| Amazon |
unknown |
no |
no |
unknown |
unknown |
37% |
50% - 99% |
All pre-login browsing/shopping traffic is unencrypted, including all HTML content, images, etc. So if you search for a Nicolas Cage pillowcase, the NSA or your network administrator can see that. Amazon Web Services also provides hosting for thousands of companies. How AWS approaches encryption has ripple effects across the Internet. Right now, Amazon Web Services said, it offers its clients a variety of encryption choices.
|
| Apple |
unknown |
yes (iCloud) |
no |
unknown |
working on it |
0% |
0% |
Apple encrypts iMessage from end to end. It recently announced it is taking steps to make it more difficult to track its users' identity on Wi-Fi networks. Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers. The company told us this would soon change. This affects users of me.com and mac.com email addresses. We found that many app installations and iOS updates are sent unencrypted to iPhones. The configuration files that let your telecom company control aspects of how your iPhone works is also unencrypted. Apple says these updates are authenticated and can't be changed. All pre-login browsing/shopping traffic from the Apple Store is unencrypted, including all HTML content, images, etc. So if you are a huge Abba fan the NSA could find out. |
| AT&T |
unknown |
unknown |
no |
unknown |
working on it |
18% |
2% |
AT&T's public Wi-Fi network is easy to spoof and vulnerable to SSL-stripping and other attacks. AT&T configures mobile phones on the network to automatically connect to it. AT&T says it takes "extraordinary measures to protect our customers sensitive information and give them ways to manage their experience safely and conveniently."
|
| Comcast |
unknown |
unknown |
no |
unknown |
working on it |
43% |
0% |
Comcast's public Wi-Fi network is easy to spoof and vulnerable to SSL-stripping and other attacks. Comcast said it hopes to roll out a more secure Wi-Fi protocol soon. In the past two weeks, Comcast began adding encryption to email in transit.
|
| Facebook |
working on it |
yes |
yes |
yes |
working on it |
` |
65% |
The vast majority of Facebook content is encrypted. Facebook content and images are unencrypted on older Android phones running 4.1.1. Facebook said these older devices do not support encryption. |
| Google |
yes |
yes |
working on it |
yes |
yes |
100% |
100% |
Google says it's been encrypting search results and search terms for years. But we found that searches for place names returned unencrypted location and map information. Google patched this bug. It was the first large company to announce it was encrypting its data while it was stored in corporate data centers.
|
| LinkedIn |
working on it |
yes |
working on it |
working on it |
yes |
not applicable |
50% - 99% |
We saw examples of LinkedIn sending links, cookies and unique session parameters in clear text. LinkedIn said it's beginning to use encryption on links between data centers. |
| Microsoft |
working on it |
yes |
working on it |
working on it |
working on it |
50% - 99% |
50% - 99% |
Microsoft is quickly adding encryption to its email products. Many, such as Outlook, encrypt most if not all of their inbound and outbound messages in transit. However, many inbound messages from msn.com are still unencrypted. All Bing search traffic is unencrypted, including search queries, results, image searches, etc. We also found Bing transmitting cookies in clear text, which reveals large amounts of personal information. The cookie included a link to your Facebook profile picture and a MUID number, which Microsoft called an anonymous user identifier, and the user's full name. Microsoft said this clear text cookie is being reviewed.
|
| Pinterest |
unknown |
no |
unknown |
unknown |
unknown |
not applicable |
66% |
Pinterest traffic is completely unencrypted even after you log in except in "settings." Pinterest did not get back to us in time to comment for this story. |
| Skype |
unknown |
yes |
unknown |
unknown |
unknown |
0% |
0% |
Skype was leaking parts of users' contact lists. We contacted Skype. It said the issue had been spotted before we called and Skype has now patched it in the most recent version of the app. |
| Snapchat |
unknown |
yes |
unknown |
unknown |
unknown |
not applicable |
65% |
Most traffic is encrypted but we found that Snapchat was sending unencrypted messages revealing when kids signed up for its service. We told Snapchat and the company quickly fixed that bug. |
| WhatsApp |
unknown |
working on it |
unknown |
unknown |
unknown |
not applicable |
not applicable |
WhatsApp revealed users' telephone numbers in clear text. WhatsApp says it is working toward a fix.
|
| Yahoo! |
yes |
working on it |
working on it |
working on it |
yes |
100% |
100% |
While Yahoo has been aggressively adding encryption, it still offers many unebcrypted APIs and services.Yahoo says many customers depend on those unencrypted products, some of which are built into popular products like the iPhone. |
| WordPress |
working on it |
working on it |
unknown |
unknown |
unknown |
not applicable |
0% |
All pre-login traffic and user blogs are unencrypted when posted on wordpress.com. Earlier this week, WordPress announced it would be adopting end-to-end encryption. WordPress can also be hosted on other sites. So if I used WordPress on chickenlove.com, the security and encryption settings are up to me. WordPress did not get back to us before our deadline.
|