Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

Who Has Your Back in Colombia? Fourth-Annual Report Fuels Progress and Asks For More

Fundación Karisma, Colombia’s leading digital rights organization, just launched its fourth annual ¿Dónde Estan Mis Datos? report in collaboration with EFF. The results are even more encouraging than the ones seen in 2017, with significant improvement in transparency - five companies published transparency reports, and four publicly explained their procedures around government blocking requests. Every company in the report showed progress from 2017, though there remains work to be...

Read More

How HTTPS Everywhere Keeps Protecting Users On An Increasingly Encrypted Web

Way back in 2010, we launched our popular browser extension HTTPS Everywhere as part of our effort to encrypt the web. At the time, the need for HTTPS Everywhere to protect browsing sessions was as obvious as the threats were ever-present. The threats may not be as clear now, but HTTPS Everywhere is still as important to users as ever.In 2010, HTTPS Everywhere was a novel extension. It allowed users to automatically use the secure version of websites that offered both insecure HTTP and...

Read More

TSA’s Roadmap for Airport Surveillance Moves in a Dangerous Direction

The Transportation Security Administration has set out an alarming vision of pervasive biometric surveillance at airports, which cuts against the right to privacy, the “right to travel,” and the right to anonymous association with others.

The FAA Reauthorization Act of 2018, which included language that we warned would provide implied Congressional endorsement to biometric screening of domestic travelers and U.S. citizens, became law in early October. The ink wasn’t even dry on...

Read More

New Documents Show That Facebook Has Never Deserved Your Trust

Another week, another set of reminders that, while Facebook likes to paint itself as an “optimistic” company that’s simply out to help users and connect the world, the reality is very different.  This week, those reminders include a collection of newly released documents suggesting that the company adopted a host of features and policies even though it knew those choices would harm users and undermine innovation.

Yesterday, a member of the United Kingdom’s Parliament published a...

Read More

Securing The Institutions We Rely On: A Grassroots Case Study

Grassroots digital rights organizing has many faces, including that of hands-on hardware hacking in an Ivy League institution. Yale Privacy Lab is a member of the Electronic Frontier Alliance, a network of community and student groups advocating for digital rights in local communities. For Yale Privacy Lab, activism means taking the academic principles behind Internet security and privacy out of the classroom and into the real world, one hacking tutorial or digital self-defense workshop...

Read More

EFF Asks Court to Unseal Secret Docket in Case Involving Wiretap of Encrypted Facebook Messenger Calls

EFF joined an effort to unseal court records today in a groundbreaking case where the government reportedly tried to force Facebook to compromise the encryption in Facebook Messenger voice calls. Earlier this year, Reuters reported that the government sought the company’s assistance in carrying out a wiretap and intercepting Messenger calls in connection with the investigation of suspected MS-13 gang activity. Although later reports indicated that the court ruled Facebook did not have to...

Read More

‘The End of Trust’ – On Sale in Bookstores and Free to Download Now!

Do you need some stimulating reading material for this long holiday weekend? Here’s a great option: the latest issue of Timothy McSweeney’s Quarterly Concern, The End of Trust. This is a collection of essays and interviews about technology, privacy, and surveillance, featuring many EFF authors—including EFF Executive Director Cindy Cohn, Special Advisor Cory Doctorow, and board member Bruce Schneier.

The End of Trust is on sale online and in bookstores now, but...

Read More

What To Do If Your Account Was Caught in the Facebook Breach

Keeping up with Facebook privacy scandals is basically a full-time job these days. Two weeks ago, it announced a massive breach with scant details. Then, this past Friday, Facebook released more information, revising earlier estimates about the number of affected users and outlining exactly what types of user data were accessed. Here are the key details you need to know, as well as recommendations about what to do if your account was affected.

30 Million Accounts Affected... Read More

The Google+ Bug Is More About The Cover-Up Than The Crime

Earlier this week, Google dropped a bombshell: in March, the company discovered a “bug” in its Google+ API that allowed third-party apps to access private data from its millions of users. The company confirmed that at least 500,000 people were “potentially affected.”

Google’s mishandling of data was bad. But its mishandling of the aftermath was worse. Google should have told the public as soon as it knew something was wrong, giving users a chance to protect themselves and...

Read More

Privacy Badger Now Fights More Sneaky Google Tracking

With its latest update, Privacy Badger now fights “link tracking” in a number of Google products.

Link tracking allows a company to follow you whenever you click on a link to leave its website. Earlier this year, EFF rolled out a Privacy Badger update targeting Facebook’s use of this practice. As it turns out, Google performs the same style of tracking, both in web search and, more concerning, in spaces for private conversation like Hangouts and comments on Google Docs....

Read More

The Devil Is in The Details Of Project Verify’s Goal To Eliminate Passwords

A coalition of the four largest U.S. wireless providers calling itself the Mobile Authentication Taskforce recently announced an initiative named Project Verify. This project would let users log in to apps and websites with their phone instead of a password, or serve as an alternative to multi-factor authentication methods such as SMS or hardware tokens.

Any work to find a more secure and user-friendly solution than passwords is worthwhile. However, the devil is always in the...

Read More

Facebook Data Breach Affects At Least 50 Million Users

If you found yourself logged out of Facebook this morning, you were in good company. Facebook forced more than 90 million Facebook users to log out and back into their accounts Friday morning in response to a massive data breach.

According to Facebook’s announcement, it detected earlier this week that attackers had hacked a feature of Facebook that could allow them to take over at least 50 million user accounts. At this point, information is scant: Facebook does not know who’s...

Read More

You Gave Facebook Your Number For Security. They Used It For Ads.

