Skip to main content

Deeplinks Blog

Deeplinks Blog

A person holding a megaphone that another person speaks through

Wartime Is a Bad Time To Mess With the Internet

Like most people, we at EFF are horrified by Russia’s invasion of Ukraine. Also like most people, we are not experts on military strategy or international diplomacy. But we do have some expertise with the internet and civil liberties, which is why we are deeply concerned that governments around the...

multi-colored hands with circuit patterns reach to the sky

Letter to the United Nations to Include Human Rights Safeguards in Proposed Cybercrime Treaty

December 22, 2021H.E. Ms Faouzia Boumaiza MebarkiChairpersonAd Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal PurposesYour Excellency,We, the undersigned organizations and academics, work to protect and advance human rights, online and offline. Efforts to address cybercrime are of concern...

EFF 敦促联邦贸易委员会就 TechCrunch 报告中的跟踪软件网络展开调查

私人信息、语音邮件、网络浏览、密码和位置数据——这些就是正被实时监控着的私人手机数据类型,全世界成千上万的人并不知道,他们正被消费级的间谍软件所跟踪。根据 TechCrunch 安全编辑 Zack Whittaker 本周的一篇报告,有一个庞大的跟踪软件网络,正在通过具有重大安全漏洞的消费级间谍软件,收集着至少 40 万人的私人数据。TechCrunch 所调查的跟踪软件网络,将自己显示为一组白名单内的,有着声称被美国公司所拥有的自主品牌和网站,但根据 TechCrunch 的调查,实则由一个叫做 1Byte 的越南公司所控制的安卓间谍软件。消费级间谍软件之所以被称为“跟踪软件(stalkerware)”,是因为它能够在未经用户同意的情况下跟踪和监视人们,任何人只需进入目标设备片刻,就可以轻松安装上这种软件。它们通常以儿童跟踪软件或员工监控软件的名义上架,但常常被家庭虐待者用于监视其前任或现任伴侣。TechCrunch 领导了对间谍软件行业的多项调查,从而让公众了解,它们是如何被软件开发者和用户用于不道德目的的。在 Whittaker 最新的 TechCrunch 报告中,他写道,迄今为止,在整个安卓间谍软件行列中,已发现九个都存在一个安全漏洞,允许“几乎不受限制地远程访问设备数据”。Whittaker 发现的漏洞,源于一类称为不安全直接对象引用(insecure direct object reference, IDOR)的漏洞,这是一种常见的网络应用程序漏洞,会由于安全控制不足,从而暴露服务器上的文件或数据。Whittaker 表示,他试图通知软件开发者和后端托管间谍软件的 Codero 公司,但没有成功。因此,让受害者意识到这一点是极其重要的。Whittaker 写道:“由于对该漏洞的快速修复不抱有期望,TechCrunch 现在正在披露更多关于间谍软件和其行为的信息,以便受感染设备的所有者能够自行在安全的情况下卸载间谍软件。”卡内基梅隆大学软件工程研究所的漏洞披露中心 CERT/CC,已经发布了关于该问题的漏洞说明。TechCrunch 确定了受感染的一些应用程序,它们在外观和操作上几乎完全相同,如 Copy9、MxSpy、TheTruthSpy、iSpyoo、SecondClone、TheSpyApp、ExactSpy、FoneTracker 和 GuestSpy。TechCrunch 写了一篇文章,解释了如何从你被入侵的设备中侦测和移除这些软件。TechCrunch 警告说,删除跟踪软件可能会通知安装它的人,这可能会造成一种不安全的情形,因此请确保你已经制定了一份安全计划。访问 Coalition Against Stalkerware,以获取有关制定安全计划的提示和其它相关资源。作为阻止跟踪软件运动的领导者,EFF 敦促联邦贸易委员会(FTC)对 1Byte 及其跟踪软件网络展开调查,以保护潜在的被跟踪目标和家庭虐待者,就像他们在类似案件中所做的那样。联邦贸易委员会去年禁止了安卓软件公司 Support King...

Copyright is Not a Shortcut Around the Constitution’s Anonymous Speech Protections, EFF Tells Court

Anonymous speech is an important protection for those concerned about political or economic retribution, harassment, or even threats to their lives. The shield that protects those speakers’ anonymity in U.S. court is the First Amendment, and applying the appropriate constitutional test during litigation allows a court to appropriately balance the...

Apple image with crossed security keys in the center

EFF to Court: Security Research Is a Fair Use

We live in a world increasingly governed by technology. Too often, that technology includes security vulnerabilities that could allow malicious actors access to our most important and private information. That’s why it’s so important that security researchers be allowed to do their work without fear that they might infringe copyright...

Pages

Back to top

JavaScript license information