Stop ad-based location tracking
Tracking IDs baked into your mobile device reveal visits to abortion clinics and more.
Support the Internet Archive
Help out a critical resource for journalists as it experiences a series of digital attacks.
Chrome phases out popular ad blocker — what now?
It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.In the newsIn its push to rework permissions within Google Chrome desktop …
See, this is why we need encryption
U.S. intelligence agencies suggest China is involved in a breach of multiple major U.S. telecommunications providers.
Indicted NYC mayor forgets phone passcode
Eric Adams allegedly claimed that he had changed the passcode and told the FBI he did not remember it.
Discord boosts private call encryption
Discord announced its rollout of end-to-end encryption for voice and video calls in one-to-one and group direct messages, voice channels, and Go Live streams.
Understanding every one of Signal’s identifiers
We’ve heard some questions about the difference between Signal usernames, phone numbers, profile names, profiles, and nicknames. Let’s talk about it.
Ask a security trainer: Why trust Signal?
FPF's digital security advice column today answers, why should I trust Signal?
Advice column: Two-factor authentication woes
FPF's digital security advice column today answers, what happens if I lose the phone I use for two-factor authentication?
Ask a security trainer: Top three security tips
FPF's digital security advice column today answers, what are your top three security tips?
Google backtracks on ad privacy plan
Google has a habit of hitting the brakes on products and features — so much so that it’s become something of a meme to be “killed by Google.” This time it decided to backtrack on its long-standing plan to replace traditional tracking in its Chrome browser.
What the AT&T breach means for source protection
We can learn a lot about how to get ahead of these problems.
Mail surveillance is widespread
According to data unearthed in a congressional probe, more than 60,000 requests by federal investigators and police captured data on 312,000 letters and packages between 2015 and 2023.
When data brokers break
We often talk to newsrooms about dealing with data brokers — companies that aggregate and sell data from commercial and public records. According to recent reporting from TechCrunch, an alleged breach of a U.S. data broker impacted at least 300 million people. Their reporting suggests “mixed results” verifying the authenticity of the data.
Apple’s password app
In the hope of simplifying how customers can log into apps and websites, Apple has announced it will offer a new Passwords app in its upcoming versions of iOS 18, iPadOS 18, and macOS 15.
Oops, all breaches!
Data breach notification service “Have I Been Pwned?” has added the login information associated with 361 million email addresses. Have I Been Pwned owner Troy Hunt says as many as 151 million of these unique email addresses have never been seen in his database before. The website boasts tracking over 13.5 billion breach accounts. Some of these credentials are reportedly harvested from users’ devices infected with information-stealing malware.
Slack trains AI models on user data
Over this past week, Slack published a blog post defending its privacy practices following widespread criticism over its use of customer data to train its global AI models. At the moment, organizations are required to opt out to prevent their messages, content, and files from being mined to develop Slack’s AI.
Crossfire over messaging security
Johns Hopkins cryptography professor Matthew Green explains that “the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.” By comparison, Telegram does not provide end-to-end encryption protection by default and only offers it as an option in one-on-one “Secret Chat” mode.
Google Docs locks out writer
While it’s powerful and convenient, Google Docs might not be right for all documents, including those that you consider sensitive, private, or that you can’t risk losing. Read more about newsroom privacy and security considerations when using Google Workspace.
Google details app violations
According to its security blog, Google prevented 2.28 million — yes, million — Android apps from being published on its Play Store in 2023. The company says it also removed 333,000 accounts for attempting to deliver malware through the Play Store, as well as for “repeated severe policy violations.” These numbers have grown substantially since 2022, when the company disclosed it prevented 1.43 million apps from being published on the Play Store.
Bill expands US spying powers
Last week, Congress reauthorized a controversial surveillance authority, Section 702 of the Foreign Intelligence Surveillance Act. While legislators considered reforms to FISA that would restrain the federal intelligence and law enforcement community’s abilities to spy on American communications without a warrant, they in fact expanded these surveillance powers to subject more electronic communications service providers, such as U.S. cloud computing data centers, to data collection.
Apple warns iPhone users of targeted malware
On April 10, Apple sent users in 92 countries warning of mercenary malware attacks targeting the iPhone. The notification did not provide details about the identities of the attackers. According to TechCrunch, Apple warned, “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”
Preparing for election-related security issues
Throughout this year, our digital security training team will share our thoughts on navigating security issues during the 2024 election season. Elections around the world experience distinct security issues that may change from year to year, but in the U.S. we look to 2020 for lessons on how to get ahead of likely issues, from surveillance of our sensitive communications to perennial phishing attacks and harassment for political reporting.
Google to delete old Chrome Incognito data
Following a class-action lawsuit over Google’s handling of user data in its Chrome browser’s “Incognito” private browsing mode, the search company will expunge “billions of event-level data records that reflect class members’ private browsing activities” improperly collected before January 2024. It also updated its Incognito landing page to highlight that even Google can discern your activities in private browsing mode. Additionally, the company will be required to delete data that makes users’ private browsing data personally identifiable, such as IP addresses.
DOJ sues Apple, spotlighting iMessage
The U.S. Department of Justice filed an antitrust lawsuit against Apple, claiming the company engages in monopolistic practices over the smartphone market, preventing competitors by degrading the experience of communicating with non-Apple users in its products. iMessage features prominently in the suit, with the DOJ alleging consumers are disincentivized to leave its “walled garden” and so miss out on unique features built into the iMessage protocol, including end-to-end encryption between Apple users.
