We recently shared news of Mozilla’s partnership with data removal service Onerep. Through a service it calls Mozilla Monitor Plus, Onerep is designed to automatically scan for personal information on data broker websites. But journalist Brian Krebs has found evidence that the founder of Onerep, purveyor of anti-data broker services, himself created dozens of data broker services. Read more.
Under the new European Union law, the Digital Markets Act, Meta is required to allow interoperability between third-party chat software and its WhatsApp and Facebook Messenger apps. These tools offer end-to-end encryption using the Signal protocol, the strong encryption specifications pioneered by the Signal encrypted messaging app.
Both in the U.S. and abroad, governments are capturing encrypted connections that pass over the public internet and saving them for later use. Within years or decades, post-quantum computers could meaningfully shorten the amount of time required to unscramble encryption, allowing attackers to read previously private messages. So a growing number of organizations, including Apple, are preparing for attacks like these with post-quantum encryption. Read more in our newsletter.
Aye hearties, gangway — the Avast cor-pirates are walking the plank. That’s because the company sold user data without consumers’ knowledge, according to the Federal Trade Commission, which ordered U.K.-based Avast Limited to pay $16.5 million and will also bar the antivirus company from selling or licensing browser data for advertisements. Read more in our newsletter.
This week, security nerds are dancing in the streets because Signal, the encrypted messaging app, is finally rolling out usernames. Signal has previously required users to provide their phone number as an identifier, but with this most recent update, users may instead use a username. Read more in our newsletter.
With Signal’s new username and discoverability features, we’re done giving away phone numbers
Hundreds of data brokers aggregate and sell access to personal data, such as phone numbers, emails, addresses, and even purchasing habits collected through loyalty card programs, social media sites, apps, trackers embedded in websites, and more. Mozilla has a new monthly subscription service which automatically scans for your personal data on data broker websites, but there are other ways to make your data less easily searchable. Read more from the Digital Security Team.
Instead of traditional passwords, where you log into a website with credentials that you know or store in a manager, a passkey is a credential that you store on your device, registered with an online account. Read more in our newsletter.
Mercenary spyware firm NSO Group’s Pegasus spyware, designed to remotely access targeted smartphones, is marketed to governments around the world for the purposes of law enforcement and counterterrorism. But in the wild, we’ve seen governments repeatedly abuse this and similar spyware tools to infect journalists, spying on their most sensitive files, communications, and sources.
Thieves don’t just steal iPhones for the hardware — they may also want access to banking apps and Apple Pay to facilitate fraudulent transfers and purchases. One thing that works in thieves’ favor is that people often use short passwords that are easy to shoulder surf and to memorize — typically only six digits. To minimize this risk, instead of typing in passcodes, where possible and practical consider opting for Face ID or Touch ID when unlocking the phone in public spaces.
If you have found your email in a data breach and the affected account is still active, you’re going to want to change the password for the relevant service right away.
On Jan. 9, 2024, the U.S. Securities and Exchange Commission’s account on X, formerly known as Twitter, was hijacked and used to post about the approval of a Bitcoin exchange-traded fund. This could have happened to anyone, whether an individual or a well-resourced organization. Learn how to mitigate similar attacks in this week's edition of our digital security digest
Two-factor authentication (2FA) is great because it helps harden your account security. The strongest 2FA option commonly available today depends on a piece of hardware, a security key — a little device you can plug into your USB port to help log in.
On all major browsers, research suggests many users overestimate the privacy promises of private browsing mode, with many believing that it allows them to hide their IP address, encrypt their web traffic, browse anonymously, and more. That’s why you’ll want to read about what private browsing mode does and doesn’t do.
We outline important decisions for newsrooms when setting up Signal tiplines
Police raid on Marion County Record underscores digital security threats to media orgs.
También disponible en inglés.
También disponible en inglés.
También disponible en inglés.
También disponible en inglés.
También disponible en inglés.
Also available in Spanish.
Both the newsroom and individual journalists must make some changes to work from home securely.
Also available in Spanish.
One of the most common ways people get hacked is through phishing — when an attacker impersonates a trusted website to trick you into entering your credentials. But what if you never had to type in a password? Passwordless logins — known as passkeys — reduce your risk by enabling …
Join our email list to stay up to date on the issues and learn how you can help protect journalists and sources everywhere.
