Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

How California Reproductive Health Workers Can Protect Information They Submit to the Government

a female figure with ultrasound revealing security icon

With the U.S. Supreme Court's decision in Dobbs reversing long-standing rights to abortion access, workers and volunteers for reproductive health clinics must reevaluate the risks they face (also known as a threat model) and take steps to safeguard their personal information–including information they have submitted to the government.

In 2020, nearly 17% of abortions performed in the United States occured in California, according to data from the Guttmacher Institute, and...

Read More

How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now

The ad identifier - aka “IDFA” on iOS, or “AAID” on Android - is the key that enables most third-party tracking on mobile devices. Disabling it will make it substantially harder for advertisers and data brokers to track and profile you, and will limit the amount of your personal information up for sale.

This post explains the history of device ad identifiers and how they have enabled persistent tracking, identification, and other privacy invasions. 

But first things first....

Read More

SafeGraph’s Disingenuous Claims About Location Data Mask a Dangerous Industry

On Tuesday, Motherboard reported that data broker SafeGraph was selling location information “related to visits to clinics that provide abortions including Planned Parenthood facilities.” This included where people came from and where they went afterwards.

In response, SafeGraph agreed to stop selling data about Planned Parenthood visitors. But it also defended its behavior, claiming “SafeGraph has always committed to the highest level of privacy practices ensuring individual...

Read More

Digital Security and Privacy Tips for Those Involved in Abortion Access

a female figure with ultrasound revealing security icon

Legislation deputizing people to find, sue, and collect damages from anyone who tries to help people seeking abortion care creates serious digital privacy and security risks for those involved in abortion access. Patients, their family members and friends, doctors, nurses, clinic staff, reproductive rights activists, abortion rights counselors and website operators, insurance providers, and even drivers who help take patients to clinics may face grave risks to their privacy and safety....

Read More

An EFF Investigation: Mystery GPS Tracker On A Supporter’s Car

Locational Privacy Urban

Being able to accurately determine your location anywhere on the planet is a useful technological trick. But when tracking isn’t done by you, but to you—without your knowledge or consent—it’s a violation of your privacy. That’s why at EFF we’ve long fought against dragnet surveillance, mobile device tracking, and warrantless GPS tracking.

Several weeks ago, an EFF supporter brought her car to a mechanic, and found a mysterious device wired into her car under her driver's...

Read More

Another Tracker Scanning App Highlights the Need for a Better Way to Protect Victims From Digital Stalking

First came tracking devices like Tiles and AirTags, marketed as clever, button-sized Bluetooth-enabled gizmos that can find your lost backpack. Then, after bad actors started using the devices to stalk or follow people, came scanning apps to help victims find out whether those same gizmos were tracking them.Such is the twisted, dangerous path of tracking devices in the wrong hands. That device makers are rolling out scanning apps that can potentially help stalking victims is a...

Read More

Telegram Harm Reduction for Users in Russia and Ukraine

mobile surveillance

Update March 8, 2022: EFF has clarified that Channels and Groups are not fully encrypted, end-to-end, updated our post to link to Telegram’s FAQ for Cloud and Secret chats, updated to clarify that auto-delete is available for group and channel admins, and added some additional links.

Russians and Ukrainians are both prolific users of Telegram. They rely on the app for channels that act as newsfeeds, group chats (both public and private), and one-to-one...

Read More

Podcast Episode: The Life of the (Crypto) Party

Episode 106 of EFF’s How to Fix the Internet

Surveillance is always problematic, but it isn’t neutral—it is more often deployed in communities of color than elsewhere. And surveillance technology isn’t objective, either—it often magnifies the biases of its users and creators, affecting already-marginalized individuals far more heavily than others. Matt Mitchell, founder of CryptoHarlem, has an exciting solution for helping undo the damage that pervasive surveillance has...

