Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

From Tunis to Minneapolis—and Beyond—Social Media Keeps Us Connected

In January 2011, after hearing about the unrest unfolding in Sidi Bouzid, Tunisian blogger Lina Ben Mhenni (who passed away in January of this year from a chronic illness) began traveling around the country to document the nascent protests and the government’s response to them.

“There are no journalists doing this,” she told Newsweek at the time. “And moreover, the official media started to tell lies about what was happening.”

Despite widespread censorship and...

Read More

Black Lives Matter, Online and in the Streets: Statement from EFF in the Wake of the Police Killings of Breonna Taylor and George Floyd

Protesters and police. Photo by Rose Pineda

Black lives matter on the streets. Black lives matter on the Internet. 

EFF stands with the communities mourning the victims of police homicide. We stand with the protesters who are plowed down by patrol cars. We stand with the journalists placed in handcuffs or fired upon while reporting these atrocities. And we stand with all those using their cameras, phones and digital tools to make sure we cannot turn away from the truth.

There is no doubt that we are in deeply troubled...

Read More

Black Lives Matter, Online and in the Streets: Statement from EFF in the Wake of the Police Killings of Breonna Taylor and George Floyd

Protesters and police. Photo by Rose Pineda

Black lives matter on the streets. Black lives matter on the Internet. 

EFF stands with the communities mourning the victims of police homicide. We stand with the protesters who are plowed down by patrol cars. We stand with the journalists placed in handcuffs or fired upon while reporting these atrocities. And we stand with all those using their cameras, phones and digital tools to make sure we cannot turn away from the truth.

There is no doubt that we are in deeply troubled...

Read More

Watch EFF Cybersecurity Director Eva Galperin's TED Talk About Stalkerware

Eva Galperin at TED

Stalkers and abusive partners want access to your device for the same reason governments and advertisers do: because “full access to a person's phone is the next best thing to full access to a person's mind,” as EFF Director of Cybersecurity Eva Galperin explains in her TED talk on “stalkerware” and her efforts to end the abuse this malicious software enables.

... Read More

COVID-19 Patients’ Right to Privacy Against Quarantine Surveillance

An array of laptops, each of which has a virus icon, except one which has a surveillance icon

Governments around the world are using surveillance technologies to monitor whether COVID-19 patients are complying with instructions to quarantine at home. These include GPS ankle shackles, phone apps that track location, and phone apps that require patients to periodically take quarantine selfies and send them to government monitors.

All of these surveillance technologies burden fundamental rights. And they can harm public health, by discouraging people from getting tested. No...

Read More

Cryptoparty Ann Arbor: A Case Study in Grassroots Activism

Network

Grassroots activism, in its many forms, allows a community to mobilize around a shared set of ideals and creates an environment whereby participants can share information and resources to help facilitate the advancement of their common aims.

The Electronic Frontier Alliance (EFA) is a grassroots network of community and campus organizations, unified by a commitment to upholding the principles of the EFA: privacy, free expression, access to knowledge, creativity, and...

Read More

Keeping Each Other Safe When Virtually Organizing Mutual Aid

laptops in an array, each with a virus icon, except one, which has an free speech (bullhorn) icon

Communities across the country are stepping up to self-organize mutual aid groups, uniting virtually to offer and coordinate support to those who are in need. In solidarity with the need for physical distancing, many people are organizing online using Google spreadsheets, Google forms, public posts on Twitter and Facebook, and private messages on social media platforms. 

There is great beauty and power in this support, but it also puts security concerns in the spotlight: overlooked...

Read More

What You Should Know About Online Tools During the COVID-19 Crisis

crossed keys security icon banner

A greater portion of the world’s work, organizing, and care-giving is moving onto digital platforms and tools that facilitate connection and productivity: video conferencing, messaging apps, healthcare and educational platforms, and more. It’s important to be aware of the ways these tools may impact your digital privacy and security during the COVID-19 crisis.

Here are a few things you should know in order to make informed decisions about what works best for you and your...

