Articles

Tor Is Easier Than Ever. Time to Give It a Try / WIRED

Been curious about Tor but worried it’s too complicated to use? Good news!

How to think about data in 2019 / The Economist

It is tangible human beings, not abstract “data”, that power the online economy.

DPC Advice on Connected Toys and Devices / Data Protection Commission Ireland

Many children enjoy playing with toys and devices that have the ability to interact with them, either directly or through an online ‘app’. The popularity of these toys and devices, which can provide a fun and educational experience, along with advances in technology, means that there are more and more of these products on the market to choose from. With this in mind, the Data Protection Commission (DPC) has put together this advice to assist you if/when you decide to purchase one.

What Constant Surveillance Does to Your Brain / Motherboard

Technology is getting more adept at tracking our moves and anticipating our choices, and being watched all the time can make us feel anxious.

How to protect your phone or computer when crossing borders / ProtonMail

Border agents have broad powers to search people crossing borders, including their phones and laptops.But there are ways to protect your data when crossing international borders if you understand the technology and the law.

Six really practical ways to protect your privacy online / Amnesty International UK

Help stop companies and governments snooping on you with these 6 easy steps to protect your privacy online.

Internet Safety for Kids – 6 Tips to Protect Children Online / LastPass

The internet is a complicated place. It’s where kids can find adorable dog pictures and the latest news on their favorite band or movie star, but it’s also the host of adult content that isn’t safe for kids. And just like you are at risk of exposure to data breaches and identity theft, so are your kids!

Setting up two-factor authentication (2FA) / NCSC

How setting up 2FA can help protect your online accounts, even if your password is stolen.

What Does Private Browsing Mode Do? / Martin Shelton

Most popular web browsers support two types of windows: ordinary windows and “private browsing” mode. I research how people understand the web for a living. Trust me when I say, if you’re not sure what private browsing does, you’re in good company. Researchers have found widespread misconceptions about what information is visible through private browsing. So let’s talk about what it does and doesn’t do.

Three Reasons Why the “Nothing to Hide” Argument is Flawed / DuckDuckGo

Over the years, we at DuckDuckGo have often heard a flawed counter-argument to online privacy: “Why should I care? I have nothing to hide.”
As Internet privacy has become more mainstream, this argument is rightfully fading away. However, it’s still floating around and so we wanted to take a moment to explain three key reasons why it’s flawed.

Two-Factor Authentication for Beginners / Martin Shelton

Passwords are the brittle wall that keep unwanted visitors out of your accounts. When it comes to account protection, two-factor authentication is one of the most effective defenses available.

The real problem with encryption backdoors / ProtonMail

With appeals to “national security,” governments around the world are pushing for encryption backdoors that would allow them to break into the secure data of suspected criminals. Simply put, this is a terrible idea.

GDPR terminology in plain English / freeCodeCamp

Learn what the General Data Protection Regulation is all about and in what way it affects users, developers and businesses.

Protect your data, protect your human rights: Amnesty’s three-step guide / Amnesty International UK

A step-by-step guide to protecting your data online, in the wake of the Cambridge Analytica and Facebook scandal.

Facebook Scans the Photos and Links You Send on Messenger / Bloomberg

Facebook Inc. scans the links and images that people send each other on Facebook Messenger, and reads chats when they’re flagged to moderators, making sure the content abides by the company’s rules. If it doesn’t, it gets blocked or taken down.

But what if my password manager gets hacked?! A few thoughts on how to talk about security worries with non-experts / Jessy Irwin

Security is not binary, it exists on a scale from 1 to 99 that will never, ever be 100%.

What does a secure web connection actually do? / DuckDuckGo

Many websites use “https://” at the beginning of their address rather than “http://“. But what protection does that give you? How much of your surfing data is secure?

How to create a genuinely strong password for your digital life / Wired

What sort of password ensures optimal security? There are a few ways to change and reset your password to make it stronger.

Security Vulnerabilities Explained with Rivers and Parties / Andrea Zanin

Security vulnerabilities can be boring to learn. But you still need to learn them, unless you want some hacker to delete all your production databases. To make it a bit more entertaining, I tried to explain 3 major vulnerabilities in terms of every day life.

