Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

How to Opt Out of Twitter's New Privacy Settings

Since Wednesday night, Twitter users have been greeted by a pop-up notice about Twitter’s new privacy policy, which will come into effect June 18:

Contrary to the inviting “Sounds good” button to accept the new policy and get to tweeting, the changes Twitter has made around user tracking and data personalization do not sound good for user privacy. For example, the company will now record and store non-EU users’ off-Twitter web browsing history for...

Read More

Intel's Management Engine is a security hazard, and users need a way to disable it

Intel’s CPUs have another Intel inside.

Since 2008, most of Intel’s chipsets have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some...

Read More

Limitations of ISP Data Pollution Tools

Republicans in Congress recently voted to repeal the FCC’s broadband privacy rules. As a result, your Internet provider may be able to sell sensitive information like your browsing history or app usage to advertisers, insurance companies, and more, all without your consent. In response, Internet users have been asking what they can do to protect their own data from this creepy, non-consensual tracking by Internet providers—for example, directing their Internet traffic through a VPN or...

Read More

Who Has Your Back in Brazil? Second Annual Report Shows Telecom Privacy Slowly Improving

Today InternetLab, Brazil’s leading digital rights organization, released their 2017 report on local telecommunications companies, and how they treat their customer's private information. Brazil’s “Quem defende seus dados?” (“Who Defends Your Data?”) seeks to encourage companies to compete for users by showing who will stand up for their customer privacy and data protection. That is why InternetLab, one of the leading independent research centers on Internet policy in Brazil, has...

Read More

Access Now and EFF Condemn the Arrest of Tor Node Operator Dmitry Bogatov in Russia

This post was written in collaboration with Amie Stepanovich at Access Now.

On April 6, Russian math instructor Dmitry Bogatov was arrested in Moscow and charged with “preparing to organize mass disorder” and making “public calls for terrorist activity” due to a gross misunderstanding about the operation of the Tor internet anonymization service. Bogatov is accused of authoring a series of online posts published to the sysadmins.ru discussion platform on March 29 under the...

Read More

The Bill of Rights at the Border: Fifth Amendment Protections for Account Passwords and Device Passcodes

This is the third and final installment in our series on the Constitution at the border. Today, we’ll focus on the Fifth Amendment and passwords. Click here for Part 1 on the First Amendment or Part 2 on the Fourth Amendment.

Lately, a big question on everyone's mind has been: Do I have to give my password to customs agents?

As anyone who’s ever watched any cop show knows, the Fifth Amendment gives you the right to remain silent and to refuse to provide evidence against...

Read More

EFF Launches Community Security Training Series

EFF is pleased to announce a series of community security trainings in partnership with the San Francisco Public Library. High-profile data breaches and hard-fought battles against unlawful mass surveillance programs underscore that the public needs practical information about online security. We know more about potential threats each day, but we also know that encryption works and can help thwart digital spying. Lack of knowledge about best practices puts individuals at risk, so EFF will...

Read More

Hey CIA, You Held On To Security Flaw Information—But Now It's Out. That's Not How It Should Work

Wikileaks today released documents that appear to describe software tools used by the CIA to break into the devices that we all use at home and work. While we are still reviewing the material, we have not seen any indications that the encryption of popular privacy apps such as Signal and WhatsApp has been broken. We believe that encryption still offers significant protection against surveillance.

The worst thing that...

Read More

Cryptographers Demonstrate Collision in Popular SHA-1 Algorithm

On February 23rd, a joint team from the CWI Amsterdam and Google announced that they had generated the first ever collision in the SHA-1 cryptographic hashing algorithm. SHA-1 has long been considered theoretically insecure by cryptanalysts due to weaknesses in the algorithm design, but this marks the first time researchers were actually able to demonstrate a real-world example of the insecurity. In addition to being a powerful Proof of Concept (POC), the computing power that went into...

Read More
Close tooltip