Skip to main content
Podcast Episode - Right to Repair Catches the Car

Our Work

Our Work

Berkeley Law Symposium - California Constitutional Privacy at 50: Power of State Law and Promoting Racial Justice in the Digital Age

California Constitutional Privacy at 50: Power of State Law and Promoting Racial Justice in the Digital Age4th Annual BTLJ-BCLT Fall SymposiumThe symposium will bring together leading academics and practitioners to explore the landscape of California’s constitutional right to privacy at age 50, highlight how the right is currently used to...

EFF at DragonCon 2023

Join EFF at DragonCon! We're excited to be back with a membership booth in the Hilton and bunch of talks on the Electronic Frontiers Forum track @ DragonCon.Join the CauseCome find us in the Hilton—next to the escalators—to talk about the latest in online rights, get on our action alerts...

China Spying

腾讯搜狗中文键盘的漏洞可实时泄露文本输入内容

Citizen Lab 的安全研究人员在腾讯公司旗下的搜狗输入法(目前中国最广泛使用的输入法)键盘软件中发现多个加密漏洞。享有特权网络地位的对手(如互联网服务提供商或可以访问上游路由器的任何人)可以通过这些漏洞在用户进行输入时实时读取用户在设备上输入的文本。强烈建议搜狗键盘用户将操作系统升级到修复此漏洞的补丁版本:Windows >= 版本 13.7Android >= 版本 11.26Android >= 版本 11.25报告显示,与 iOS 版本相比,Windows 和安卓系统容易被窃听。尤为值得一提的是,搜狗输入法在全球拥有约 4.5 亿月活跃用户。其用户不仅限于中国,在美国、日本和台湾也拥有广泛的用户。该漏洞是否已被发现或利用,目前尚不明确。然而,考虑到中国国内的网络访问水平以及国家机关所拥有的广泛权限,键盘用户(尤其是中国境内用户)的私人通信有可能已被泄露给中国政府。自制加密技术再度来袭研究人员发现,这一漏洞归因于使用了容易受到填充提示攻击的自定义加密技术。加密算法的实施是一项极不稳定的工作,需要格外严谨。即使做得相对较好,边信道攻击也会破坏这些算法本应提供的基本保障。最佳做法是不自行编码,而是使用系统提供的经过严格审查的加密库来避免这些攻击,并确保针对弱点提供与时俱进的保护。截至 2003 年,这一特定实施中的漏洞已经在 TLS 实施中得到修复。我们对安全研究人员 Jeffrey Knockel、Zoë Reichert 和 Mona Wang(曾任职于 EFF)所做的严谨密码分析和逆向工程工作表示赞赏。通过揭露这些漏洞,公共利益分析师起到了屏障的作用,防止当局秘密囤积漏洞并将其用作侵犯我们所有人隐私的间谍工具。只有负责任地披露和公布这些缺陷,才能修复这些缺陷,也才能让公众在知情的情况下决定今后要使用什么软件。

Digital Rights Updates with EFFector 35.10

Need to catch up on the latest in the digital freedoms movement? EFF has you covered with our EFFector newsletter, featuring updates, upcoming events, and more! Our newest issue covers work around various censorship bills like KOSA, the illegal spying law Section 702, and features our thoughts about surveillance and...

Portland's TA3M: Expanding the Scope of Their Work in PDX

Techno-Activism 3rd Mondays (TA3M) is an informal meet-up designed to connect software creators and activists who are interested in issues like censorship, surveillance, and open technology. Portland’s TA3M continues to focus on educational events and recently expanded that focus to include privacy, security, and sometimes other tech-related topics. Here, EFF...

Picture of 2017 EFF Award Winners and staff

Join Us At the 2023 EFF Awards

WHAT ARE THE EFF AWARDS?For over thirty years, the Electronic Frontier Foundation has presented awards recognizing key leaders and organizations advancing innovation and championing digital rights. The EFF Awards celebrate the accomplishments of people working toward a better future for technology users, both in the public eye and behind...

Pages

Back to top

JavaScript license information