Forgot your password?

What percentage of your online communications are encrypted?

Displaying poll results.
0% - 20%
  5663 votes / 34%
20% - 40%
  2409 votes / 14%
40% - 60%
  1550 votes / 9%
60% - 80%
  926 votes / 5%
80% - 100%
  667 votes / 4%
c7f439e864d28d9e5ca2aa885c4ec4cb
  5103 votes / 31%
16318 total votes.
[ Voting Booth | Other Polls | Back Home ]
  • Don't complain about lack of options. You've got to pick a few when you do multiple choice. Those are the breaks.
  • Feel free to suggest poll ideas if you're feeling creative. I'd strongly suggest reading the past polls first.
  • This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane.
This discussion has been archived. No new comments can be posted.

What percentage of your online communications are encrypted?

Comments Filter:
  • Really? MD5? (Score:1, Insightful)

    by Bovius (1243040)

    That was cracked a long time ago.

    • by Anonymous Coward

      I decrypted it, it was a Ubuntu disc iso ...

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Plus, it isn't an encryption method.

      • Re: (Score:1, Troll)

        by Zmobie (2478450)

        Actually, yes it is an encryption method, just a one way encryption method.

        http://en.wikipedia.org/wiki/C... [wikipedia.org]

        • Re: (Score:3, Informative)

          by Anonymous Coward

          Slight difference there: It's cryptographic, but not encryption. You cannot "decrypt" the output of a one-way hash. Hence why it's not encryption.

          • by AK Marc (707885)
            If the hash length is longer than the message length, isn't it then "encryption"? Or can you have 1024 bit hash collisions from sub 512 bit messages?
            • MD5 has never been considered encryption. As was already pointed out it's a cryptographic hash, not an encryption method.

              • Re: (Score:3, Funny)

                by Zmobie (2478450)

                Really starts getting into splitting hairs at that point though. If someone says a "one way encryption function" (which I've heard many a security professional use exactly those words in context) everyone knows they mean hash functions. You could argue the literal definition, but encryption is for all intents and purposes the applied ideas of cryptography. Then again this is slashdot, nearly everyone splits hairs about everything...

            • by Zmobie (2478450)

              If we are getting into the technical definition, bit length, key length, etc. doesn't really pertain to something being encryption or not. By definition a Vigenère or Caesar cipher are consider encryption methods (and Caesar doesn't even use a key) but those are very primitive versions of encryption. If I remember correctly yes, you can still have collisions on something like your example depending on the method used (been a while since I did any of that, so I am a bit rusty). MD5 has lots of known

              • by AK Marc (707885)
                So then my question is, is a hash an irreversible encryption, or is it lossy, or must it be both?

                The key is obviously not noted in there, as a PKI encryption is "encryption" by all definitions, and is done with a key, and signing is a hash done with a key. They are similar (and related) keys.
                • by Zmobie (2478450)

                  The definition for decrypting something is hazy at best as technically using a dictionary attack against a hash function both "decrypts" it and is loss-less assuming you have any related salts etc (this includes even things like SHA2 because with enough time/resources, admittedly ludicrous amounts, it can be "decrypted" or "de-hashed").

                  Speaking theoretically it should really be acceptable to say "one-way encryption method" although, as of course everyone was undoubtedly going to point out when I said that,

                • A hash function is just a mapping of data of an arbitrary length to data of a fixed length. The function could be guaranteed to map all strings below the output length to guaranteed-unique values, or there could be hash collisions. It depends on how the function is defined. Hash functions that are cryptographically useful don't have easy ways to find collisions, but there are an infinite number of not-useful functions that are still technically hashes.
          • by Zmobie (2478450)

            While theoretically true, rainbow tables strongly disagrees :). That is probably the main reason that definition isn't exactly right. I think general definition is actually something encoded so that only allowed persons can read it. It really isn't much of (if at all to most people in the field) a misuse of the term encryption to use it in context to hash functions as long as you qualify that it is a one way encryption method.

          • by lgw (121541)

            Bruce Schneier [schneierfacts.com] uses MD5 as a compression algorithm.

