Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

Video: How the Court System Is Abused to Chill Activist Speech

Icon free speech 1 0

One of the most pernicious forms of censorship in modern America is the abuse of the court system by corporations and wealthy individuals to harass, intimidate, and silence their critics.

We use the term “Strategic Lawsuit Against Public Participation,” more commonly known as a “SLAPP,” to describe this phenomenon.  With a SLAPP, a malicious party will file a lawsuit against a person whose speech is clearly protected by the First Amendment. The strategy isn’t to win on the legal...

Read More

How to Debug Your Content Blocker for Privacy Protection

Laptop spying 0

Millions of users are trying to protect their privacy from commercial tracking online, be it through their choice of browser, installation of ad and tracker blocking extensions, or use of a Virtual Private Network (VPN). This guide focuses on how to correctly configure the blocking extension in your browser to ensure that it's giving you the privacy you expect. We believe that tools work best when you don't have to go under the hood. While there is software which meets that criteria (and...

Read More

Panopticlick 3.0

Panopticlick social 3

Today we’re launching a new version of Panopticlick, an EFF site which audits your browser privacy protection. Conceived to raise awareness about the threat of device fingerprinting, Panopticlick was extended in December 2015 to check for protection against tracking by ads and invisible beacons. This new update adds a test for trackers whitelisted by the so-called "Acceptable Ads" initiative. Acceptable Ads is a program involving the popular adblockers Adblock Plus and Adblock, whereby...

Read More

CBP Reveals How Agents Implement New Policy Not to Access Cloud Content

President Trump’s nominee to be Commissioner of U.S. Customs and Border Protection (CBP), Kevin McAleenan, revealed during his confirmation process how the agency implements its new policy not to access cloud content during border searches of digital devices.

In response to written questions for the record submitted by Sen. Ron Wyden (D-OR) and other members of the Senate Finance Committee, McAleenan explained that in accordance with CBP’s new policy to access only...

Read More

The Safest Conversation You'll Have This Holiday

Icon security 2

Do your friends and family rope you into providing tech support when you're home for the holidays? Use this opportunity to be a digital security hero and rescue your family from tracking cookies, unencrypted disks, insecure chats, and recycled passwords.

Check out EFF’s Security Education Companion for ideas and inspiration. And remember: People learn by doing! Encourage friends and family members to walk through new security concepts and tools with you, and avoid the pitfalls of...

Read More

Announcing the Security Education Companion

Sec og

The need for robust personal digital security is growing every day. From grassroots groups to civil society organizations to individual EFF members, people from across our community are voicing a need for accessible security education materials to share with their friends, neighbors, and colleagues.

We are thrilled to help. Today, EFF has launched the Security Education Companion, a new resource for people who would like to help their communities learn about digital security but...

Read More

Who Has Your Back in Colombia? Our Third-Annual Report Shows Progress

Donde estan 2

Fundación Karisma in cooperation with EFF has released its third-annual ¿Dónde Estan Mis Datos? report, the Colombian version of EFF’s Who Has Your Back. And this year’s report has some good news.   According to the Colombian Ministry of Information and Communication Technologies, broadband Internet penetration in Colombia is well over 50% and growing fast. Like users around the world, Colombians put their most private data, including their online relationships, political, artistic and...

Read More

Who Has Your Back in Colombia? Karisma's Third-Annual Report Shows Progress

Donde estan 2

Fundación Karisma in cooperation with EFF has released its third-annual ¿Dónde Estan Mis Datos? report, the Colombian version of EFF’s Who Has Your Back. And this year’s report has some good news.   According to the Colombian Ministry of Information and Communication Technologies, broadband Internet penetration in Colombia is well over 50% and growing fast. Like users around the world, Colombians put their most private data, including their online relationships, political, artistic and...

Read More

EFF’s Street-Level Surveillance Project Dissects Police Technology

Sls header plain

Step onto any city street and you may find yourself subject to numerous forms of police surveillance—many imperceptible to the human eye.

A cruiser equipped with automated license plate readers (also known as ALPRs) may have just logged where you parked your car. A cell-site simulator may be capturing your cell-phone data incidentally while detectives track a suspect nearby. That speck in the sky may be a drone capturing video of your commute. Police might use face recognition...

Read More

Do Not Track Implementation Guide Launched

Today we are releasing the implementation guide for EFF’s Do Not Track (DNT) policy. For years users have been able to set a Do Not Track signal in their browser, but there has been little guidance for websites as to how to honor that request. EFF’s DNT policy sets out a meaningful response for servers to follow, and this guide provides details about how to apply it in practice.

At its core, DNT protects user privacy by excluding the use of unique identifiers for cross-site...

Read More

DDoS Guide Relaunch: This Halloween, Keep Your Site Safe from Zombie Attacks

Ddos

Keeping Your Site Alive, our guide for keeping your site online amidst a DoS (denial of service) or DDoS (distributed denial of service) attack, now  has a new look and new advice. The guide, originally created and updated in conjunction with the Tactical Technology Collective, is aimed at human rights defenders, independent publications, and other administrators of small websites.

DDoS attacks are a common phenomena, used by a variety of actors, designed to temporarily or...

Read More

KRACK Vulnerability: What You Need To Know

This week security researchers announced a newly discovered vulnerability dubbed KRACK, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. This is a bad vulnerability in that it likely affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time. Yet in light of the sometimes overblown media coverage, it’s important to keep the impact of KRACK in perspective: KRACK does not...