Read More

Certbot’s Instructions Generator now available in Farsi

EFF’s Certbot tool helps to automate TLS/SSL certificates for web servers—and we believe that should be a global right. Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates, and is part of EFF’s larger effort to encrypt the entire Internet. Websites need to use HTTPS to secure the web. Along with HTTPS Everywhere, Certbot aims to build a network that is more structurally private, safe, and protected against censorship.

A long standing goal...

Read More

HTTPS Is Actually Everywhere

For more than 10 years, EFF’s HTTPS Everywhere browser extension has provided a much-needed service to users: encrypting their browser communications with websites and making sure they benefit from the protection of HTTPS wherever possible. Since we started offering HTTPS Everywhere, the battle to encrypt the web has made leaps and bounds: what was once a challenging technical argument is now a mainstream standard offered on most web pages. Now HTTPS is truly just about everywhere, thanks...

Read More

What’s Up with WhatsApp Encrypted Backups

crossed keys security icon banner

WhatsApp is rolling out an option for users to encrypt their message backups, and that is a big win for user privacy and security. The new feature is expected to be available for both iOS and Android “in the coming weeks.” EFF has pointed out unencrypted backups as a huge weakness for WhatsApp and for any messenger that claims to offer end-to-end encryption, and we applaud this improvement. Next, encryption for backups should become the default for all users, not just an option.

... Read More

Surveillance Self-Defense Guides Now Available in Burmese

As part of our goal to expand the impact of our digital security guide, Surveillance Self-Defense (SSD), we recently translated the majority of its contents into Burmese. This repository of resources on circumventing surveillance across a variety of different platforms, devices, and threat models is now available in English, and in whole or in part in 11 other languages: Amharic, Arabic, Spanish, French, Russian, Turkish, Vietnamese, Brazilian Portuguese, Burmese, Thai, and Urdu.

... Read More

​​What to Do When Schools Use Canvas or Blackboard Logs to Allege Cheating

Over the past few months, students from all over the country have reached out to EFF and other advocacy organizations because their schools—including teachers and administrators—have made flimsy claims about cheating based on digital logs from online learning platforms that don’t hold up to scrutiny. Such claims were made against over a dozen students at the Dartmouth Geisel School of Medicine, which EFF and the Foundation for Individual Rights in Education (FIRE) criticized for being a...

Read More

Decoding California's New Digital Vaccine Records and Potential Dangers

California Privacy

This post was updated on 6/29/21 to more accurately describe how New York is running its voluntary vaccine passport program

The State of California recently released what it calls a “Digital COVID-19 Vaccine Record.” It is part of that state’s recent easing of public health rules on masking within businesses. California’s new Record is a QR code that contains the same information as is on our paper vaccine cards, including name and birth date. We all...

Read More

[VISUAL] The Overlapping Infrastructure of Urban Surveillance, and How to Fix It

A cityscape with surveillance

Between the increasing capabilities of local and state police, the creep of federal law enforcement into domestic policing, the use of aerial surveillance such as spy planes and drones, and mounting cooperation between private technology companies and the government, it can be hard to understand and visualize what all this overlapping surveillance can mean for your daily life. We often think of these problems as siloed issues. Local police deploy automated license plate readers or...

Read More

[VISUAL] The Overlapping Infrastructure of Urban Surveillance, and How to Fix It

A cityscape with surveillance

Between the increasing capabilities of local and state police, the creep of federal law enforcement into domestic policing, the use of aerial surveillance such as spy planes and drones, and mounting cooperation between private technology companies and the government, it can be hard to understand and visualize what all this overlapping surveillance can mean for your daily life. We often think of these problems as siloed issues. Local police deploy automated license plate readers or...

Read More

Security Tips for Online LGBTQ+ Dating

Cat Astronaut Soars Through Cyberspace, Leaving a Glowing Rainbow Trail

Dating is risky. Aside from the typical worries of possible rejection or lack of romantic chemistry, LGBTQIA people often have added safety considerations to keep in mind. Sometimes staying in the proverbial closet is a matter of personal security. Even if someone is open with their community about being LGBTQ+, they can be harmed by oppressive governments, bigoted law enforcement, and individuals with hateful beliefs. So here’s some advice for staying safe while online dating as an...

