ZD1nZWQuZ2xvYmFsZW5jcnlwdGlvbi5vcmcmcz0xMDQuMTguMzAuMTM0JmxhdGVzdA==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=VEo1cGxyd2tvSUR6UXhNWDUyMWVTMlNpL3VCYUJjMXFrM0hLa2tRRVdWMD0=&h=0cd2721ce1224d45b735b2a5e847181b>
primarily since you allow TLS 1.1 which was deprecated in Chrome in early 2020 and the IETF released RFC8996 deprecating TLS 1.0 and TLS 1.1:
https://datatracker.ietf.org/doc/rfc8996/<https://us-west-2.protection.sophos.com?d=ietf.org&u=aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvcmZjODk5Ni8=&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=dEdkQjd4bmltUldMRkZGOTNiVUx1S1lXZWRWNVhUQ3d1ZDZwRDJoNURXbz0=&h=0cd2721ce1224d45b735b2a5e847181b>
I hope this can be corrected before some newspaper picks up on how GED uses a non-secure encryption protocol.

- how to turn on DoH in Chrome or Firefox

I hope someone can explain to me what message we are attempting to deliver via this media blitz since I do not understand it.

Regards,
Hank Nussbacher
ISOC-IL








Having trouble viewing this email? Click here<https://us-west-2.protection.sophos.com?d=internetsociety.org&u=aHR0cDovL3BvcnRhbC5pbnRlcm5ldHNvY2lldHkub3JnLzYyMjYxOS9idWxsZXRpbi9WaWV3U2VudC9jMzA1NzM1NC1mNjUyLTRmNjctYWJhNi0xY2Q4ZGNlZGFiNTIvMzE3NjZmNDUtMmVmZC00Yjk3LTg2ZTMtZGI2MTU0M2YwNTRhP21pZD1mMTBlMjUyOC0zZTJiLTQ4OTEtOTA3NS05NWNlYzc4M2E0ZDUmdHlwZT1l&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=UUNPampwNnN1Nnh3TlpaeGV3T2lxWDBWTXlLeWdEZ25vRnBad1poNlBkTT0=&h=0cd2721ce1224d45b735b2a5e847181b> to view it online.

[Image removed by sender. Internet Society]


Hello Hank

Global Encryption Day is less than a month away!  To advocate for a strong and secure Internet we need to empower people everywhere to stand up for encryption. So the Global Encryption Coalition (GEC) has created an advocacy toolkit to help you and your communities grow a voice that is too powerful to ignore. You'll find case studies, advocacy guides, campaign guides, social media toolkits, press toolkits and much more. Take a look at the toolkit<https://us-west-2.protection.sophos.com?d=globalencryption.org&u=aHR0cHM6Ly9nZWQuZ2xvYmFsZW5jcnlwdGlvbi5vcmcvYWR2b2NhY3ktdG9vbGtpdC8=&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=dng3c1R4K2xxMGRMZm1zcUE4bDl4WGZNREU3RlZGMXEwbG1Uc25JRzFiST0=&h=0cd2721ce1224d45b735b2a5e847181b>.

Planning an Event?
Organizations, advocacy groups and communities are planning encryption related events on and around Global Encryption Day - 21 October. Check out the updated global events<https://us-west-2.protection.sophos.com?d=globalencryption.org&u=aHR0cHM6Ly9nZWQuZ2xvYmFsZW5jcnlwdGlvbi5vcmcvZXZlbnRzLw==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=Q0k4dkJPdTlmdlhrSkRxUWlScUhXRU5rR0swNnllMmt5ZlJvYmM3ckwrcz0=&h=0cd2721ce1224d45b735b2a5e847181b> calendar and let us know <https://us-west-2.protection.sophos.com?d=globalencryption.org&u=aHR0cHM6Ly9nZWQuZ2xvYmFsZW5jcnlwdGlvbi5vcmcvZXZlbnQtcmVnaXN0cmF0aW9uLw==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=WTh1Wm9Va0hHZDg0ZXA2eTgvL2V5TU1DaUIycElnWnN3STRXZXRvRXNRYz0=&h=0cd2721ce1224d45b735b2a5e847181b> if you're planning an event that you want included.

