• Data breaches are inevitable – here’s how to protect yourself anyway

    It’s tempting to give up on data security altogether, with all the billions of pieces of personal data – Social Security numbers, credit cards, home addresses, phone numbers, passwords and much more – breached and stolen in recent years. But that’s not realistic – nor is the idea of going offline entirely. In any case, huge data-collection corporations vacuum up data about almost every American without their knowledge. As cybersecurity researchers, we offer good news to brighten this bleak picture. There are some simple ways to protect your personal data that can still be effective, though they involve changing how you think about your own information security.

  • Amazon, Facebook and Google don’t need to spy on your conversations to know what you’re talking about

    If you’ve ever wondered if your phone is spying on you, you’re not alone. One of the most hotly debated topics in technology today is the amount of data that firms surreptitiously gather about us online. You may well have shared the increasingly common experience of feeling creeped out by ads for something you recently discussed in a real life conversation or an online interaction. Tech companies don’t need to listen to your phone calls or read you emails. Simply put, tech firms routinely gather so much data about you in other ways, they already have an excellent idea what your interests, desires and habits might be.

  • AI advancement opens health data privacy to attack

    Advances in artificial intelligence have created new threats to the privacy of health data, a new study shows. The study suggests current laws and regulations are nowhere near sufficient to keep an individual’s health status private in the face of AI development.

  • TSA’s roadmap for airport surveillance moves in a dangerous direction

    The Transportation Security Administration has set out an alarming vision of pervasive biometric surveillance at airports, which cuts against the right to privacy, the “right to travel,” and the right to anonymous association with others.

  • DHS S&T awards $1.14 million for improving cyber data privacy

    DHS S&T has awarded a total of $1,149,900 across two organizations to develop new research and development (R&D) capabilities to enhance the management of privacy threats and vulnerabilities.

  • Subtle visual cues in online forums nudge users to reveal more than they would like

    Pictures may be worth a thousand words, but icons may be even more powerful in nudging people to disclose more information online, according to an interdisciplinary team of Penn State researchers. In a study, researchers found that people using an online sexual health forum featuring computer graphics, called icons, that implied a sense of crowd size and connectivity, revealed more sensitive information than visitors to a site without those visual cues.

  • New Australian law would compel tech firms to hand over encrypted data

    Australia’s parliament earlier today (Thursday) passed a controversial measure which will force tech firms to give police access to the encrypted communications of suspected terrorists and criminals. The law, fiercely opposed by big tech firms, has engendered heated debate over national security and privacy at a time law enforcement agencies are struggling with how to access encrypted information to monitor illegal activities. The passage of the law may have global implications for encrypted communications. Critics say the law may unleash unintended consequences.

  • Chicago should reject a proposal for private-sector face surveillance

    A proposed amendment to the Chicago municipal code would allow businesses to use face surveillance systems that could invade biometric and location privacy, and violate a pioneering state privacy law adopted by Illinois a decade ago. EFF joined a letter with several allied privacy organizations explaining the EFF’s concerns, which include issues with both the proposed law and the invasive technology it would irresponsibly expand.

  • U.K. surveillance regime violated human rights

    On September 13, after a five-year legal battle, the European Court of Human Rights said that the U.K. government’s surveillance regime—which includes the country’s mass surveillance programs, methods, laws, and judges—violated the human rights to privacy and to freedom of expression. The court’s opinion is the culmination of lawsuits filed by multiple privacy rights organizations, journalists, and activists who argued that the U.K.’s surveillance programs violated the privacy of millions.

  • Holding law-enforcement accountable for electronic surveillance

    When the FBI filed a court order in 2016 commanding Apple to unlock the iPhone of one of the shooters in a terrorist attack in San Bernandino, California, the news made headlines across the globe. Yet every day there are tens of thousands of court orders asking tech companies to turn over Americans’ private data. Many of these orders never see the light of day, leaving a whole privacy-sensitive aspect of government power immune to judicial oversight and lacking in public accountability. MIT researchers have proposed a new cryptographic system, using cryptography on a public log of wiretap requests, which encourages government transparency.

  • Spotting spies in the sky

    The use of drones for surveillance is no longer in the realm of science fiction. Researchers have developed the first technique to detect a drone camera illicitly capturing video. The new technology addresses increasing concerns about the proliferation of drone use for personal and business applications and how it is impinging on privacy and safety.

  • Between you, me, and Google: Problems with Gmail's “Confidential Mode”

    With Gmail’s new design rolled out to more and more users, many have had a chance to try out its new “Confidential Mode.” While many of its features sound promising, what “Confidential Mode” provides isn’t confidentiality. At best, the new mode might create expectations that it fails to meet around security and privacy in Gmail.

  • Congress must adopt stronger safeguards for wireless cybersecurity: Expert

    Thanks to the advent of cell phones, tablets and smart cars, Americans are increasingly reliant on wireless services and products. Yet despite digital technology advancements, security and privacy safeguards for consumers have not kept pace. One expert told lawmakers that Congress should take immediate action to address threats caused by cell-site simulators by “ensuring that, when Congress spends about a billion taxpayer dollars on wireless services and devices each year, it procures services and devices that implement cybersecurity best practices.”

  • Fitness app Polar revealed military personnel’s sensitive location data

    The Flow fitness app produced by the Finnish sports activity tracking firm Polar has been found to reveal users’ sensitive location data, according to an investigation by several news organizations. The investigation found that it is possible to use Polar’s Flow app to track down the home addresses of military and intelligence personnel.

  • Your smartphone may be spying on you

    Some popular apps on your phone may be secretly taking screenshots of your activity and sending them to third parties, according to a new study. The researchers said this is particularly disturbing because these screenshots—and videos of your activity on the screen—could include usernames, passwords, credit card numbers, and other important personal information.