Read More

iOS 11’s Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security

Icon security 1

Turning off your Bluetooth and Wi-Fi radios when you’re not using them is good security practice (not to mention good for your battery usage). When you consider Bluetooth’s known vulnerabilities, it’s especially important to make sure your Bluetooth and Wi-Fi settings are doing what you want them to. The iPhone’s newest operating system, however, makes it harder for users to control these settings.

On an iPhone, users might instinctively swipe up to open Control Center and toggle...

Read More

DHS Should Stop the Social Media Surveillance of Immigrants

UPDATE: EFF joined coalition comments on October 18, 2017 in opposition to the A-File notice.

The U.S. Department of Homeland Security (DHS) last month issued a notice that it is storing social media information on immigrants, including lawful permanent residents and naturalized U.S. citizens, apparently indefinitely, in a government database that contains “Alien Files” (A-Files). This is an invasive new feature of DHS’s previously known programs on collecting social media...

Read More

Phish For the Future

Phishing2b

This report describes “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future. Between July 7th and August 8th of 2017 we observed almost 70 spearphishing attempts against employees of internet freedom NGOs Fight for the Future and Free Press, all coming from the same attackers.

This campaign appears to have been aimed at stealing credentials for various business services...

Read More

Will the Equifax Data Breach Finally Spur the Courts (and Lawmakers) to Recognize Data Harms?

Equifax 4

This summer 143 million Americans had their most sensitive information breached, including their name, addresses, social security numbers (SSNs), and date of birth. The breach occurred at Equifax, one of the three major credit reporting agencies that conducts the credit checks relied on by many industries, including landlords, car lenders, phone and cable service providers, and banks that offer credits cards, checking accounts and mortgages. Misuse of this information can be financially...

Read More

A Guide to Common Types of Two-Factor Authentication on the Web

2fa 1 1 5

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it's becoming much more common across the web. With often just a few clicks in a given account's settings, 2FA adds an extra layer of security to your online accounts on top of your password.

In addition to requesting something you know to log in (in this case, your password), an account protected with 2FA will also request information...

Read More

Attack on CCleaner Highlights the Importance of Securing Downloads and Maintaining User Trust

Some of the most worrying kinds of attacks are ones that exploit users’ trust in the systems and softwares they use every day. Yesterday, Cisco’s Talos security team uncovered just that kind of attack in the computer cleanup software CCleaner. Download servers at Avast, the company that owns CCleaner, had been compromised to distribute malware inside CCleaner 5.33 updates for at least a month. Avast estimates that over 2 million users downloaded the affected update. Even worse, CCleaner’s...

Read More

Security Education: What's New on Surveillance Self-Defense

Since 2014, our digital security guide, Surveillance Self-Defense (SSD), has taught thousands of Internet users how to protect themselves from surveillance, with practical tutorials and advice on the best tools and expert-approved best practices. After hearing growing concerns among activists following the 2016 US presidential election, we pledged to build, update, and expand SSD and our other security education materials to better advise people, both within and outside the United States,...

Read More

Azure Confidential Computing Heralds the Next Generation of Encryption in the Cloud

For years, EFF has commended companies who make cloud applications that encrypt data in transit. But soon, the new gold standard for cloud application encryption will be the cloud provider never having access to the user’s data—not even while performing computations on it.

Microsoft has become the first major cloud provider to offer developers the ability to build their applications on top of Intel’s Software Guard Extensions (SGX) technology, making Azure “the first SGX-capable...

Read More

With iOS 11, More Options to Disable Touch ID Means Better Security

When iOS 11 is released to the public next week, it will bring a new feature with big benefits for user security. Last month, some vigilant Twitter users using the iOS 11 public beta discovered a new way to quickly disable Touch ID by just tapping the power button five times. This is good news for users, particularly those who may be in unpredictable situations with physical security concerns that change over time.

The newly uncovered feature is simple. Tapping an iPhone power...

Read More

India's Supreme Court Upholds Right to Privacy as a Fundamental Right—and It's About Time

Last week's unanimous judgment by the Supreme Court of India (SCI) in Justice K.S. Puttaswamy (Retd) vs Union of India is a resounding victory for privacy. The ruling is the outcome of a petition challenging the constitutional validity of the Indian biometric identity scheme Aadhaar. The judgment's ringing endorsement of the right to privacy as a fundamental right marks a watershed moment in the constitutional history of India. The one-page order signed by all nine judges declares:

... Read More

Privacy Badger Makes Twitter a Little Less Creepy

Privacy badger logo

Twitter recently abandoned their longstanding support for the Do Not Track (DNT) signal, disregarding the privacy preferences of millions of their users. Twitter can see when you visit other sites where its code is present through Tweet/Follow buttons and embedded tweets (like tweets you see quoted in a forum or an article). Embedded Twitter content is so widespread that Twitter can likely reconstruct a significant portion of your browsing history. Twitter's rejection of DNT leaves users’...

Read More

Deciphering China’s VPN Ban

This weekend Apple took a dispiriting step in the policing of its Chinese mainland App store: the company removed several Virtual Private Network (VPN) applications that allowed users to circumvent the China’s extensive internet censorship apparatus. In effect, the company has once again aided the Chinese government in its censorship campaign against its own citizens.

A commercial VPN is a private service that offers to securely relay your internet communications via their own...

Read More

Crossing the U.S. Border? Here’s How to Securely Wipe Your Computer

Many people crossing the U.S. border are concerned about the amount of power that the government has asserted to search and examine travelers’ possessions, including searching through or copying contents of digital devices, like photos, emails, and browsing history. The frequency of these intrusive practices has been increasing over time.

Some travelers might choose to delete everything on a particular device or disk to ensure that border agents...

Read More
Close tooltip