            • by Wycliffe (116160)

              Bruce Schneier [schneierfacts.com] uses MD5 as a compression algorithm.

              You say this as a joke but where I work that's exactly what we use it for. We use it to index and catalog larger records.
              It's much easier to check whether a md5sum is unique than to check if an entire record is unique. We obviously can't
              reverse it but it is easy to recompute it on a new record to see if it's already in the database. There is the small chance
              of collision but as a non-malicious md5sum collision has a lower priority than a life destroying asteroid collision, it's
              good enough for our purposes

              • We use (I believe) SHA-256 for a similar purpose, and with similar justifications. A few billion (or even trillion) records? No problem. It's difficult to comprehend how little of the hashspace we've covered.
            • I think LiveDrive uses(ed) hash functions in order to reduce their data storage footprint. There are stories of whole ISOs showing as uploaded in seconds because they hash check before uploading. Makes perfect sense for cloud storage.
    • by volkerdi (9854)

      It could be cleverly disguised as a bit of MD5 but is actually something encrypted with a 33 character one time pad.

  • by Anonymous Coward on Tuesday April 29, 2014 @04:51PM (#46872167)

    "What percentage of your online communications do you believe are encrypted?"

    • by synapse7 (1075571)

      and does it matter any more..

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      "What percentage of your online communications do you believe are encrypted?"

      This.

      My company forces a SSL proxy and pushes their root CA to all browsers so nobody even knows about it.

      So I don't log into anything at work. Don't need the IT monkeys logging my passwords.

      • by 1s44c (552956)

        How about using the reflections plugin? It will at least tell you the SSL cert isn't the expected one.

        Your approach of simply not using the compromised computer is of course the most secure.

    • by AmiMoJo (196126) *

      I know they can crack my VPN connection if they want to, but it costs them time and money. No more real-time surveillance capability, big dis-incentive to casually snoop on me. Encryption doesn't always have to be perfect, adding cost is well worth doing in this case.

  • by Zappy (7013)

    Why?

  • Email is a postcard.
    Anyone can read it as it passes by.
    Encryption is pointless.
    All encryption can or will be broken.
    By encrypting you merely flag yourself.
    A conspiracy of more than one person will be found out.

    • by geekoid (135745)

      Encryption is about time.
      So, everyone encrypt everything.

    • by Zmobie (2478450)

      Encryption is not about making it impossible to decode (in some cases, hash functions actually do try to do that), it is more about making it not worth the effort or making the effort so high that once you DO decrypt it the information isn't really that useful.

      It is kind of like trying to to hunt through a haystack for a few small items only you have to jump through 200 proverbial hoops before you even get to look for one single item that may require four other items in a different haystacks before it means

      • by mlts (1038732)

        +1

        Nothing is 100%. However, security to keep the majority of the attacks is useful.

        One can say that because some people can pick the lock on a front door, then locks are not needed. However, locks often do work and up the ante for someone getting in.

        I have a habit of encrypting whenever possible. This way, should something happen like my Android tablet get stolen, a USB flash drive used for backups gets nicked, or cloud storage broken into and files snarfed, the damage done is mitigated.

        Of course, key ma

        • Nothing is 100%.

          That depends. Is your checking account adequately secured if I write down a random number and it happens to be your account number?

          Many encryption schemes will outlast the data integrity and greatly outlast the universe. A {2,3} quorum of Rivest, Shamir, and Addleman can attest to this. Someone may guess, but not by repeatable effort; they'll guess by dartboard.

  • Not slashdot.org (Score:4, Interesting)

    by Anonymous Coward on Tuesday April 29, 2014 @05:13PM (#46872461)
    Many of the web sites I use (even youtube) are using https - and are encrypted. But slashdot.org isn't, arstechnica.com isn't (at least by default). So it came to 40% to 60% for me based on the sites I use.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      But slashdot.org isn't

      So what you are saying is the people voting for that last option are lying...

  • God knows. I don't even care to be honest. I keep chatter about my carefully planned conspiracy to unite the world under my rule off the internet, but other than that I have nothing to hide.
    • other than that I have nothing to hide

      Imagine your full browsing history, for example. I bet there is a lot of things that you would not like others to see.

