We constructed IGD not just with aesthetics and content in mind but privacy and security. However, and most importantly, this does not mean you or us are secure because everything is broken.
What you can do to help secure yourself on the internet:
- Tips, Tools and How-tos for Safer Online Communications
- London Calling: A Cellphone and Internet Security Primer [PDF]
- We anonymize IP addresses in our logs.
- We do not serve advertisements or track behavior.
- We only use Open Source Software that is publicly auditable.
- Your connection is secured using SSL and hardened with a 4096 bit Diffie-Hellman key. This helps to prevent eavesdropping by third parties.
- Your connection is encrypted with SSL using Perfect Forward Secrecy. We have configured SSL to generate random public keys per session for the purposes of key agreement which are not based on any sort of deterministic algorithm. This helps to ensure that any spy capturing information from the internet will not be able to decrypt in the foreseeable future.
- Your connection has been configured to prevent against attacks from third parties by making use of HTTP Strict Transport Security. HSTS is a security protocol that forces the use of SSL in the communication between the web browser and our web servers.
- Your connection has been configured to prevent against attacks from third parties by making use of HTTP Public Key Pinning. The HPKP extension is a security feature that tells your browser to associate a specific SSL certificate with a web site to prevent MITM attacks.
- Your connection is accelerated through the latest version of SPDY – a technology that achieves reduced latency through compression, multiplexing, and prioritization. We are currently looking in to HTTP/2.
- Your connection performance is accelerated through the use of OCSP stapling – a technology that reduces the amount bandwidth needed for OCSP validation, and allows your browser to verify validity of our SSL Certificate without disclosing browsing behavior to a third party.
- Our content is accelerated by using the reverse proxy load balancing caching web accelerator NGINX – an open source web server.
All of this effort has earned us the highest rating from Qualy’s SSL lab.