How Long is Long Enough? Minimum Password Lengths by the World’s Top Sites / Troy Hunt

I’ve been giving a bunch of thought to passwords lately. Here we have this absolute cornerstone of security – a paradigm that every single person with an online account understands – yet we see fundamentally different approaches to how services handle them. Some have strict complexity rules. Some have low max lengths. Some won’t let you paste a password. Some force you to regularly rotate it. It’s all over the place.

Wire for Beginners / Martin Shelton

In the crowded world of encrypted messaging apps, few tools stand out.

HTTPS explained with carrier pigeons / Andrea Zanin

Learn how HTTPS works by reading about Alice, Bob and a lot of carrier pigeons.

The Market for Stolen Account Credentials / Brian Krebs

Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.

A Simple Checklist To Help You Not Get Hacked / Fast Company

There are a lot of in-depth guides to staying safe online. Citizen Lab and a group of security gurus built an interactive tool to keep things simpler.

I’m Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important / Troy Hunt

We’re on a march towards HTTPS everywhere. Almost 70% of web traffic today is encrypted and organisations not getting with the program are being increasingly penalised for lagging behind.

Have you been ‘pwned’ in a data breach? Troy Hunt can tell / Associated Press

Troy Hunt has collected a trove of 4.8 billion stolen identity records pulled from the darkest corners of the internet — but he isn’t a hacker.

Here’s What I’m Telling US Congress about Data Breaches / Troy Hunt

Last week I wrote about my upcoming congressional testimony and wow – you guys are awesome! Seriously, the feedback there was absolutely sensational and it’s helped shape what I’ll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you!
As I explained in that first blog post, I’m required to submit a written testimony 48 hours in advance of the event. That testimony is now publicly accessible and reproduced [at the link].

The Safest Conversation You’ll Have This Holiday / EFF

Do your friends and family rope you into providing tech support when you’re home for the holidays? Use this opportunity to be a digital security hero and rescue your family from tracking cookies, unencrypted disks, insecure chats, and recycled passwords.

Your Holiday Cybersecurity Guide / Errata Security

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I’d write up a quick guide of the most important things.

How to give your parents the security talk this Thanksgiving / CNET

Yes, it can be a pain, but teaching them to avoid phishing emails now will save headaches later. Here’s help.

Two passwords are always better than one / The Outline

Two-factor authentication adoption rates are low. Is it because cybersecurity experts are making the perfect the enemy of the good?

How to Protect Yourself Against Spearphishing / The Nib

The famous “DNC hacks” weren’t hacks – they were phished. Don’t let it happen to you!

The One Valuable Thing All Websites Have: Reputation (and Why It’s Attractive to Phishers) / Troy Hunt

Here’s something I hear quite a bit when talking about security things: “Our site isn’t a target, it doesn’t have anything valuable on it.”
This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it’s a perfectly reasonable position. They don’t collect any credentials, they don’t have any payment info and in many cases, the site is simply a static representation of content that rarely changes. So what upside is there for an attacker?

Secure your Chats! / Net Alert

When you send a postcard through the mail, the content is not protected and anyone who handles it could read it. The same is true of SMS text messages–any carrier of the message can potentially read the contents.
When a message is encrypted, it is scrambled so that only the sender and receiver can read it. Think of it like using a sealed envelope to send a letter in the mail instead of a post card.

A Guide to Common Types of Two-Factor Authentication on the Web / EFF

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it’s becoming much more common across the web. With often just a few clicks in a given account’s settings, 2FA adds an extra layer of security to your online accounts on top of your password.

Decoding two-factor authentication: which solution is right for you? / Access Now

You may have heard of two-factor — or multi-factor — authentication (2FA or MFA) as a way to add a layer of security on top of your accounts. In addition to your username and password, enabling two-factor lets you use a second form of authentication, which may block thieves from accessing your information. A second factor to show that you are you — not an intruder — could be a hardware key, a dedicated phone application, an SMS text message, or your fingerprint. With so many options, it can be hard to decide which second factor to use. That’s why we created this guide to help you make an informed choice.