      • by AK Marc (707885)
        Nope. Sometimes personal browser history would look bad for a job, when searching for other jobs and such, but unless someone is planning on taking my browser history out of context, it would be a reasonable reflection of "normal" browsing.
        • I fear that the type of person who demands to see your browsing history is precisely the kind of person who would take it out of context.

          • by AK Marc (707885)
            And, taken out of context, my searches for Barrett rifles, with some others, could be constructed to look like someone trying to go postal. But often at work, any discussions of military or firearms end up using me as a reference. The last time I searched for it, I was using it as an example of barrel venting, and yes, I put up those images at work.

            So if I were to have witnesses to explain away any such oddities, I'd have nothing to fear. And there's no reason for anyone to target me for special interes
            • by geekoid (135745)

              Yes, but when people are looking for a pattern, they will fit data into the pattern.

              " Don't be the most attractive target. That is all. "
              wrong. But hey, your mom was unsecure, so I guess that's how tit work and not just luck.

      • other than that I have nothing to hide

        Imagine your full browsing history, for example. I bet there is a lot of things that you would not like others to see.

        I delete it regularly anyway so that would not be a major concern for me. So I watch porn, visit Arrse (an unofficial British military forum), browse wikipedia, come on slashdot aaaand that covers what, 3/4 of my browsing? Nothing too concerning there.

  • 100% of my online communication is through amazon's shopping cart...
  • If we consider the amount of data the torrents just dominate. I'm always over 300gb/month, the unencrypted emails and websites, all my deep personal stuff won't get to half percent.
  • Nice Ubuntu reference, but it's out date:
    ubuntu-12.04.4-desktop-amd64.iso

    • by jones_supa (887896) on Wednesday April 30, 2014 @03:07AM (#46876009)
      Yep. Just ran an MD5 cracker against the hash in the poll, and lo and behold, got a full Ubuntu DVD without paying a dime. Sweet.
    • by sootman (158191)

      MD5 isn't AN encryption method, period.

      Well, technically, it encrypts things, but without being able to DEcrypt them, it's not very useful.

      1a57290facd5dcf9308d343988230b85 could be the result of "echo a | md5", "md5 ~/Desktop/War_and_Peace.txt"... or both... or something else entirely... or any number of other things. If you figure out what it is, tell these guys. [md5this.com]

  • 100% (Score:4, Funny)

    by DaveAtFraud (460127) on Tuesday April 29, 2014 @09:23PM (#46874445) Homepage Journal

    I encrypt 100% of my on-line communications using the fiendishly difficult to crack ROT26 cypher.

    Cheers,
    Dave

    • by telchine (719345)

      I encrypt 100% of my on-line communications using the fiendishly difficult to crack ROT26 cypher.

      49206d6967687420636f7079207468617421

  • Is the metric here supposed to be by volume of data passed or connection count?

  • by Anonymous Coward

    Ig-pay Atin-lay or-fay e-thay in-way!

  • All my Wifi? (Score:3, Informative)

    by Anonymous Coward on Wednesday April 30, 2014 @02:39AM (#46875903)

    I think my communication is encryptet everytime it goes over a WIFI network. Aswell as when I use my phone to the comapny VPN.

    Also many shopping sites uses secure HTML.

    So about 50%?

    If the question is how much I intentionally point-to-point encrypt then I would only count my workcomputers VPN to company servers (so about 5%?).

    • Re:All my Wifi? (Score:4, Insightful)

      by Idbar (1034346) on Wednesday April 30, 2014 @02:02PM (#46881883)

      Most insightful comment I've seen.

      I use https most of the time, but how does it count to access e-mail, when the e-mail service is provided by a third party so they have access to all my communications.

      In the end, there's always a third party involved that may not care about the secrecy of my communications, so end-to-end encrypted, is probably none. I connect to my work computers using VPN but then again, my employer probably have access as of what I'm typing and doing.

      Does having partially encrypted communications help? Perhaps. Perhaps, so that Comcast/Verizon/T-Mobile or other carriers cannot steal the ad business from Google, Amazon, etc.

