Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

DOJ and FBI Show No Signs of Correcting Past Untruths in Their New Attacks on Encryption

Last week, Attorney General William Barr and FBI Director Christopher Wray chose to spend some of their time giving speeches demonizing encryption and calling for the creation of backdoors to allow the government access to encrypted data. You should not spend any of your time listening to them. 

Don’t be mistaken; the threat to encryption remains high. Australia and the United Kingdom already have laws in place that can enable those governments to undermine encryption, while other...

Read More

Building Community in Brooklyn: A Grassroots Case Study

Grassroots-level organizing has long been an important tool for advancing policy goals and activating a constituency. More importantly, local organizing can provide an avenue through which the skills and knowledge of some are leveraged to support the previously-unmet needs of the wider community. 

As a member of the Electronic Frontier Alliance—a network of independent local advocacy groups in the U.S.—The Cypurr Collective is offering down-to-earth tech guidance to their neighbors...

Read More

Fixed? The FTC Orders Facebook to Stop Using Your 2FA Number for Ads

Facebooks thumbs up thumbs down

Since academics and investigative journalists first reported last year that Facebook was using people’s two-factor authentication numbers and “shadow” contact information for targeted advertising, Facebook has shown little public interest in fixing this critical problem. Subsequent demands that Facebook stop all non-essential uses of these phone numbers, and public revelations that Facebook’s phone number abuse was even worse than initially reported, failed to move the company to...

Read More

Adblocking: How About Nah?

For more than a decade, consumer rights groups (including EFF) worked with technologists and companies to try to standardize Do Not Track, a flag that browsers could send to online companies signaling that their users did not want their browsing activity tracked. Despite long hours and backing from the FTC, foot-dragging from the browser vendors and outright hostility from the big online media companies mean that setting Do Not Track in your browser does virtually nothing to protect your...

Read More

Thank Q, Next

In its next release, Android plans to up its privacy game. But the operating system still caters to ad trackers at its users’ expense.

The newest release of Android, dubbed “Q,” is currently in late-stage beta testing and slated for a full release this summer. After a year defined by new privacy protections around the world and major privacy failures by Big Tech, this year, Google is trying to convince users that it is serious about “protecting their information.” The word...

Read More

When Will We Get the Full Truth About How and Why the Government Is Using Face Recognition?

Facial Recognition Banner

Earlier this month, the House Committee on Homeland Security held a hearing to discuss the role of face recognition and other invasive biometric technologies in use by the Department of Homeland Security (DHS). Despite some pushback from some lawmakers on the committee, John Wagner of the U.S. Customs and Border Protection (CBP), Austin Gould of the Transportation Security Administration (TSA), Joseph DiPietro of the Secret Service, and Charles Romine from the National Institute of...

Read More

New Chilean ¿Quién Defiende Tus Datos? Report Shows Greater ISPs Commitment to User Privacy

Derechos Digitales, the leading digital rights organization in Chile, published its third annual Who Defends Your Data report today, in collaboration with EFF. The report assesses whether the country’s top ISPs enforce privacy policies and practices that put their users first. Kurt Opsahl, EFF’s Deputy Executive Director and General Counsel, joined the launch in Santiago de Chile, which highlighted the main findings and achievements of the report.

ISPs have made...

Read More

Don’t Let Encrypted Messaging Become a Hollow Promise

Why do we care about encryption? Why was it a big deal, at least in theory, when Mark Zuckerberg announced earlier this year that Facebook would move to end-to-end encryption on all three of its messaging platforms? We don’t just support encryption for its own sake. We fight for it because encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world.

And although encryption may be the backbone,...

Read More

Sharpening Our Claws: Teaching Privacy Badger to Fight More Third-Party Trackers

The latest release of Privacy Badger gives it the power to detect and block a new class of evasive, pervasive third-party trackers, including Google Analytics.

