this post was submitted on 13 May 2026
41 points (100.0% liked)

Europe

11178 readers
792 users here now

News and information from Europe 🇪🇺

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

  1. This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
  2. No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
  3. Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
  4. No bigotry, sexism, racism, antisemitism, islamophobia, dehumanization of minorities, or glorification of National Socialism. We follow German law; don't question the statehood of Israel.
  5. Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
  6. If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
  7. Light-hearted content, memes, and posts about your European everyday belong in other communities.
  8. Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
  9. No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)
  10. Always provide context with posts: Don't post uncontextualized images or videos, and don't start discussions without giving some context first.

(This list may get expanded as necessary.)

Posts that link to the following sources will be removed

Unless they're the only sources, please also avoid The Sun, Daily Mail, any "thinktank" type organization, and non-Lemmy social media (incl. Substack). Don't link to Twitter directly, instead use xcancel.com. For Reddit, use old:reddit:com

(Lists may get expanded as necessary.)

Ban lengths, etc.

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 7 or 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to the admin that applied the rule (check modlog first to find who was it.)

founded 2 years ago
MODERATORS
federalreverse@feddit.org
poVoq@slrpnk.net
anzo@programming.dev
EuroMod@feddit.org
41
European governments: 3.000 tracking sites, 1.000 phpMyAdmins, and 99% poorly encrypted email. Introducing SecurityBaseline.eu (internetcleanup.foundation)
submitted 4 days ago by CAVOK@lemmy.world to c/europe@feddit.org
3 comments fedilink hide all child comments
top 3 comments
sorted by: hot top controversial new old
[–] huppakee@piefed.social 6 points 4 days ago (1 children)

Thanks for sharing, great article. Copied and pasted some bits below:

(…) Metrics are gathered day and night over all 200.000 internet domains, accross the massive total of 67.000 local governments. Nearly 200.000 seems like a high number, but in fact it is very low.

In reality, the true number of government domains is tenfold but finding those requires a lot of effort. We mostly are missing ‘project’ domains, targeted at tourism, housing, infrastructure, festivals, and anything else the government produces. Some governments, like the Netherlands, have multiple official registries for governmental websites. Yet our Dutch initiative has found thousands of additional domains missing from those registries.

Later in the article they share the 3 most worrying metrics:

3.081 European government sites place tracking cookies without consent. (…)

YouTube is the biggest source of tracking cookies, with 2077 cookies placed in total. Google Ads(!) follows with 842 tracking cookies. This might be a side effect of misconfiguration of Google Analytics, which should also not be used; however, that is measured in another metric not mentioned in this article. Then we see 293 Facebook cookies, probably for website analytics as well. Last but not least, we see 20 TikTok cookies.

We found a total of 1.070 phpMyAdmin portals on 3.529 different domains. Many domains share the same panel; they share the same service provider for example. phpMyAdmin is an open-source tool, yet we found no financial contributions from European governments to this software project. This means they are depending on software, yet are not willing or mandated to pay for it; we see this as an unwillingness to invest in their own online security. We urge governments to pay for open source for their own sake.

Two of these panels are present at addresses of Computer Security Incident Response Teams, which is a double offense. It might require some trickery to see these addresses in the browser.

Last but not least, the most shocking discovery of our research: the encryption quality of e-mail to European governments is poor. And not just any form of poor: as 99% does not follow up-to-date security practices. Only the Netherlands and Denmark show somewhat promising numbers.

[–] lath@piefed.social 5 points 4 days ago

Security practices won't improve any time soon because governments work on a budget and generally have a mandate of reducing costs. Any issue which costs to solve is an issue for the next government.

[–] zwerg@feddit.org 3 points 4 days ago

1,000 database admin endpoints exposed?! In the words of Gordon Ramsey... FUCKING HELL!