When an engineer at tech company Golden Frog discovered that his Internet provider had stripped out an essential security email security feature, he revealed a very confusing security practice.
First, a little background:
Whenever you send an email, it can be flagged with certain security protocols. The one you need to keep an email private is called STARTTLS.
If an email client has STARTTLS enabled, then an extra layer of security keeps emails sent on public network private and encrypted.
What the Golden Frog engineer discovered was that STARTTLS occasionally didn't work when he sent emails on his laptop while using his smartphone as a Wi-Fi hotspot.
It turns out that emails sent through his cell phone provider, Cricket, that were flagged for STARTTLS encryption were actively being blocked.
Golden Frog presented its findings in 2013, and Cricket still blocks the encryption a year later.
So that begs the question, do other cell providers block email encryption? AT&T, according to the company, doesn't block the STARTTLS protocol. Between STARTTLS blocking and Verizon's "mega cookie," it's obvious that customer privacy isn't always at the top of many ISPs' to-do lists.
With the net neutrality debate still raging at full force, you'd think that ISPs would be quicker to add basic privacy features that should have been there in the first place.