In the wake of the US PRISM Internet surveillance scandal, companies are revisiting how they do business online and beefing up their privacy practices to protect their users.
Private search engines StartPage and Ixquick have pioneered a new advance in encryption security this week, becoming the first search engines in the world to enable "Perfect Forward Secrecy" or PFS in combination with a more secure version of SSL encryption known as TLS 1.1. and 1.2 , which works by setting up a secure "tunnel" through which users' search traffic cannot be intercepted.
This is the latest in a series of security firsts by StartPage and Ixquick, which pioneered the field of private search in 2006. Combined, StartPage/Ixquick is the largest private search engine, serving well over 4 million searches daily.
Harvard-trained privacy expert Dr. Katherine Albrecht, who helped develop StartPage, says, "We take encryption very seriously, and we've always led the way when it comes to security. We were first to adopt default SSL encryption in 2011, and now we're setting the standard for encryption in the post-PRISM world."
SSL encryption has been proven to be an effective tool for protecting sensitive online traffic from eavesdropping and surveillance. However, security researchers now worry that SSL encryption may not provide adequate protection if Government agencies are scooping up large amounts of encrypted traffic and storing it for later decryption.
With SSL alone, if a target website's "private key" can be obtained once in the future – perhaps through court order, social engineering, attack against the website, or cryptanalysis – that same key can then be used to unlock all other historical traffic of the affected website. For larger Internet services, that could expose the private data of millions of people.
StartPage and Ixquick have now deployed a defense against this known as "Perfect Forward Secrecy," or PFS.
PFS uses a different "per-session" key for each data transfer, so even if a site's private SSL key is compromised, data that was previously transmitted is still safe. Those who want to decrypt large quantities of data sent using PFS face the daunting task of individually decrypting each separate file, as opposed to obtaining a single key to unlock them all.
This can be likened to replacing the master "skeleton key" that unlocks every room in a building with a tight security system that puts a new lock on each door and then creates a unique key for each lock.
In addition to its pioneering use of PFS, earlier this month StartPage and Ixquick deployed Transport Layer Security, or TLS, encryption versions TLS 1.1 and 1.2 on all of its servers. TLS is an upgraded form of SSL encryption, which sets up a secure "tunnel" that protects users' search information.
In independent evaluation, StartPage and Ixquick outscore their competitors on encryption standards. (See Qualys' SSL Labs evaluation of StartPage's encryption features:
CEO Robert Beens urges other companies to upgrade to these new technologies. "With Perfect Forward Secrecy and TLS 1.1 and 1.2 combined, we are once again leading the privacy industry forward. For the sake of their users' privacy, we strongly recommend other search engines follow our lead."