Skip to main content
 
Security Education Companion
A free resource for digital security educators

Welcome to the Security Education Companion! SEC is a resource for people teaching digital security to their friends and neighbors.

If you are new to digital security, want tutorials for privacy-protecting tools, or want translated guides in 11 languages, head to Surveillance Self-Defense (SSD).

Lessons

Putting together a lesson plan for a digital security workshop? Check out our beginner-friendly lesson modules.

Passwords

Passwords

Duration: 1 hour
Beginning
Social media

Locking Down Social Media

Duration: 1 hour
Beginning
Threat model 2

Threat Modeling

Duration: 30 minutes - 1 hour and 30 minutes
BeginningIntermediate

Security News

Want to stay up-to-date with security news? Check out our curated posts from EFF's Deeplinks blog.

Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw

Og efail resized 3

Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now.

A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), the most popular email encryption standard. The new paper includes a proof-of-concept exploit that can allow an attacker to use the victim’s own email client to decrypt previously acquired messages and return the decrypted content to...

Read More

Attention PGP Users: New Vulnerabilities Require You To Take Action Now

Og efail resized 3

UPDATE (5/14/18): More information has been released. See EFF's more detailed explanation and analysis here.

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past...

Read More

Disabling PGP in Thunderbird with Enigmail

Og efail resized 3

Researchers have developed code exploiting several vulnerabilities in PGP (including GPG) for email. In response, EFF’s current recommendation is to disable PGP integration in email clients.

Disabling PGP decryption in Thunderbird only requires disabling the Enigmail add-on. Your existing keys will remain available on your machine.

First click on the Thunderbird hamburger menu (the three horizontal lines).

2. Select...

Read More