Skip to main content
Podcast Episode - Wordle and the Web We Need

Deeplinks Blog

Deeplinks Blog

Cybersecurity Experts Urge EU Lawmakers to Fix Website Authentication Proposal That Puts Internet Users’ Security and Privacy at Risk

SAN FRANCISCO—Electronic Frontier Foundation (EFF) technologists, along with 36 of the world’s top cybersecurity experts, today urged European lawmakers to reject proposed changes to European Union (EU) regulations for securing electronic payments and other online transactions that will dramatically weaken web security and expose internet users to increased risk of...

multi-colored hands with circuit patterns reach to the sky

Letter to the United Nations to Include Human Rights Safeguards in Proposed Cybercrime Treaty

December 22, 2021H.E. Ms Faouzia Boumaiza MebarkiChairpersonAd Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal PurposesYour Excellency,We, the undersigned organizations and academics, work to protect and advance human rights, online and offline. Efforts to address cybercrime are of concern...

EFF 敦促联邦贸易委员会就 TechCrunch 报告中的跟踪软件网络展开调查

私人信息、语音邮件、网络浏览、密码和位置数据——这些就是正被实时监控着的私人手机数据类型,全世界成千上万的人并不知道,他们正被消费级的间谍软件所跟踪。根据 TechCrunch 安全编辑 Zack Whittaker 本周的一篇报告,有一个庞大的跟踪软件网络,正在通过具有重大安全漏洞的消费级间谍软件,收集着至少 40 万人的私人数据。TechCrunch 所调查的跟踪软件网络,将自己显示为一组白名单内的,有着声称被美国公司所拥有的自主品牌和网站,但根据 TechCrunch 的调查,实则由一个叫做 1Byte 的越南公司所控制的安卓间谍软件。消费级间谍软件之所以被称为“跟踪软件(stalkerware)”,是因为它能够在未经用户同意的情况下跟踪和监视人们,任何人只需进入目标设备片刻,就可以轻松安装上这种软件。它们通常以儿童跟踪软件或员工监控软件的名义上架,但常常被家庭虐待者用于监视其前任或现任伴侣。TechCrunch 领导了对间谍软件行业的多项调查,从而让公众了解,它们是如何被软件开发者和用户用于不道德目的的。在 Whittaker 最新的 TechCrunch 报告中,他写道,迄今为止,在整个安卓间谍软件行列中,已发现九个都存在一个安全漏洞,允许“几乎不受限制地远程访问设备数据”。Whittaker 发现的漏洞,源于一类称为不安全直接对象引用(insecure direct object reference, IDOR)的漏洞,这是一种常见的网络应用程序漏洞,会由于安全控制不足,从而暴露服务器上的文件或数据。Whittaker 表示,他试图通知软件开发者和后端托管间谍软件的 Codero 公司,但没有成功。因此,让受害者意识到这一点是极其重要的。Whittaker 写道:“由于对该漏洞的快速修复不抱有期望,TechCrunch 现在正在披露更多关于间谍软件和其行为的信息,以便受感染设备的所有者能够自行在安全的情况下卸载间谍软件。”卡内基梅隆大学软件工程研究所的漏洞披露中心 CERT/CC,已经发布了关于该问题的漏洞说明。TechCrunch 确定了受感染的一些应用程序,它们在外观和操作上几乎完全相同,如 Copy9、MxSpy、TheTruthSpy、iSpyoo、SecondClone、TheSpyApp、ExactSpy、FoneTracker 和 GuestSpy。TechCrunch 写了一篇文章,解释了如何从你被入侵的设备中侦测和移除这些软件。TechCrunch 警告说,删除跟踪软件可能会通知安装它的人,这可能会造成一种不安全的情形,因此请确保你已经制定了一份安全计划。访问 Coalition Against Stalkerware,以获取有关制定安全计划的提示和其它相关资源。作为阻止跟踪软件运动的领导者,EFF 敦促联邦贸易委员会(FTC)对 1Byte 及其跟踪软件网络展开调查,以保护潜在的被跟踪目标和家庭虐待者,就像他们在类似案件中所做的那样。联邦贸易委员会去年禁止了安卓软件公司 Support King...

AlHathloul v. DarkMatter Group

EFF is representing prominent Saudi human rights activist Loujain AlHathloul in a lawsuit against spying software maker DarkMatter Group and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts.AlHathloul is among the victims of an illegal spying program created and run by...

EFF at Open Source 101

EFF is proud to support this year's Open Source 101, hosted by a team at All Things Open! Open Source 101 is a one-day conference with the purpose of educating attendees on topics and technologies considered foundational to open source. The conference will feature six 10-minute keynotes and 35 45-minute...

Copyright is Not a Shortcut Around the Constitution’s Anonymous Speech Protections, EFF Tells Court

Anonymous speech is an important protection for those concerned about political or economic retribution, harassment, or even threats to their lives. The shield that protects those speakers’ anonymity in U.S. court is the First Amendment, and applying the appropriate constitutional test during litigation allows a court to appropriately balance the...

ShmooCon from March 24-26

EFF at ShmooCon 2022

EFF is thrilled to finally be back in-person at ShmooCon 2022! Stop by the EFF booth to chat with some of our team and learn about the latest developments in defending digital freedom for all. You can even pick up a special gift as a token of our thanks...

Apple image with crossed security keys in the center

EFF to Court: Security Research Is a Fair Use

We live in a world increasingly governed by technology. Too often, that technology includes security vulnerabilities that could allow malicious actors access to our most important and private information. That’s why it’s so important that security researchers be allowed to do their work without fear that they might infringe copyright...

Pages

Back to top

JavaScript license information