Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

A Guided Tour of the Data Facebook Uses to Target Ads

Last week, Pew released the results of a survey investigating how users understand Facebook’s data collection practices and how they react when shown what the platform thinks it knows about them. The upshot is that 74% of users weren’t aware that Facebook assembles lists of their interests and traits. 88% of respondents were assigned “categories” for advertising, which could include racial or ethnic “affinities” and political leanings. 58% of those users were “not comfortable” with the...

Read More

Detecting Ghosts By Reverse Engineering: Who Ya Gonna Call?

This article was first published on Lawfare.

The most recent purportedly serious proposal by a Western government to force technology companies to provide access to the content of encrypted communications comes from Ian Levy and Crispin Robinson of the Government Communications Headquarters, or GCHQ, the U.K.’s equivalent of the National Security Agency. Cryptography luminaries such as Susan Landau, Matt Green, and Bruce Schneier have published detailed critiques of this...

Read More

(Don't) Return to Sender: How to Protect Yourself From Email Tracking

Tracking is everywhere on the Internet. Over the past year, a drumbeat of tech-industry scandals has acclimated users to the sheer number of ways that personal information can be collected and leaked. As a result, it might not come as a surprise to learn that emails, too, can be vectors for tracking. Email senders can monitor who opens which emails, when, and what device they use to do it. If you work for a business or a non-profit that sends mass emails, maybe you’ve used tools to...

Read More

From Encrypting the Web to Encrypting the Net: A Technical Deep Dive on Using Certbot to Secure your Mailserver

We’ve come a long way since we launched Encrypt the Web, our initiative to onboard the World Wide Web to HTTPS. Not only has Let’s Encrypt issued over 380 million certificates, but also nearly 85% of page loads in the United States are over HTTPS, and both figures are still on an upward trajectory.

However, TLS, the technology that helps to secure HTTP connections, can and should be used to protect all Internet communications—not just the HTTP protocol used to fetch webpages....

Read More

Data Privacy Scandals and Public Policy Picking Up Speed: 2018 in Review

2018 may be remembered as the Year of the Facebook Scandal, and rightly so. The Cambridge Analytica fiasco, Mark Zuckerberg’s congressional testimony, a massive hack, and revelations of corporate smear campaigns were only the tip of the iceberg. But many more companies mishandled consumer privacy in 2018, too. From the Strava heatmap exposing military locations in January to the gigantic Marriot hack discovered in November, companies across Silicon Valley and beyond made big mistakes with...

Read More

Where Governments Hack Their Own People and People Fight Back: 2018 in Review

Throughout 2018, new surveillance practices continued to erode the privacy of people in Latin America. Yet local and regional digital rights organizations continue to push back with strategic litigation, journalists and security researchers investigate to shed light on government use of malware, and local activists work tirelessly to fight overarching surveillance laws and practices across the region.

Brazil: Secretly Tracking 600,000 Subway Riders

In a win for privacy, the...

Read More

Where Governments Hack Their Own People and People Fight Back: 2018 in Review

Throughout 2018, new surveillance practices continued to erode the privacy of people in Latin America. Yet local and regional digital rights organizations continue to push back with strategic litigation, journalists and security researchers investigate to shed light on government use of malware, and local activists work tirelessly to fight overarching surveillance laws and practices across the region.

Brazil: Secretly Tracking 600,000 Subway Riders

In a win for privacy, the...

Read More

From Encrypting the Web to Encrypting the Net: 2018 Year in Review

We saw 2017 tip the scales for HTTPS. In 2018, web encryption continues to improve. EFF has begun to shift its focus towards email security, and the security community is shifting its focus towards further hardening TLS, the protocol that drives encryption on the Internet.

By default, all Internet traffic is unencrypted and subject to tampering, including HTTP. A technology called TLS (Transport Layer Security) can provide authenticated encryption and message integrity so no one...