The Unexpected Benefits of Encrypted Writing / Standard Notes

I’ve spent about the last decade of my life developing tools for note taking and file management, the most important of which is an encrypted note-taking app. And when I talk to others about how their lives changed once they knew their thoughts and words were private, the response is always the same: “I feel free,” is what I hear. They talk about the subtle, but powerful, difference privacy brings you. You become accustomed to the luxury of knowing what you say will never be repeated.

Living with password re-use / NCSC

In a perfect world we’d use unique passwords for every online service. But the world isn’t perfect…

Passwords Evolved: Authentication Guidance for the Modern Era / Troy Hunt

Up until the last couple of decades, we had a small number of accounts and very limited connectivity which made for a pretty simple threat landscape. Your “adversaries” were those in the immediate vicinity, that is people who could gain direct physical access to the system. Over time that extended to remote users who could dial in – I mean literally dial in via phone – and that threat landscape grew. You pretty much know the story from here: more connectivity, more accounts, more threat actors and particularly in recent years, more data breaches. Suddenly, the simple premise of matching strings no longer seems like such a good idea.

Don’t be fooled: Metadata is the real data / Mo Bitar

In a crime case, investigators don’t have access to “the truth” — the data, if you will. All they have are clues which can be put together to make as perfect a guess as possible as to what the nature of the truth is. Metadata.

How To Encrypt Your Devices / DuckDuckGo

When data is encrypted, it turns into a seemingly random collection of characters, unless of course you have the decryption key! The ability to encrypt all the data on a device is now usually built-in to its operating system, meaning there is no good excuse not to protect your privacy in this manner.

Online security 101: Tips for protecting your privacy from hackers and spies / ZDNet

This simple advice will help to protect you against hackers and government surveillance.

VPNs Are Absolutely a Solution to a Policy Problem / Mo Bitar

VPNs are absolutely a solution to policy issues, and we would be wrong to treat them differently.

Encryption Makes a Better World / Mo Bitar

Changing the nature of governance through encryption.

Privacy is Power / Mo Bitar

Why the fight for privacy matters.

Upgrading WhatsApp Security / Martin Shelton

With over a billion users, there’s a good chance you have friends on WhatsApp, an easy-to-use mobile messenger. With some tweaks, you can make it much more secure for routine conversations.

A Followup About AV Test Reports / Robert O’Callahan

Well, my post [Disable Your Antivirus Software (Except Microsoft’s) – listed below] certainly got a lot of attention…

For Data Privacy Day, Play Privacy As A Team Sport / EFF

Protecting digital privacy is a job no one can do alone. While there are many steps you can take to protect your own privacy, the real protection comes when we recognize that privacy is a team sport. So as we celebrate Data Privacy Day on January 28, don’t just change your tools and behavior to protect your own privacy—encourage your friends, family, and colleagues to take action, too.

Disable Your Antivirus Software (Except Microsoft’s) / Robert O’Callahan

I was just reading some Tweets and an associated Hackernews thread and it reminded me that, now that I’ve left Mozilla for a while, it’s safe for me to say: antivirus software vendors are terrible; don’t buy antivirus software, and uninstall it if you already have it (except, on Windows, for Microsoft’s).

Password Managers for Beginners / Martin Shelton

Passwords are often the only thing standing between a hacker and your online accounts. This guide helps you choose a password manager to help you create strong, unique passwords. It’s an easy way to make browsing the web easier, faster, and more secure.

How Dropbox securely stores your passwords / Dropbox

It’s universally acknowledged that it’s a bad idea to store plain-text passwords. If a database containing plain-text passwords is compromised, user accounts are in immediate danger.

Going dark: online privacy and anonymity for normal people / Troy Hunt

I want to talk about practical, everyday things that people who aren’t deeply technical can do to better protect themselves. They’re simple, mostly free and easily obtainable by everyone.

 

Page last updated: 9 January 2019

Download page as PDF

Advertisements