We continue to receive great, constructive feedback from readers. Many of your suggestions have sparked more in-depth edits which we'll share with you in the coming months. We're also working on an SSD homepage revamp, which will allow for a more user-friendly navigating experience to our guides. Meanwhile, we're answering some FAQs from users and addressing a couple of content tweaks:
You don't mention keyloggers...any reason why?
Keyloggers are tools which record everything you type on a computer keyboard, and covertly send that data to an attacker. Keylogging software has been around since at least the 1970s, when Russian spies placed physical bugs into the Selectric typewriters used at American embassies. We include keyloggers in the general discussion of the risks of malware, but don't specifically mention them as a separate class of tracking device. While physical keyloggers still exist, keylogging itself is mostly implemented using software these days. Any malicious software that conducts keylogging will also generally have many more functions (such as monitoring audio or recording screen activity) than just keylogging.
We felt that by concentrating on keylogging, we'd mislead people about the ways in which malware can do far more, including bypassing some of the strategies that one might intuitively think could dodge tools that record keystrokes (i.e. using onscreen keyboards, or moving the mouse and typing extra keystrokes outside the password entry box when typing passwords). Given that you don't know what malware may be used against you, it's better to defend yourself against all malware, rather than take steps that may only work on a small subset of malware.
What's the difference between KeePass and KeePassX?
KeePassX is a cross-platform version of the Windows-only KeePass program. KeePassX also works on Windows, OS X, and Linux. We always try and recommend software that works across different operating systems, both for simplicity's sake, and because it allows people the freedom to move more easily between computer platforms.
Computerization of health records raises many security and privacy issues - any plans to address these in SSD?
EFF keeps a close eye on the digitization of health records and the privacy issues this raises, but SSD concentrates on securing individuals against surveillance, rather than what happens to your private data when it's taken out of your hands. We don't have any plans to cover health records in particular, but we do plan to cover strategies for securing your data when it's held by third-parties (like cloud services), where that's possible.
Attending Protests (United States and International)
We've elaborated on a statement originally published in our Attending Protests guides. We initially suggested that if you attend a protest and are concerned about being identified, you might cover your face as to not be identified in photos. Runa Sandvik pointed out that while this is sound advice in some U.S. states and countries, masks may get you into trouble in other locations due to anti-mask laws. We've updated the text to reflect this.
In the News
- A Spanish judge believes using secure email services is a dangerous sign of terrorist tendencies.
- The British Prime Minister takes this one step further: if only we made all legal Internet communications insecure, we'd all be safer from terrorists.
- Verizon and its advertising partner, Turn, have been caught using Verizon Wireless's UIDH tracking header to resurrect deleted tracking cookies and share them with dozens of major websites and ad networks, forming a vast web of non-consensual online tracking.
- Surveillance technologies such as drones and CCTVs are a growing security concern, particularly in Latin America.
- President Obama's cybersecurity legislative proposal that was released last week lacks substantive protections and enhancements for computer security.