The decade-old warning to stay off public WIFI systems is no longer valid.

EFF:

There are still a few small information leaks: HTTPS protects the content of your communications, but not the metadata. So when you visit HTTPS sites, anyone along the communication path—from your ISP to the Internet backbone provider to the site’s hosting provider—can see their domain names (e.g. wikipedia.org) and when you visit them. But these parties can’t see the pages you visit on those sites (e.g. wikipedia.org/controversial-topic), your login name, or messages you send. They can see the sizes of pages you visit and the sizes of files you download or upload. When you use a public Wi-Fi network, people within range of it could choose to listen in. They’d be able to see that metadata, just as your ISP could see when you browse at home. If this is an acceptable risk for you, then you shouldn’t worry about using public Wi-Fi.

Similarly, if there is software with known security bugs on your computer or phone, and those bugs are specifically exploitable only on the local network, you might be at somewhat increased risk. The best defense is to always keep your software up-to-date so it has the latest bug fixes.

What about the risk of governments scooping up signals from “open” public Wi-Fi that has no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies.

Read the rest

[My EFF colleague Bill Budington has a fantastic report on all the ways that Ring surveils its own customers. Caveat emptor, indeed. -Cory]

Ring isn't just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers. Read the rest

Copyright rules are made with the needs of the entertainment industry in mind, designed to provide the legal framework for creators, investors, distributors, production houses, and other parts of the industry to navigate their disputes and assert their interests. Read the rest

[The selloff of the .ORG domain name registry to a private equity fund is fractally terrible, but it's in danger, thanks to public outcry. My EFF colleague Mitch Stoltz lays out the grotesque contours of the deal and its many deficiencies in this comprehensive overview. -Cory]

Over 21,000 people, 660 organizations, and now six Members of Congress have asked ICANN, the organization that regulates the Internet’s domain name system, to halt the $1.135 billion deal that would hand control over PIR, the .ORG domain registry, to private equity. There are crucial reasons this sale is facing significant backlash from the nonprofit and NGO communities who make the .ORG domain their online home, and perhaps none of them are more concerning than the speed of the deal and the dangerous lack of transparency that’s accompanied it.  Read the rest

None of us signed up for an Internet composed of "a group of five websites, each consisting of screenshots of text from the other four", but here we are, watching as hyper-concentrated industries rack up catastrophic victories against net neutrality, right to repair, security auditing, and a host of other issues. Read the rest

[Amazon's surveillance doorbell company Ring sells "security" -- the sense that surveilling your porch or your driveway or your home can make you safe. But when the company experienced a grotesque and completely predictable breach that saw hackers breaking into Ring cameras and spying on and tormenting their owners, Amazon blamed their customers for recycling passwords. In this outstanding Deeplinks post, my EFF colleagues, Cooper Quintin and Bill Budington explain just how odious this victim-blaming really is. -Cory]

Just a week after hackers broke into a Ring camera in a childs’ bedroom taunting the child and sparking serious concerns about the company’s security practices, Buzzfeed News is reporting that over 3,600 Ring owners’ email addresses, passwords, camera locations, and camera names were dumped online. This Includes cameras recording private spaces inside homes. Read the rest

The Electronic Frontier Foundation has just hired two new staffers focused on the EU: Icelandic poet, artist, and free expression activist Birgitta Jónsdóttir, and European Internet policy expert Christoph Schmon. Read the rest

This week, I've been doing our family's annual charitable giving (here's a guide to some of the charities we support), a long process that involves using Charity Navigator to verify that the groups we support are still spending money effectively, figuring out how much to give, and then submitting the receipts to my wife's employer for donation-matching. Read the rest

[The sale of the .ORG top-level domain to a private equity fund run by a bunch of Republican billionaires is a corrupt, revolting perversion. Here, my EFF colleague Mitch Stoltz does an excellent job of explaining what's at stake and how you can take action. -Cory]

The .ORG top-level domain and all of the nonprofit organizations that depend on it are at risk if a private equity firm is allowed to buy control of it. EFF has joined with over 250 respected nonprofits to oppose the sale of Public Interest Registry, the (currently) nonprofit entity that operates the .ORG domain, to Ethos Capital. Internet pioneers including Esther Dyson and Tim Berners-Lee have spoken out against this secretive deal. And 12,000 Internet users and counting have added their voices to the opposition. Read the rest

In 2006, Aaron Patzer founded Mint. Patzer had grown up in the city of Evansville, Indiana—a place he described as "small, without much economic opportunity"—but had created a successful business building websites. He kept up the business through college and grad school and invested his profits in stocks and other assets, leading to a minor obsession with personal finance that saw him devoting hours every Saturday morning to manually tracking every penny he'd spent that week, transcribing his receipts into Microsoft Money and Quicken. Read the rest

Today, the Electronic Frontier Foundation launched About Face, a new national campaign to end governmental use of facial recognition technology for surveillance at all levels -- city, state and federal. Read the rest

Today, we are told that the bigness of Big Tech giants was inevitable: the result of "network effects." For example, once everyone you want to talk to is on Facebook, you can't be convinced to use another, superior service, because all the people you'd use that service to talk to are still on Facebook. And of course, those people also can't leave Facebook, because you're still there. Read the rest

Back in 2017, EFF, ACLU and ACLU of Massachusetts sued the US government on behalf of 11 travelers whose devices had been subjected to warrantless, suspicionless searches by Customs and Border Protection at the US border. Read the rest

[We've been covering the grimy, sleazy stalkerware industry for years, and so it's nice to see that the FTC is finally taking action against the worst of the worst actors -- pity that they're still getting it wrong, as EFF's Gennie Gephart and Eva Galperin explain in this Deeplinks post that I've mirrored below. -Cory]

The FTC recently took action against stalkerware developer Retina-X, the company behind apps Flexispy, PhoneSheriff, and Teenspy. The FTC settlement bars Retina-X from distributing its mobile apps until it can adequately secure user information and ensure its apps will only be used for “legitimate purposes.” But here’s the problem: there are simply no legitimate purposes for secret stalking apps. Read the rest

Berkeley has joined the swelling ranks of cities (pioneered by nearby Oakland) that have passed ordinances banning the government's use of facial recognition technology, after a unanimous city council vote. Read the rest

[My EFF colleague Katharine is back with a very important message about a singularly stupid and dangerous legislative proposal that is steamrolling through Congress; even by the standards of stupid and dangerous Congressional copyright rules, this one is an exception -Cory]

Every year, for a couple of years now, Congress has debated passing some version of the Copyright Alternative in Small-Claims Enforcement Act (CASE Act). It’s supposed to be the answer to artists’ prayers: a quicker, cheaper way to deal with infringement than going to court. But the way this bill is written (and re-written, and re-written, and re-written) doesn’t do that. It just makes it easy to bankrupt people for sharing memes. Read the rest

One of the coolest initiatives of the Electronic Frontier Foundation is the Electronic Frontier Alliance, a network of autonomous community groups that work on local issues with support from each other and EFF: everything from getting facial recognition banned in their communities to forcing local police departments to seek public comment on new surveillance tech initiatives. Read the rest