Surveillance
Self-Defense

News

Data Privacy Policy Must Empower Users and Innovation

As the details continue to emerge regarding Facebook's failure to protect its users' data from third-party misuse, a growing chorus is calling for new regulations. Mark Zuckerberg will appear in Washington to answer to Congress next week, and we expect lawmakers and others will be asking not only what happened, but what needs to be done to make sure it doesn't happen again.

HTTPS Everywhere Introduces New Feature: Continual Ruleset Updates

Today we're proud to announce the launch of a new version of HTTPS Everywhere, 2018.4.3, which brings with it exciting new features. With this newest update, you'll receive our list of

The FBI Could Have Gotten Into the San Bernardino Shooter’s iPhone, But Leadership Didn’t Say That

The Department of Justice’s Office of the Inspector General (OIG) last week released a new report that supports what EFF has long suspected: that the FBI’s legal fight with Apple in 2016 to create backdoor access to a San Bernardino shooter’s iPhone was more focused on creating legal precedent than it was on accessing the one specific device.

Beyond Implementation: Policy Considerations for Secure Messengers

One of EFF’s strengths is that we bring together technologists, lawyers, activists, and policy wonks. And we’ve been around long enough to know that while good technology is necessary for success, it is rarely sufficient. Good policy and people who will adhere to it are also crucial. People write and maintain code, people run the servers that messaging platforms depend on, and people interface with governments and respond to pressure from them.

Building A Secure Messenger

Given different people’s and community’s security needs, it’s hard to arrive at a consensus of what a “secure” messenger must provide. In this post, we discuss various options for developers to consider when working towards the goal of improving a messenger’s security. A messenger that’s perfectly secure for every single person is unlikely to exist, but there are still steps that developers can take to work towards that goal.

Thinking About What You Need In A Secure Messenger

All the features that determine the security of a messaging app can be confusing and hard to keep track of. Beyond the technical jargon, the most important question is: What do you need out of a messenger? Why are you looking for more security in your communications in the first place?

The goal of this post is not to assess which messenger provides the best “security” features by certain technical standards, but to help you think about precisely the kind of security you need.

Why We Can’t Give You A Recommendation

No single messaging app can perfectly meet everyone’s security and communication needs, so we can’t make a recommendation without considering the details of a particular person’s or group’s situation. Straightforward answers are rarely correct for everyone—and if they’re correct now, they might not be correct in the future.

Secure Messaging? More Like A Secure Mess.

There is no such thing as a perfect or one-size-fits-all messaging app. For users, a messenger that is reasonable for one person could be dangerous for another. And for developers, there is no single correct way to balance security features, usability, and the countless other variables that go into making a high-quality, secure communications tool.

Over the next week, we’ll be posting a series of articles to explain what makes different aspects of secure messaging so complex:

Responsibility Deflected, the CLOUD Act Passes

UPDATE, March 23, 2018: President Donald Trump signed the $1.3 trillion government spending bill—which includes the CLOUD Act—into law Friday morning.

“People deserve the right to a better process.”

Those are the words of Jim McGovern, representative for Massachusetts and member of the House of Representatives Committee on Rules, when, after 8:00 PM EST on Wednesday, he and his colleagues were handed a 2,232-page bill to review and approve for a floor vote by the next morning.

Pages

JavaScript license information