Most blocking tools, like uBlock Origin, Ghostery, and Firefox’s native blocking mode (using Disconect’s block lists), use human-curated lists to decide whether to block or allow third-party resources. But Privacy Badger is different. Rather than rely on a list of known trackers, it discovers and learns to block new...

Read More

Announcing “Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks”

IMSI-Catchers Exploit Cell Networks

Our phones hold a plethora of important, private information about our personal lives, and it’s not just their contents that matter: the data that our phones exchange with cell towers during basic connection procedures can reveal critical, and private, information. Perhaps you called the suicide prevention hotline from the Golden Gate Bridge; maybe you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and...

Read More

Again!? The NSA’s Phone Records Program Still Can’t Stay Within the Law

Just as the Trump administration has signaled its interest in a permanent “clean” reauthorization  of the Patriot Act’s phone surveillance provision, the NSA proves once again that it is not to be trusted with these tools. New documents obtained by the ACLU and reported in the Wall Street Journal have revealed that last year the NSA once again collected phone records of Americans that it was not authorized to obtain.

The NSA collected Information, including who phone-users were...

Read More

What You Need to Know About the Latest WhatsApp Vulnerability

Security

If you are one of WhatsApp’s billion-plus users, you may have read that on Monday the company announced that it had found a vulnerability. This vulnerability allowed an attacker to remotely upload malicious code onto a phone by sending packets of data that look like phone calls from a number not in your contacts list. These repeated calls then cause WhatsApp to crash. This is a particularly scary vulnerability because the does not require that the user pick up the phone, click a link,...

Read More

Shareholders Demand To Know How Northrop Grumman Will Protect Human Rights While Building Massive DHS Database

Biometrics HART

Over the next few years, the Department of Homeland Security (DHS) plans to implement an enormous biometric collection program which will endanger the rights of citizens and foreigners alike. The agency intends to collect at least seven types of biometric identifiers, including face and voice data, DNA, scars, and tattoos, often from questionable sources, and from innocent people.

But DHS isn’t building all of the technology: Northrop Grumman, a defense contractor, won the nearly...

Read More

Human Rights Watch Reverse-Engineers Mass Surveillance App Used by Police in Xinjiang

China Spying

For years, Xinjiang has been a testbed for the Chinese government’s novel digital and physical surveillance tactics, as well as human rights abuses. But there is still a lot that the international human rights community doesn’t know, especially when it comes to post-2016 Xinjiang.

Last Wednesday, Human Rights Watch released a report detailing the inner workings of a mass surveillance app used by police and other officials. The application is used by offiicals to communicate with...

Read More

We Got U.S. Border Officials to Testify Under Oath. Here’s What We Found Out

This is a guest post by Hugh Handeyside, Senior Staff Attorney, ACLU National Security Project, Nathan Freed Wessler, Staff Attorney, ACLU Speech, Privacy, and Technology Project, and Esha Bhandari, Staff Attorney, ACLU Speech, Privacy, and Technology Project. It was originally posted on the ACLU Speak Freely blog.

In September 2017, we, along with the Electronic Frontier Foundation, sued the federal government for its warrantless and suspicionless searches of phones and...

Read More

Skip the Surveillance By Opting Out of Face Recognition At Airports

Image of face outline put together with several lines. Very cyberpunk.

Government agencies and airlines have ignored years of warnings from privacy groups and Senators that using face recognition technology on travelers would massively violate their privacy. Now, the passengers are in revolt as well, and they’re demanding answers.

Last week, a lengthy exchange on Twitter between a traveler who was concerned about her privacy and a spokesperson for the airline JetBlue went viral, and many of the questions asked by the traveler and others were the same...

Read More

Google's Sensorvault Can Tell Police Where You've Been

Locational Privacy Urban

Do you know where you were five years ago? Did you have an Android phone at the time? It turns out Google might know—and it might be telling law enforcement.

In a new article, the New York Times details a little-known technique increasingly used by law enforcement to figure out everyone who might have been within certain geographic areas during specific time periods in the past. The technique relies on detailed location data collected by Google from most Android devices as...

