Digital Security Articles & Newsletters

Google to delete old Chrome Incognito data

Newsletter

Following a class-action lawsuit over Google’s handling of user data in its Chrome browser’s “Incognito” private browsing mode, the search company will expunge “billions of event-level data records that reflect class members’ private browsing activities” improperly collected before January 2024. It also updated its Incognito landing page to highlight that even Google can discern your activities in private browsing mode. Additionally, the company will be required to delete data that makes users’ private browsing data personally identifiable, such as IP addresses.

April 4, 2024 Dr. Martin Shelton

DOJ sues Apple, spotlighting iMessage

Newsletter

The U.S. Department of Justice filed an antitrust lawsuit against Apple, claiming the company engages in monopolistic practices over the smartphone market, preventing competitors by degrading the experience of communicating with non-Apple users in its products. iMessage features prominently in the suit, with the DOJ alleging consumers are disincentivized to leave its “walled garden” and so miss out on unique features built into the iMessage protocol, including end-to-end encryption between Apple users.

March 28, 2024 Dr. Martin Shelton

Controversy over Mozilla’s anti-data broker service

Newsletter

We recently shared news of Mozilla’s partnership with data removal service Onerep. Through a service it calls Mozilla Monitor Plus, Onerep is designed to automatically scan for personal information on data broker websites. But journalist Brian Krebs has found evidence that the founder of Onerep, purveyor of anti-data broker services, himself created dozens of data broker services. Read more.

March 20, 2024 Dr. Martin Shelton

WhatsApp now supports messages with third-parties

Newsletter

Under the new European Union law, the Digital Markets Act, Meta is required to allow interoperability between third-party chat software and its WhatsApp and Facebook Messenger apps. These tools offer end-to-end encryption using the Signal protocol, the strong encryption specifications pioneered by the Signal encrypted messaging app.

March 14, 2024 Dr. Martin Shelton

Blue lattice behind three ornate keys_credit Electronic Frontier Foundation

Post-quantum iMessage

Newsletter

Both in the U.S. and abroad, governments are capturing encrypted connections that pass over the public internet and saving them for later use. Within years or decades, post-quantum computers could meaningfully shorten the amount of time required to unscramble encryption, allowing attackers to read previously private messages. So a growing number of organizations, including Apple, are preparing for attacks like these with post-quantum encryption. Read more in our newsletter.

March 7, 2024 Dr. Martin Shelton

A dumpster on fire with a pink background

Avast caught selling browsing data

Newsletter

Aye hearties, gangway — the Avast cor-pirates are walking the plank. That’s because the company sold user data without consumers’ knowledge, according to the Federal Trade Commission, which ordered U.K.-based Avast Limited to pay $16.5 million and will also bar the antivirus company from selling or licensing browser data for advertisements. Read more in our newsletter.

Feb. 28, 2024 Dr. Martin Shelton

Signal usernames are here!

Newsletter

This week, security nerds are dancing in the streets because Signal, the encrypted messaging app, is finally rolling out usernames. Signal has previously required users to provide their phone number as an identifier, but with this most recent update, users may instead use a username. Read more in our newsletter.

Feb. 22, 2024 Dr. Martin Shelton

animated shark fin on a computer screen_Credit EFF

Mozilla breaks into the anti-data broker game

Newsletter

Hundreds of data brokers aggregate and sell access to personal data, such as phone numbers, emails, addresses, and even purchasing habits collected through loyalty card programs, social media sites, apps, trackers embedded in websites, and more. Mozilla has a new monthly subscription service which automatically scans for your personal data on data broker websites, but there are other ways to make your data less easily searchable. Read more from the Digital Security Team.

Feb. 16, 2024 Dr. Martin Shelton

Moving from passwords to passkeys

Newsletter

Instead of traditional passwords, where you log into a website with credentials that you know or store in a manager, a passkey is a credential that you store on your device, registered with an online account. Read more in our newsletter.

Feb. 15, 2024 Dr. Martin Shelton

Journalists targeted with Pegasus yet again

Newsletter

Mercenary spyware firm NSO Group’s Pegasus spyware, designed to remotely access targeted smartphones, is marketed to governments around the world for the purposes of law enforcement and counterterrorism. But in the wild, we’ve seen governments repeatedly abuse this and similar spyware tools to infect journalists, spying on their most sensitive files, communications, and sources.

Feb. 7, 2024 Dr. Martin Shelton

Digital Security Articles & Newsletters

All Articles

Sign Up. Take Action.