Read More

Phishing in the Time of COVID-19: How to Recognize Malicious Coronavirus Phishing Scams

Spearphishing

Update 3-26-20: A new prevalent example of Android Spyware that leverages COVID-19 as a way to deliver their malicious product has been reported by researchers at Lookout. This particular malware, called "corona live 1.1.", comes out of Libya and seems to mostly be targeting Libyan citizens. Like other examples listed below, it uses the same COVID-19 dashboard developed by Johns Hopkins University.

For malicious people, preying on collective fear and misinformation is...

Read More

Unchecked Smart Cities are Surveillance Cities. What We Need are Smart Enough Cities.

Locational Privacy
We can have beautiful cities without turning our cities into surveillance cities.

Cities across the U.S. are forcing operators of shared bikes and scooters to use dangerous and privacy invasive APIs developed by the Los Angeles Department of Transportation. These APIs—collectively called the “mobility data specification,” or MDS—require that operators share granular location data on every trip taken. The location data that cities are demanding is incredibly sensitive and...

Read More

Tattoo Recognition Score Card: How Institutions Handled Unethical Biometric Surveillance Dataset

In response to an EFF campaign started last year, roughly a third  of institutions that we believe requested problematic and exploitive data as part of a government automated tattoo recognition challenge deleted the data or reported that they had never received or used it.

EFF has long been concerned with the many problems associated with efforts to use automated tattoo recognition, a form of biometric surveillance similar to face recognition that can use your body art to reveal...

Read More

Victory: Android 11 Rolls out Improved Certificate Warnings

Security

Now that HTTPS encrypts over 80% of web connections, powerful actors are targeting root certificate stores to compromise our security and surveil us. In the past year alone, that’s included a “market research” company secretly owned by Facebook and the government of Kazakhstan.

Forcing users to install a root certificate enables the certificate owner to decrypt almost all their Internet traffic. This capability is allowed primarily for enterprise network monitoring, and is...

Read More

Tech Lobbyists Are Pushing Bad Privacy Bills. Washington State Can, and Must, Do Better.

A data privacy bill in Washington State has gained momentum. The bill, 2SSB 6281 (also known as the Washington Privacy Act, or WPA), has received widespread support from big tech companies. It’s no wonder they like it because, as currently written, the WPA would be a weak, token effort at reining in corporations’ rampant misuse of personal data.

The WPA didn’t come from nowhere, and it didn’t come alone. A number of industry-friendly groups have...

Read More

The Graham-Blumenthal Bill: A New Path for DOJ to Finally Break Encryption

The Graham-Blumenthal bill is anti-speech, anti-security, and anti-innovation.

Members of Congress are about to introduce a bill that will undermine the law that undergirds free speech on the Internet. If passed, the bill known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, will fulfill a long-standing dream of U.S. law enforcement. If passed, it could largely mark the end of private, encrypted messaging on the Internet.

The Department of Justice and the FBI have long seen encryption as a threat. In 1993, the Clinton...

Read More

Hundreds of New Yorkers Demand a Ban on NYPD Face Surveillance

This image shows a person's face with layers of pixelation throughout.

Over two hundred New York City residents—including workers, parents, students, business owners, and technologists—have signed a petition calling to end government use of face surveillance in New York City. This morning, EFF and a coalition of over a dozen civil liberties groups delivered that petition to New York's City Council.

In the letter accompanying the petition, the groups commend the City Council members (more than thirty of them) that have signed on as cosponsors of the...

Read More

Schools Are Pushing the Boundaries of Surveillance Technologies

Learn more at EFF's Surveillance Self-Defense guide for students.

A school district in New York recently adopted facial recognition technology to monitor students, and it is now one of a growing number of schools across the country conducting mass privacy violations of kids in the name of “safety.” The invasive use of surveillance technologies in schools has grown exponentially, often without oversight or recourse for concerned students or their parents.

Not only...

Read More

How Ring Could Really Protect Its Users: Encrypt Footage End-To-End

The shadow of a police officer looms in front of a Ring device on a closed door.