Add “a phone number I never gave Facebook for targeted advertising” to the list of deceptive and invasive ways Facebook makes money off your personal information. Contrary to user expectations and Facebook representatives’ own previous statements, the company has been using contact information that users explicitly provided for security purposes—or that users never provided at all—for targeted advertising.

A group of academic researchers from Northeastern University and...

Read More

Facebook Warns Memphis Police: No More Fake “Bob Smith” Accounts

Facebook has a problem: an infestation of undercover cops. Despite the social platform’s explicit rules that the use of fake profiles by anyone—police included—is a violation of terms of service, the issue proliferates. While the scope is difficult to measure, EFF has identified scores of agencies who maintain policies that explicitly flout these rules.

Hopefully—and perhaps this is overly optimistic—this is about to change, with a new warning Facebook has sent to the Memphis...

Read More

ESNI: A Privacy-Protecting Upgrade to HTTPS

Today, the content-delivery network Cloudflare is announcing an experimental deployment of a new web privacy technology called ESNI. We’re excited to see this development, and we look forward to a future where ESNI makes the web more private for all its users.

Over the past several years, we at EFF have been working to encrypt the web. We and our partners have made huge strides to make web browsing safer and more privacy through tools like HTTPS Everywhere and the Let’s Encrypt...

Read More

Microsoft Clears the Air About Fighting CLOUD Act Abuses

Five of the largest U.S. technology companies pledged support this year for a dangerous law that makes our emails, chat logs, online videos and photos vulnerable to warrantless collection by foreign governments.

Now, one of those companies has voiced a meaningful pivot, instead pledging support for its users and their privacy. EFF appreciates this commitment, and urges other companies to do the same.

Microsoft’s long-titled “Six Principles for International Agreements...

Read More

Offline: Activists and Technologists Still Face Grave Threats for Expression

A decade ago, before social media was a widespread phenomenon and blogging was still a nascent activity, it was nearly unthinkable outside of a handful of countries—namely China, Tunisia, Syria, and Iran—to detain citizens for their online activity. Ten years later, the practice has become all too common, and remains on the rise in dozens of countries. In 2017, the Committee to Protect Journalists found that more than seventy percent of imprisoned journalists were arrested for online...

Read More

How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists

Here’s the not-so-secret recipe for strong passphrases: a random element like dice, a long list of words, and math. And as long as you have the first two, the third takes care of itself. All together, this adds up to diceware, a simple but powerful method to create a passphrase that even the most sophisticated computer could take at least thousands of years to guess. 

In short, diceware involves rolling a series of dice to get a number, and then matching that number to...

Read More

Back to School Essentials for Security

Going back to school? This is a perfect time for a digital security refresh to ensure the privacy of you and your friends is protected!

It’s a good time to change your passwords. The best practice is to have passwords that are unique, long, and random. In order to keep track of these unique, long and random passwords, consider downloading a password manager.

As a great additional measure: You can add login notifications to your...

Read More

Trust Us, We’re Secretly Working for a Foreign Government: How Australia’s Proposed Surveillance Laws Will Break The Trust Tech Depends On

In the last few years, we’ve discovered just how much trust — whether we like it or not — we have all been obliged to place in modern technology. Third-party software, of unknown composition and security, runs on everything around us: from the phones we carry around, to the smart devices with microphones and cameras in our homes and offices, to voting machines, to critical infrastructure. The insecurity of much of that technology, and increasingly discomforting motives of the tech giants...

Read More

Trust Us, We’re Secretly Working for a Foreign Government: How Australia’s Proposed Surveillance Laws Will Break The Trust Tech Depends On

In the last few years, we’ve discovered just how much trust — whether we like it or not — we have all been obliged to place in modern technology. Third-party software, of unknown composition and security, runs on everything around us: from the phones we carry around, to the smart devices with microphones and cameras in our homes and offices, to voting machines, to critical infrastructure. The insecurity of much of that technology, and increasingly discomforting motives of the tech giants...

Read More

Sen. Wyden Confirms Cell-Site Simulators Disrupt Emergency Calls

Sen. Ron Wyden has sent a letter to the U.S. Department of Justice concerning disruptions to 911 emergency services caused by law enforcement’s use of cell-site simulators (CSS, also known as IMSI catchers or Stingrays). In the letter, Sen. Wyden states that:

Senior officials from the Harris Corporation—the manufacturer of the cell-site simulators used most frequently by U.S. law enforcement agencies—have confirmed to my office that Harris’ cell-site simulators completely disrupt...

Read More

Don’t Shoot Messenger

Update (September 28, 2018): Reuters reports that the court has denied the government's request to force Facebook to assist with the wiretap.

Late last week, Reuters reported that Facebook is being asked to “break the encryption” in its Messenger application to assist the Justice Department in wiretapping a suspect's voice calls, and that Facebook is refusing to cooperate. The report alarmed us in light of the government’s ongoing calls for backdoors to...

Read More

Giving Privacy Badger a Jump Start

Giving Privacy Badger a Jump Start: Teaching new Badgers to block from the get-go

When new users try Privacy Badger, they often get confused about why Privacy Badger isn’t blocking anything right away.  But that’s because Privacy Badger learns about trackers as you browse; up until now, it hasn’t been able to block trackers on the first few sites it sees after being installed.

With today’s update,  however, new users won't have to wait to see Privacy Badger in...

Read More

Sextortion Scam: What to Do If You Get the Latest Phishing Spam Demanding Bitcoin

Updated Jan 23rd 2019 to include latest variations on this scam.

You may have arrived at this post because you received an email from a purported hacker who is demanding payment or else they will send compromising information—such as pictures sexual in nature—to all your friends and family. You’re searching for what to do in this frightening situation.

Don’t panic. Contrary to the claims in your email, you haven't been hacked (or at least, that's not what...

Read More
Close tooltip