Efail: instructions for using PGP again as safely as is possible for now

It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out. Read the rest

The FBI's mountain of uncrackable crimephones was nearly entirely imaginary

The FBI has been trying to ban working cryptography since the Clinton years, a losing battle whose stakes go up with each passing day as the number of devices that depend on working crypto to secure them and their users goes up and up and up. Read the rest

Mur Lafferty wrote a science fiction story about the DMCA to help EFF's fair use for vidders campaign

Every three years, the US Copyright Office asks America about the problems with Section 1201 of the DMCA, which bans breaking DRM even for legal reasons, and America gets to answer with requests for exemptions to this rule. Read the rest

John Scalzi wrote a science fiction story about the DMCA to help EFF's Right to Repair campaign

Every three years, the US Copyright Office asks America about the problems with Section 1201 of the DMCA, which bans breaking DRM even for legal reasons, and America gets to answer with requests for exemptions to this rule. Read the rest

EFF has comprehensively killed the bullshit podcasting patent

Back in 2014, a patent troll called Personal Audio LLC embarked on a campaign to shake down podcasters large and small for millions, but then they made the mistake of tangling with the Electronic Frontier Foundation. Read the rest

Efail: researchers reveal worrying, unpatched vulnerabilities in encrypted email

A group of researchers have published a paper and associated website describing a clever attack on encrypted email that potentially allows an attacker to read encrypted emails sent in the past as well as current and future emails; EFF has recommended switching off PGP-based email encryption for now, to prevent attackers from tricking your email client into decrypting old emails and sending them to adversaries. Read the rest

Innovation should be legal; that's why I'm launching NeTV2

I’d like to share a project I’m working on that could have an impact on your future freedoms in the digital age. It’s an open video development board I call NeTV2.

Victory! Fourth Circuit rules that border officials can't subject electronic devices to suspicionless forensic searches

Back in 2014, the Supreme Court ruled in Riley v California, holding that border guards do not have unlimited authority to search our personal electronic devices when we cross the border, requiring individualized criminal suspicion before a search can take place. Read the rest

Georgia's governor has vetoed SB 315, the state's catastrophically stupid cybersecurity law

When Georgia's legislature passed SB 315, a horribly misguided cybersecurity bill that criminalized routine security research, thus allowing bad guys to get much worse, everyone pinned their hopes on Governor Nathan Deal vetoing it. Read the rest

Should I use an algorithm here? EFF's 5-point checklist

The Electronic Frontier Foundation's Jamie Williams and Lena Gunn have drawn up an annotated five-point list of questions to ask yourself before using a machine-learning algorithm to make predictions and guide outcomes. Read the rest

Here's why everyone in the world just emailed you a new privacy policy

The looming deadline for the EU General Data Protection Plan means that companies have a duty to be extremely clear about what data they're collecting on you and what they're doing with it, and give you a chance to refuse -- they've already had a duty to do this for a very long time under both EU law and California law, but the difference this time around is that the GDPR has large, terrifying teeth: companies that fail to comply can be fined 4% of their annual global turnover. Read the rest

Three artificial pancreases: a special trio of Catalog of Missing Devices entries

EFF has just published an update to its Catalog of Missing Devices (a catalog of things that don’t exist thanks to the chilling effects of Section 1201 of the DMCA): a trio of ads for future artificial pancreas firmwares that illustrate the way that control over devices can magnify or correct power imbalances.

Read the rest

Mashup Maker: Another entry for the Catalog of Missing Devices

EFF supporter Benjamin McLean was kind enough to send along his "Mashup Maker" as a new entry to EFF Catalog of Missing Devices, a tour through some of the legitimate, useful and missing gadgets, tools and services that don't exist but should. They're technologies whose chance to exist was snuffed out by Section 1201 of the Digital Millennium Copyright Act of 1998, which makes tampering with "Digital Rights Management" into a legal no-go zone, scaring off toolsmiths, entrepreneurs, and tinkerers. Read the rest

EFF and iFixit are hosting a Reddit AMA on jailbreaking TOMORROW at 11AM Pacific

Join me, EFF attorney Kit Walsh and iFixit's Kyle Wiens -- along with special guests! -- in a Reddit Ask Me Anything session tomorrow (Thursday) from 11AM-3PM Pacific; we'll be talking about the upcoming Copyright Office hearings on creating exceptions to the DMCA to make room for independent repair and security research. We'll be live here at 11AM tomorrow! Pass it on. Read the rest

To do in LA, April 24: come hear from the people fighting for Right to Repair, freedom to tinker and the right to know

Update: due to popular demand, we've moved to a bigger space! We'll be at UCLA Moore Hall, Room 3340 (Reading Room), 457 Portola Plaza, Los Angeles, CA 90095. There's 20 new spaces open: RSVP today!

A law intended to stop people from making off-brand DVD players now means that security researchers can’t warn you about dangers from the cameras in your bedroom; that mechanics can’t fix your car; and that your printer won’t take third party ink. Read the rest

Firefox users: keep your personal information safe from Facebook with this browser extension

As our Cory Doctorow points out, the tools to protect yourself from non-consensual online tracking are already out there. He uses and recommends the EFF's free Privacy Badger browser plug-in to keep his online data to himself and out of the hands of creeps like Facebook, Google and Cambridge Analytica.

If you're a Firefox user who wants to keep using Facebook, but worried about the sort of nonsense that the service has been getting up to of late, Mozilla has launched a new browser extension that's designed to provide users with more control of what sort of personal data everyone's favorite social media problem child is capable of getting its hands on. It's called the Facebook Container Extension.

From Mozilla:

This extension helps you control more of your web activity from Facebook by isolating your identity into a separate container. This makes it harder for Facebook to track your activity on other websites via third-party cookies.

Rather than stop using a service you find valuable and miss out on those adorable photos of your nephew, we think you should have tools to limit what data others can collect about you. That includes us: Mozilla does not collect data from your use of the Facebook Container extension. We only know the number of times the extension is installed or removed.

When you install this extension it will delete your Facebook cookies and log you out of Facebook. The next time you visit Facebook it will open in a new blue-colored browser tab (aka “container tab”).

Read the rest

How to evaluate secure messengers and decide which one is for you

The Electronic Frontier Foundation is running an excellent series on the potential and pitfalls of secure messaging app -- this is very timely given the ramping up of state surveillance and identity theft, not to mention anyone looking to #DeleteFacebook and transition away from Facebook Messenger. Read the rest

More posts