This Week's Campaign News:

  *   Individuals all over the world have signed the pledge to Make the Switch to end-to-end encrypted apps and platforms. What are you waiting for?<https://us-west-2.protection.sophos.com?d=globalencryption.org&u=aHR0cHM6Ly9nZWQuZ2xvYmFsZW5jcnlwdGlvbi5vcmcvcGxlZGdlLXRvLXN3aXRjaC1pbmRpdmlkdWFsLw==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=Qnl6TXQ4YmZnR1BuTDExa2JMZjY0TW5sVk5pSW1ib3lodDNsOHR4M0p3cz0=&h=0cd2721ce1224d45b735b2a5e847181b>
  *   Want to find out more about how to Make the Switch and protect yourself? Take a look.<https://us-west-2.protection.sophos.com?d=globalencryption.org&u=aHR0cHM6Ly9nZWQuZ2xvYmFsZW5jcnlwdGlvbi5vcmcvcHJvdGVjdC15b3Vyc2VsZi1tYWtlLXRoZS1zd2l0Y2gtdG8tZW5jcnlwdGVkLXNlcnZpY2VzLw==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=YWRORm1OQTNSdTkvaEZSamRUdlZuVGw0MXBtQnJpMU1aT3I2ZEVINHp6OD0=&h=0cd2721ce1224d45b735b2a5e847181b>
  *   The campaign website<https://us-west-2.protection.sophos.com?d=globalencryption.org&u=aHR0cDovL2dlZC5nbG9iYWxlbmNyeXB0aW9uLm9yZw==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=K1oxNDBmRjUxUzR5U2pWck5jcUc5SjhSZGh2blRYK3dpWXR4UnhNL0tVbz0=&h=0cd2721ce1224d45b735b2a5e847181b> is now available in multiple languages and has several accessibility features.
  *   Take a look at our new Frequently Asked Questions<https://us-west-2.protection.sophos.com?d=globalencryption.org&u=aHR0cHM6Ly9nZWQuZ2xvYmFsZW5jcnlwdGlvbi5vcmcvZmFxcy8=&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=bW5XaldoQ3NQN1NKSEpiUFFTYjFLazJ0dVA3dzJMd3ZQNjQvV2QvNlBZYz0=&h=0cd2721ce1224d45b735b2a5e847181b> (FAQs) section.
  *   Don't forget to follow and share on Twitter<https://us-west-2.protection.sophos.com?d=twitter.com&u=aHR0cHM6Ly90d2l0dGVyLmNvbS9lbmNyeXB0aW9uX2RheQ==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=U2Zwdnp5enNvbmZ1VHNMY1dZY3BlN3I3em5tc1F3L29YZnZnNm9ZNURaQT0=&h=0cd2721ce1224d45b735b2a5e847181b> and Facebook.<https://us-west-2.protection.sophos.com?d=facebook.com&u=aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL0dsb2JhbEVuY3J5cHRpb25EYXkv&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=WFUwaVc5ck9MbERMRVd5S0FBVXB5MW5rSUUyTGRhNDFCdkZRVEgzdUFOND0=&h=0cd2721ce1224d45b735b2a5e847181b>