    • First what do you mean by encrypted? I mean you'll find that a lot of stuff is encrypted at some point. Wifi is a good example. However so is a cable modem. Any DOCSIS connection is encrypted, 3.0 ones using AES. Of course the encryption is only to the CMTS, it is to keep your neighbours from sniffing in on your traffic, it has to get decrypted for the ISP.

      Also something like a VPN is nearly end-to-end, but only if you then stay on the network it attaches to. Many people use a VPN, but then will go out to o

  • For stuff that matters, e.g. financial/personal data, email, etc., it's 100%, but I've noticed more and more sites are using SSL/TLS by default, even for stuff that really doesn't matter whether it is encrypted or not from a security point of view, so it's purely for user privacy. That's a good start and such efforts are to be applauded, and while I don't specifically track that kind of usage the fact that even Lolcats videos are now often encrypted while in transit the overall percentage of encryption use
  • I always use the https version of websites. Especially those that use OpenSSL. That's super secure and keeps me protected all the time.

    Oh, no wait, that might not be right...

  • by Anonymous Coward

    you asked the question, but how come Slashdot is not using https....?

    • by mlts (1038732)

      If you are a subscriber, Slashdot allows use of https.

    • Historically, the vast majority of ad networks have offered only HTTP. This means ad-supported sites have had to redirect HTTPS to HTTP in order to serve ads without mixed content blocking. This is why HTTPS on Slashdot is for subscribers only.
  • I used to be closer to 60% (only unencrypted things would be torrents and Steam downloads), but a few weeks ago HTTPS Everywhere broke. So now I'm probably around 30% - the HTTPS-always sites, plus SSH and VPN tunnels.

  • by edibobb (113989) on Wednesday April 30, 2014 @05:09PM (#46884017) Homepage
    If it did, I'd have more encrypted communications.
    • by chihowa (366380) *

      It does if you subscribe, which is weird because I can't find that policy spelled out anywhere.

  • I double-ROT13 all of my textual communication.

    • by Nemyst (1383049)
      I 2N-ROT13 all of my communications, with N being a random number generated from careful measurements of uranium decay. It's a bit expensive, the neighbors don't really like how the local wildlife is growing additional appendages, and it's really slow when you're unlucky with your uranium, but at least I can feel safe in the thought that I have the ultimate entropy generator that money can buy. I really feel like the encrypted bits have a nice sheen to them, like a luxury car. It's great!
  • Probably most communications are already encrypted. But I believe my data is stored unencrypted.

  • Depends on what "online communications" are.

    If you mean things like Email, the answer is "none" - simply because Email-encryption remains too difficult for people to setup and use, so no one does.

    If you include browsing, well, since Snowdon, the websites I run are https-only. Unfortunately, most sites haven't taken this step - and anyway, it only helps if you also block the trackers and take other privacy measures.

    • by mlts (1038732)

      For me, I sign my work E-mail with S/MIME by default.

      At home, I don't bother because I've had people go bananas thinking the picture of a ribbon in Outlook was some type of malware. Some private E-mail gets sent via PGP, but oftentimes, it tends to be a keyfile attachment, and a TrueCrypt container with the actual TC volume stashed on a bulk download site like MediaFire.

      I prefer PGP over S/MIME because once keys are exchanged and used for previous transactions, it is obvious that someone is impersonating t

  • Even if all my emails, chat, web sites were encrypted, non-encrypted file downloads (videos, software) count for at least 99% of my "online communications".
  • SXQgZGVwZW5kcyBvbiBpZiB5b3UgbWVhbiB3aGF0IHdoZSBwZXJjZWl2ZSBhcyBzYWZlIC0gdnMu IHdoYXQgaXMgYWN0dWFsbHkgc2FmZS4uLgo=
  • Percentage of online communication.. by number of bits: torrents dominate, and some HTTP downloads, and these are not encrypted. By my attention, there's more text-based communication, and I'm probably up at 50 %

  • Probably around 60% by volume thanks to encrypted torrents and Tor traffic.

    That's counting HTTPS traffic, although IMO any cert from a CA is nothing but a feelgood measure when it comes to keeping your data from the NSA.

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

 



Forgot your password?
Working...