Certain mobile ISPs can apparently block encryption for online services
by Chris Smith, bgr.com
October 14 09:45 PM
Image Source: Bloomberg
As the battle for net neutrality rages on, new evidence seems to indicate that ISPs and wireless operators could block encryption if they so desire, endangering the security of the users at a time when encryption is becoming more and more important for certain Internet services. TechDirt has discovered some new comments filed by VPN company Golden Frog with the FCC that suggest carriers may have too much power when it comes to being able to throttle traffic and encryption.
FROM EARLIER: What one savvy Verizon customer did to get decent Netflix streaming
The first incident mentioned by Golden Frog has already been discussed before: Verizon has been caught throttling Netflix speeds, and one Verizon customer discovered the maneuver by using Golden Frog’s VPN service to connect to the movie streaming service and recorded a video of his performance significantly improving on a VPN connection.
The second incident has not received the same media coverage, but is also important. Studying the service provided by an a wireless broadband provider, Golden Frog has discovered that said provider was able to interfere with the ability of users to encrypting their emails or other forms of communication.
“In the second instance, Golden Frog shows that a wireless broadband Internet access provider is interfering with its users’ ability to encrypt their SMTP email traffic,” the comment reads. “This broadband provider is overwriting the content of users’ communications and actively blocking STARTTLS encryption. This is a man-in-the-middle attack that prevents customers from using the applications of their choosing and directly prevents users from protecting their privacy.”
Apparently, the provider can prevent a server’s response from reaching the user’s device by telling it that it can’t enable encryption for a service. Even if the user attempts to manually turn encryption on, the provider manages to intercept the encryption requests the user sends and convert them into different commands for the server, thus failing to trigger encryption.
Golden Frog says these service blocking powers are similar to the way Comcast was throttling BitTorrent in 2007, but this time around that unnamed provider was not blocking BitTorrent-generated traffic, but encryption.
The company argues that the same Net Neutrality rules that should apply to wired Internet providers should also apply to mobile Internet providers, especially considering this specific encryption-related incident that can affect the user’s online privacy.
The full Golden Frog filing is available at the source link.