Read More

Pushing Back Against Backdoors: 2018 Year in Review

This wasn’t a great year for those of us whose job it is to defend the use of encryption.

In the United States, we heard law enforcement officials go on about the same “going dark” problem they’ve been citing since the late 90s, but even after all these years, they still can’t get basic facts straight. The National Academy of Sciences was entirely (and unsurprisingly) unhelpful. And in the courts, there was at least some action surrounding encryption, but we don’t know exactly...

Read More

Year in Review: Airport Surveillance Takes Off in a New, Dangerous Direction

In 2018, we learned that expanded biometric surveillance is coming to an airport near you. This includes face recognition, iris scans, and fingerprints. And government agencies aren’t saying anything about how they will protect this highly sensitive information.

This fall, the Transportation Security Administration (TSA) published their Biometrics Roadmap for Aviation Security and the Passenger Experience, detailing plans to work with Customs and Border Protection...

Read More

Before and After: What We Learned About the Hemisphere Program After Suing the DEA

As the year draws to a close, so has EFF’s long-running Freedom of Information Act lawsuit against the Drug Enforcement Agency about the mass phone surveillance program infamously known as “Hemisphere.”

We won our case and freed up tons of records. (So did the Electronic Privacy Information Center.) The government, on the other hand, only succeeded in dragging out the fake secrecy.

In late 2013, right as the world was already reeling from the Snowden revelations, the New...

Read More

Who Has Your Back in Colombia? Fourth-Annual Report Fuels Progress and Asks For More

Fundación Karisma, Colombia’s leading digital rights organization, just launched its fourth annual ¿Dónde Estan Mis Datos? report in collaboration with EFF. The results are even more encouraging than the ones seen in 2017, with significant improvement in transparency - five companies published transparency reports, and four publicly explained their procedures around government blocking requests. Every company in the report showed progress from 2017, though there remains work to be...

Read More

How HTTPS Everywhere Keeps Protecting Users On An Increasingly Encrypted Web

Way back in 2010, we launched our popular browser extension HTTPS Everywhere as part of our effort to encrypt the web. At the time, the need for HTTPS Everywhere to protect browsing sessions was as obvious as the threats were ever-present. The threats may not be as clear now, but HTTPS Everywhere is still as important to users as ever.In 2010, HTTPS Everywhere was a novel extension. It allowed users to automatically use the secure version of websites that offered both insecure HTTP and...

Read More

TSA’s Roadmap for Airport Surveillance Moves in a Dangerous Direction

The Transportation Security Administration has set out an alarming vision of pervasive biometric surveillance at airports, which cuts against the right to privacy, the “right to travel,” and the right to anonymous association with others.

The FAA Reauthorization Act of 2018, which included language that we warned would provide implied Congressional endorsement to biometric screening of domestic travelers and U.S. citizens, became law in early October. The ink wasn’t even dry on...

Read More

New Documents Show That Facebook Has Never Deserved Your Trust

Another week, another set of reminders that, while Facebook likes to paint itself as an “optimistic” company that’s simply out to help users and connect the world, the reality is very different.  This week, those reminders include a collection of newly released documents suggesting that the company adopted a host of features and policies even though it knew those choices would harm users and undermine innovation.

Yesterday, a member of the United Kingdom’s Parliament published a...

Read More

Securing The Institutions We Rely On: A Grassroots Case Study

Grassroots digital rights organizing has many faces, including that of hands-on hardware hacking in an Ivy League institution. Yale Privacy Lab is a member of the Electronic Frontier Alliance, a network of community and student groups advocating for digital rights in local communities. For Yale Privacy Lab, activism means taking the academic principles behind Internet security and privacy out of the classroom and into the real world, one hacking tutorial or digital self-defense workshop...