Thank you for all your work,

Susannah Gray
Director, Communications
Internet Society


[Image removed by sender. Internet Society]
Don't miss a thing.
Twitter<https://us-west-2.protection.sophos.com?d=twitter.com&u=aHR0cHM6Ly90d2l0dGVyLmNvbS9pbnRlcm5ldHNvY2lldHk=&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=Wldwbnl2Vk5EbmJEU3NZMzFxamtFUmVzam1ZTDRVaVpXOHYwTzFNeGovOD0=&h=0cd2721ce1224d45b735b2a5e847181b> | Facebook<https://us-west-2.protection.sophos.com?d=facebook.com&u=aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL0ludGVybmV0U29jaWV0eQ==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=UzNGRHdpc042LzJDcUNTUUFiUit4SlRINEJVVDkrV010eUtGdGh4RCt1VT0=&h=0cd2721ce1224d45b735b2a5e847181b> | LinkedIn<https://us-west-2.protection.sophos.com?d=linkedin.com&u=aHR0cHM6Ly9jYS5saW5rZWRpbi5jb20vY29tcGFueS9pbnRlcm5ldC1zb2NpZXR5&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=MU5KZXdjR3ZJa1l0WEtTcldSWTJ0MlQ2bXU3ZDhTSnZESHFnZm8yRUJwVT0=&h=0cd2721ce1224d45b735b2a5e847181b> | YouTube<https://us-west-2.protection.sophos.com?d=youtube.com&u=aHR0cHM6Ly93d3cueW91dHViZS5jb20vdXNlci9JbnRlcm5ldFNvY2lldHlWaWRlbw==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=bGE2MVhhZ0NEMlU0TW1STldCVU03NXZFaGsyTXgxNTg1c09tYXk5U2NvND0=&h=0cd2721ce1224d45b735b2a5e847181b> | Instagram<https://us-west-2.protection.sophos.com?d=instagram.com&u=aHR0cHM6Ly93d3cuaW5zdGFncmFtLmNvbS9pbnRlcm5ldHNvY2lldHkv&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=cnBwVHZGTS9WMWlSK2YxMytaTUlab0txaGI3b2Vra0luY3VEejZaaGtycz0=&h=0cd2721ce1224d45b735b2a5e847181b>
This message was sent to Hank Nussbacher by the Internet Society.
Please add us to your safe list to ensure delivery.
Unsubscribe<https://us-west-2.protection.sophos.com?d=internetsociety.org&u=aHR0cDovL3BvcnRhbC5pbnRlcm5ldHNvY2lldHkub3JnLzYyMjYxOS9FbWFpbC9VbnN1YnNjcmliZT9FaWQ9ZjEwZTI1MjgtM2UyYi00ODkxLTkwNzUtOTVjZWM3ODNhNGQ1&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=cHBTaVpjalpDYkpWVURpRnBDWVpNRkdDcmtpdlM4Wm1XQitIdmRwM2dKMD0=&h=0cd2721ce1224d45b735b2a5e847181b> | Unsubscribe via email<mailto:globalmembership at isoc.org> | Update your preferences<https://us-west-2.protection.sophos.com?d=internetsociety.org&u=aHR0cDovL3BvcnRhbC5pbnRlcm5ldHNvY2lldHkub3JnLzYyMjYxOS9lbWFpbHByZWZlcmVuY2VzL2VkaXQ_RW50aXR5SWQ9ZjEwZTI1MjgtM2UyYi00ODkxLTkwNzUtOTVjZWM3ODNhNGQ1&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=UjNWdm5mckxxakV5WnZZUlVtVG1Wc2hJM1hmWG42V0NoNUpwcjYxTGlXOD0=&h=0cd2721ce1224d45b735b2a5e847181b> | View Online<https://us-west-2.protection.sophos.com?d=internetsociety.org&u=aHR0cDovL3BvcnRhbC5pbnRlcm5ldHNvY2lldHkub3JnLzYyMjYxOS9idWxsZXRpbi9WaWV3U2VudC9jMzA1NzM1NC1mNjUyLTRmNjctYWJhNi0xY2Q4ZGNlZGFiNTIvMzE3NjZmNDUtMmVmZC00Yjk3LTg2ZTMtZGI2MTU0M2YwNTRhP21pZD1mMTBlMjUyOC0zZTJiLTQ4OTEtOTA3NS05NWNlYzc4M2E0ZDUmdHlwZT1l&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=UUNPampwNnN1Nnh3TlpaeGV3T2lxWDBWTXlLeWdEZ25vRnBad1poNlBkTT0=&h=0cd2721ce1224d45b735b2a5e847181b> | Privacy Policy<https://us-west-2.protection.sophos.com?d=internetsociety.org&u=aHR0cHM6Ly93d3cuaW50ZXJuZXRzb2NpZXR5Lm9yZy9wcml2YWN5LXBvbGljeS8=&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=eld3c0h3THdFNUwzSzhEbjNKTThDQjgvd1VSdTNZQXZyOVNQa2VtMWFvOD0=&h=0cd2721ce1224d45b735b2a5e847181b> | Contact Us<https://us-west-2.protection.sophos.com?d=internetsociety.org&u=aHR0cHM6Ly93d3cuaW50ZXJuZXRzb2NpZXR5Lm9yZy9jb250YWN0LXVzLw==&i=NjExZDIyY2Q4NzUzZDIwZjVkYWQ4NmEy&t=QXdtWk0zQjNGbkdEbDdpdzJRdjJpMnBjbVl0M2d5Y0FSYVJJazhPZERVRT0=&h=0cd2721ce1224d45b735b2a5e847181b>
© Copyright 2021 Internet Society
11710 Plaza America Drive, Suite 400, Reston, VA 20190-5108, USA, +1 703-439-2120
Rue Vallin 2, CH-1201, Geneva, Switzerland, +41-22-807-1444
Have questions? Contact globalmembership at isoc.org<mailto:globalmembership at isoc.org>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20210927/cdb3fd9b/attachment.htm>

More information about the Chapter-delegates mailing list