Read More

#ParoNacionalColombia and Digital Security Considerations for Police Brutality Protests

In the wake of Colombia’s tax reform proposal, which came as more Colombians fell into poverty as a result of the pandemic, demonstrations spread over the country in late April, reviving social unrest and socio-economic demands that led people to the streets in 2019.The government's attempts to reduce public outcry by withdrawing the tax proposal to draft a new text did not work. Protests continue online and offline. Violent repression on the ground by police, and the military presence in...

Read More

Surveillance Self-Defense Playlist: Getting to Know Your Phone

We are launching a new Privacy Breakdown of Mobile Phones "playlist" on Surveillance Self-Defense, EFF's online guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices. This guided tour walks through the ways your phone communicates with the world, how your phone is tracked, and how that tracking data can be analyzed. We hope to reach everyone from those who may have a smartphone for the first time, to those who have had...

Read More

Surveillance Self-Defense and Security Education: Year in Review 2020

The number 2020 in a glitchy screen

As the world rapidly changed in 2020, new threats arose to our digital security. The shift to online education and the wave of police brutality protests brought new avenues for surveillance, so EFF created new resources to help people protect themselves.EFF maintains a repository of self-help resources for fighting back against surveillance across a variety of different platforms, devices, and threat models. We call it Surveillance Self-Defense, or SSD for short. 

SSD covers myriad...

Read More

Doxxing: Tips To Protect Yourself Online & How to Minimize Harm

crossed keys security icon banner

“Doxxing” is an eerie, cyber-sounding term that gets thrown around more and more these days, but what exactly does it mean? Simply put, it’s when a person or other entity exposes information about you, publicly available or secret, for the purpose of causing harm. It might be information you intended to keep secret, like your personal address or legal name. Often it is publicly available data that can be readily found online with just a bit of digging, like your phone number or workplace...

Read More

macOS Leaks Application Usage, Forces Apple to Make Hard Decisions

the standard apple logo in silver, with a cartoonish green worm poking through it on each side

Last week, users of macOS noticed that attempting to open non-Apple applications while connected to the Internet resulted in long delays, if the applications opened at all. The interruptions were caused by a macOS security service attempting to reach Apple’s Online Certificate Status Protocol (OCSP) server, which had become unreachable due to internal errors. When security researchers looked into the contents of the OCSP requests, they found that these requests contained a hash of the...

Read More

How to Identify Visible (and Invisible) Surveillance at Protests

UPDATE Nov. 5, 2020.  Want a crash course in how to identify surveillance technologies at protests? Watch EFF’s new video presentation on How to Observe Police Surveillance at Protests. The 25-minute video, taught by Senior Investigative Researcher Dave Maass, explains how you can identify various police surveillance technologies, like body-worn cameras, drones, and automated license plate readers, which may be used to surveil demonstrations. In the video, you will learn:

... Read More

Future Ada: Tech Organizing Through an Intersectional Lens

Artist depiction of Ada Lovelace framed by a circle with the text reading 'futureada.org'.

Ada Lovelace's work on the first analytical engine helped lay the path for our modern world and continues to serve as an inspiration to people worldwide, including Electronic Frontier Alliance member Future Ada.

Based in Spokane, WA, Future Ada was founded in 2017 to advance opportunities and support for underrepresented genders in science, technology, engineering, art, and mathematics. That same year, Forbes noted that closing the gender gap could increase U.S. Gross Domestic...

Read More

Pride Resources for Activism in Digital and Physical Spaces

A flying cat in a space suit with a badge of the trans flag, leaving a rainbow trail.

In June, people honor one of the key events that ushered the era of LGBTQIA+ Pride—Stonewall—during which Black and Brown trans and queer people led a riot in direct response to police brutality. This year, Pride occurs during national and global protests over the continued murder of Black people, and highlights disparities around race, gender, ability and identity, with people at these intersections experiencing particular stress, such as the unprecedented dangers for Black trans women....

Read More
Close tooltip