Read More

EFF Asks Court to Unseal Secret Docket in Case Involving Wiretap of Encrypted Facebook Messenger Calls

EFF joined an effort to unseal court records today in a groundbreaking case where the government reportedly tried to force Facebook to compromise the encryption in Facebook Messenger voice calls. Earlier this year, Reuters reported that the government sought the company’s assistance in carrying out a wiretap and intercepting Messenger calls in connection with the investigation of suspected MS-13 gang activity. Although later reports indicated that the court ruled Facebook did not have to...

Read More

‘The End of Trust’ – On Sale in Bookstores and Free to Download Now!

Do you need some stimulating reading material for this long holiday weekend? Here’s a great option: the latest issue of Timothy McSweeney’s Quarterly Concern, The End of Trust. This is a collection of essays and interviews about technology, privacy, and surveillance, featuring many EFF authors—including EFF Executive Director Cindy Cohn, Special Advisor Cory Doctorow, and board member Bruce Schneier.

The End of Trust is on sale online and in bookstores now, but...

Read More

What To Do If Your Account Was Caught in the Facebook Breach

Keeping up with Facebook privacy scandals is basically a full-time job these days. Two weeks ago, it announced a massive breach with scant details. Then, this past Friday, Facebook released more information, revising earlier estimates about the number of affected users and outlining exactly what types of user data were accessed. Here are the key details you need to know, as well as recommendations about what to do if your account was affected.

30 Million Accounts Affected... Read More

The Google+ Bug Is More About The Cover-Up Than The Crime

Earlier this week, Google dropped a bombshell: in March, the company discovered a “bug” in its Google+ API that allowed third-party apps to access private data from its millions of users. The company confirmed that at least 500,000 people were “potentially affected.”

Google’s mishandling of data was bad. But its mishandling of the aftermath was worse. Google should have told the public as soon as it knew something was wrong, giving users a chance to protect themselves and...

Read More

Privacy Badger Now Fights More Sneaky Google Tracking

With its latest update, Privacy Badger now fights “link tracking” in a number of Google products.

Link tracking allows a company to follow you whenever you click on a link to leave its website. Earlier this year, EFF rolled out a Privacy Badger update targeting Facebook’s use of this practice. As it turns out, Google performs the same style of tracking, both in web search and, more concerning, in spaces for private conversation like Hangouts and comments on Google Docs....

Read More

The Devil Is in The Details Of Project Verify’s Goal To Eliminate Passwords

A coalition of the four largest U.S. wireless providers calling itself the Mobile Authentication Taskforce recently announced an initiative named Project Verify. This project would let users log in to apps and websites with their phone instead of a password, or serve as an alternative to multi-factor authentication methods such as SMS or hardware tokens.

Any work to find a more secure and user-friendly solution than passwords is worthwhile. However, the devil is always in the...

Read More

Facebook Data Breach Affects At Least 50 Million Users

If you found yourself logged out of Facebook this morning, you were in good company. Facebook forced more than 90 million Facebook users to log out and back into their accounts Friday morning in response to a massive data breach.

According to Facebook’s announcement, it detected earlier this week that attackers had hacked a feature of Facebook that could allow them to take over at least 50 million user accounts. At this point, information is scant: Facebook does not know who’s...

Read More

You Gave Facebook Your Number For Security. They Used It For Ads.

Add “a phone number I never gave Facebook for targeted advertising” to the list of deceptive and invasive ways Facebook makes money off your personal information. Contrary to user expectations and Facebook representatives’ own previous statements, the company has been using contact information that users explicitly provided for security purposes—or that users never provided at all—for targeted advertising.

A group of academic researchers from Northeastern University and...

Read More

Facebook Warns Memphis Police: No More Fake “Bob Smith” Accounts

Facebook has a problem: an infestation of undercover cops. Despite the social platform’s explicit rules that the use of fake profiles by anyone—police included—is a violation of terms of service, the issue proliferates. While the scope is difficult to measure, EFF has identified scores of agencies who maintain policies that explicitly flout these rules.

Hopefully—and perhaps this is overly optimistic—this is about to change, with a new warning Facebook has sent to the Memphis...

Read More
Close tooltip