Last week, we responded to recent changes Amazon’s surveillance doorbell company Ring made to the security and privacy of their devices. In our response, we made a number of suggestions for what Ring could do to be responsive to the privacy and security concerns of its customers and the larger community. One of our suggestions was for Ring to implement measures that require warrants to be issued directly to device owners in order for law enforcement to gain access to footage. This post...

Read More

EFF to Ninth Circuit: Border Searches of Electronic Devices Require a Warrant

Although the Ninth Circuit issued a strong opinion last year in favor of digital privacy rights at the border, EFF filed an amicus brief [PDF] in a new case urging the court to go a step further. The Ninth Circuit should finally hold that the Fourth Amendment requires a probable cause warrant for border searches of electronic devices.

Our brief was filed in a case brought by Haisam Elsharkawi, a U.S. citizen who attempted to board a flight at Los Angeles International Airport to...

Read More

Ring Updates Device Security and Privacy—But Ignores Larger Concerns

The shadow of a police officer looms in front of a Ring device on a closed door.

Amazon’s surveillance doorbell company Ring has announced extra layers of security and control for users after a wave of backlash from civil liberties and cyber security organizations like EFF and Mozilla. Organizations raised major concerns over Ring’s lack of effort in protecting the data and security of users, including permitting multiple log-in attempts that allowed bad actors to take control of people’s Ring cameras; not requiring two-factor authentication; and allowing a number of...

Read More

What to Know Before You Buy or Install Your Amazon Ring Camera

The shadow of a police officer looms in front of a Ring device on a closed door.

So, you own or are thinking of buying a Ring camera. This post outlines a list of privacy and civil liberties concerns we have with Amazon’s Ring system so that you can be a more informed consumer, or—if you already own a Ring camera—be a more considerate neighbor.

 If You’re Thinking of Buying a Ring Camera 1. You are not the only one who can access your footage.

Your Ring footage isn’t private. It’s in the cloud. That means that you are not the only one with...

Read More

Clearview AI—Yet Another Example of Why We Need A Ban on Law Enforcement Use of Face Recognition Now

Image of face outline put together with several lines. Very cyberpunk.

This week, additional stories came out about Clearview AI, the company we wrote about earlier that’s marketing a powerful facial recognition tool to law enforcement. These stories discuss some of the police departments around the country that have been secretly using Clearview’s technology, and they show, yet again, why we need strict federal, state, and local laws that ban—or at least press pause—on law enforcement use of face recognition.

Clearview’s service allows law...

Read More

New Bill Would Make Needed Steps Toward Curbing Mass Surveillance

The Safeguarding Americans’ Private Records Act is a Strong Bill That Builds on Previous Surveillance Reforms

Last week, Sens. Ron Wyden (D–Oregon) and Steve Daines (R–Montana) along with Reps. Zoe Lofgren (D–California), Warren Davidson (R–Ohio), and Pramila Jayapal (D–Washington) introduced the Safeguarding Americans’ Private Records Act (SAPRA), H.R 5675. This bipartisan legislation includes significant reforms to the government’s foreign intelligence surveillance authorities,...

Read More

Why Public Wi-Fi is a Lot Safer Than You Think

If you follow security on the Internet, you may have seen articles warning you to “beware of public Wi-Fi networks" in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was.

The advice stems from the early days of the Internet, when most communication was not encrypted. At that time, if...

Read More

Ring Doorbell App Packed with Third-Party Trackers

The shadow of a police officer looms in front of a Ring device on a closed door.

Ring isn't just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers.

An investigation by EFF of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII). Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent...

Read More

Iranian Tech Users Are Getting Knocked Off the Web by Ambiguous Sanctions

EFF Cat Speaking Freely

Between targeted killings, retaliatory air strikes, and the shooting of a civilian passenger plane, the last few weeks have been marked by tragedy as tensions rise between the U.S. and Iranian governments. In the wake of these events, Iranians within the country and in the broader diaspora have suffered further from actions by both administrations—including violence and lethal force against protesters and internet shutdowns in Iran, as well as detention, surveillance and device seizure at...

Read More
Close tooltip