Read More

The Ecuadorean Authorities Have No Reason to Detain Free Software Developer Ola Bini

Hours after the ejection of Julian Assange from the London Ecuadorean embassy last week, police officers in Ecuador detained the Swedish citizen and open source developer Ola Bini. They seized him as he prepared to travel from his home in Quito to Japan, claiming that he was attempting to flee the country in the wake of Assange’s arrest. Bini had, in fact, booked the vacation long ago, and had publicly mentioned it on his twitter account before Assange was arrested.

Ola’s detention...

Read More

The Ecuadorean Authorities Have No Reason to Detain Free Software Developer Ola Bini

Hours after the ejection of Julian Assange from the London Ecuadorean embassy last week, police officers in Ecuador detained the Swedish citizen and open source developer Ola Bini. They seized him as he prepared to travel from his home in Quito to Japan, claiming that he was attempting to flee the country in the wake of Assange’s arrest. Bini had, in fact, booked the vacation long ago, and had publicly mentioned it on his twitter account before Assange was arrested.

Ola’s detention...

Read More

Facebook Got Caught Phishing For Friends

Zuckerberg Facebook

Once again, Facebook is in the news for bad security practices, dark design patterns, and secretly reappropriating sensitive data meant for “authentication” to its own ends. Incredibly, this time, the company managed to accomplish all three in one fell swoop.

What happened?

Last weekend, news broke that Facebook has been demanding some new users enter their email passwords in order to sign up for an account on the site. First publicized by cybersecurity specialist e-sushi on...

Read More

Who Defends Your Data? Report Reveals Peruvian ISPs Progress on User Privacy, Still Room for Improvement

QDTD banner 2019

Hiperderecho, the leading digital rights organization in Peru, in collaboration with the Electronic Frontier Foundation, today launched its second ¿Quien Defiende Tus Datos? (Who Defends Your Data?), an evaluation of the privacy practices of the Internet Service Providers (ISPs) that millions of Peruvians use every day.  This year's results are more encouraging than those in 2015's report, with Telefonica's Movistar making significant improvement in its privacy policy,...

Read More

Here’s Why You Can’t Trust What Cops and Companies Claim About Automated License Plate Readers

Emails Prove ICE Could Access Data from Orange County Shopping Malls, Despite the Companies' Denials

In response to an ACLU report on how law enforcement agencies share information collected by automated license plate readers (ALPRs) with Immigration and Customs Enforcement, officials have been quick to deny and obfuscate despite documentary evidence obtained directly from ICE itself through a Freedom of Information Act lawsuit

Let’s be clear: you can’t trust what ALPR...

Read More

A Privacy-Focused Facebook? We'll Believe It When We See It.

Zuckerberg Facebook

In his latest announcement, Facebook CEO Mark Zuckerberg embraces privacy and security fundamentals like end-to-end encrypted messaging. But announcing a plan is one thing. Implementing it is entirely another. And for those reading between the lines of Zuckerberg’s pivot-to-privacy manifesto, it’s clear that this isn’t just about privacy. It’s also about competition.

The Proof is in the Pudding

At the core of Zuckerberg’s announcement is Facebook’s plan to merge its three...

Read More

Facebook Doubles Down On Misusing Your Phone Number

When we publicly demanded that Facebook stop messing with users’ phone numbers last week, we weren’t expecting the social network to double down quite like this: By default, anyone can use the phone number that a user provides for two-factor authentication (2FA) to find that user’s profile. For people who need 2FA to protect their account and stay safe, Facebook is forcing them into unnecessarily choosing between security and privacy.

While settings are available to choose...

Read More

Massive Database Leak Gives Us a Window into China’s Digital Surveillance State

China Spying

Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century.

Xinjiang is China’s largest province, and home to China’s Uighurs, a Turkic minority group. Here, the Chinese government has implemented a testbed police state where an estimated 1 million individuals from these minority...

Read More
Close tooltip