Dead Cell

From Buzz Feed:

"Nearly 40 Million People Might Not Be Able To Safely Browse The Web On Jan. 1"

 

On the morning of Jan. 1, 2016, anyone with a cell phone more than five years old will be unable to access the encrypted web — which includes sites like Facebook, Google, and Twitter — according to a new plan to upgrade the way those sites are verified. It might not be a big deal in New York or San Francisco, where a 5-year-old phone is treated as an antique, but in some parts of the developing world up to 7% of internet users could find themselves suddenly cut off from the world’s most popular sites, according to research recently published by Facebook and CloudFlare. “This is a story about encryption and the conflict between how you support the future and the past at the same time,” said Matthew Prince, CEO of CloudFlare, during an interview with BuzzFeed News. “It is important to remember that the internet is not just guys with the newest laptops and an iPhone 6.” The “why” behind why this is happening has to do with how websites tell you they are secure. Despite the heated debate over encryption technology currently being waged in Washington, much of the web already is encrypted. The “https” and little green lock at start of many URLs is a sign that that site has been certified, and that your browser can trust that you are visiting the real version of Google, Facebook, or your bank, rather than an imitation. Websites are encrypted through what’s called a “cryptographic hashing algorithm” — basically a code that the website you’re visiting is put into that is then translated by your browser, provided the site is the real deal. The problem is that the current version, called SHA-1, is no longer safe, according to researchers who announced this October that they would be able to break the technology by the end of the year. So the CA/Browser Forum, the industry group that sets encryption policy, announced that as of midnight Jan. 1, it will no longer issue SHA-1 certificates. Instead, it’ll be opting for the new, stronger SHA-2 certificates. A full country list, showing the percentage of people who will be cut off, is on CloudFlare’s blog, but some of the most affected countries will be Yemen (5.25% of browsers), Egypt (4.8%), and China, with over 6% of the country no longer being able to safely access encrypted sites. It might not seem like a lot, but Prince says over 37 million people could be affected.  Both Stamos and Prince have called on the CA/Browser Forum to roll back some of the requirements for the Jan. 1 deadline. Facebook has suggested its own fix, building a smart mechanism that allows certificates to be switched based on the browser. Older browsers will receive the SHA-1 certificate and newer ones the SHA-2. The code for Facebook’s mechanism was made public on its site for other developers to use. Companies like Mozilla, which updated its early site to SHA-2, said they saw a significant decrease in downloads. “Killed 1 million downloads recently by switching to SHA-2,” wrote Chris More, web production manager for Mozilla. “A lot of the world is still running old browsers and come to our website to get Firefox […] [s]witching to SHA-2 will kill 5% of out downloads and that has a direct impact on ongoing Firefox usage unless we have a better solution to deal with legacy browsers.” Jeremy Rowley, a CA/Browser Forum representative for Digicert, a major certificate-issuing authority, told BuzzFeed News that while the group sees the move to SHA-2 as necessary from a security standpoint, it sees the points raised by Facebook and CloudFlare as valid. “We support Facebook’s recommendation that there should be something to do rather than cutting out all these people at the same time,” said Rowley. He said Facebook was expected to submit a timeline for its proposal by the end of the working day Monday, but by 5 p.m PST it was unclear if Facebook’s proposal has been finished. “There is a growing interest in Facebook’s proposal, but it will require all the browsers to consent in some way… that includes Google, Microsoft, Apple, and Mozilla,” said Rowley. But others have criticized the entire process, including Ryan Sleevi, a software engineer at Google, whose Twitter feed has become a repository for those who think the entire CA/Browser system needs to be changed.

 

^ Maybe I should be worried. I bought my phone over 6 years ago when I first moved here. Since I can't use my cell phone at my home on my mountain or within 23 minutes of my house I haven't upgraded my cell since. Hopefully, it will still work after January 1st. I do plan on upgrading my phone soon, but probably not before the 1st. ^

http://www.buzzfeed.com/sheerafrenkel/nearly-40-million-people-might-not-be-able-to-safely-browse?bffbnews&utm_term=.abx3jwlK4#.sd4Y0k39J