Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.
Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.
No single messaging app can perfectly meet everyone’s security and communication needs, so we can’t make a recommendation without considering the details of a particular person’s or group’s situation. Straightforward answers are rarely correct for everyone—and if they’re correct now, they might not be correct in the future.
At time of writing, if we were locked in a room and told we could only leave if we gave a simple, direct answer to the question of what messenger the...Read More
There is no such thing as a perfect or one-size-fits-all messaging app. For users, a messenger that is reasonable for one person could be dangerous for another. And for developers, there is no single correct way to balance security features, usability, and the countless other variables that go into making a high-quality, secure communications tool.
Over the next week, we’ll be posting a series of articles to explain what makes different aspects of secure messaging so complex:... Read More
Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer those questions and dive further into the Dark Caracal report.Read the full Dark Caracal report here
First, the good news: Dark...Read More
The Supreme Court Finally Takes on Law Enforcement Access to Cell Phone Location Data: 2017 in Review
Protecting the highly personal location data stored on or generated by digital devices is one of the 21st century’s most important privacy issues. In 2017, the Supreme Court finally took on the question of how law enforcement can get ahold of this sensitive information.
Whenever you use a cell phone, whether to make calls, send or receive texts, or browse the Internet, your phone automatically generates “cell site location information” (CSLI) through its interactions with cell...Read More
Turning off your Bluetooth and Wi-Fi radios when you’re not using them is good security practice (not to mention good for your battery usage). When you consider Bluetooth’s known vulnerabilities, it’s especially important to make sure your Bluetooth and Wi-Fi settings are doing what you want them to. The iPhone’s newest operating system, however, makes it harder for users to control these settings.
On an iPhone, users might instinctively swipe up to open Control Center and toggle...Read More
UPDATE: EFF joined coalition comments on October 18, 2017 in opposition to the A-File notice.
The U.S. Department of Homeland Security (DHS) last month issued a notice that it is storing social media information on immigrants, including lawful permanent residents and naturalized U.S. citizens, apparently indefinitely, in a government database that contains “Alien Files” (A-Files). This is an invasive new feature of DHS’s previously known programs on collecting social media...Read More
When iOS 11 is released to the public next week, it will bring a new feature with big benefits for user security. Last month, some vigilant Twitter users using the iOS 11 public beta discovered a new way to quickly disable Touch ID by just tapping the power button five times. This is good news for users, particularly those who may be in unpredictable situations with physical security concerns that change over time.
The newly uncovered feature is simple. Tapping an iPhone power...Read More
In the latest sign of mission creep in domestic deployment of battlefield-strength surveillance technology, U.S. Immigration and Customs Enforcement (ICE) earlier this year used a cell site simulator (CSS) to locate and arrest an undocumented immigrant, according to a report yesterday by The Detroit News.
CSSs, often called IMSI catchers or Stingrays, masquerade as cell phone towers and trick our phones into connecting to them so police can track down a target. EFF has long...Read More
The Bill of Rights at the Border: Fifth Amendment Protections for Account Passwords and Device Passcodes
This is the third and final installment in our series on the Constitution at the border. Today, we’ll focus on the Fifth Amendment and passwords. Click here for Part 1 on the First Amendment or Part 2 on the Fourth Amendment.
Lately, a big question on everyone's mind has been: Do I have to give my password to customs agents?
As anyone who’s ever watched any cop show knows, the Fifth Amendment gives you the right to remain silent and to refuse to provide evidence against...Read More
Wikileaks today released documents that appear to describe software tools used by the CIA to break into the devices that we all use at home and work. While we are still reviewing the material, we have not seen any indications that the encryption of popular privacy apps such as Signal and WhatsApp has been broken. We believe that encryption still offers significant protection against surveillance.
The worst thing that...Read More