Protecting Your Privacy if Your Phone is Taken Away

Andrés Arrieta – Electronic Frontier Foundation (EFF)

Your phone is your life. It’s where you communicate, get your news, take pictures and videos of your loved ones, relax and play games, and find a significant other. It can track your health, give you directions, remind you of events, and much more. It’s an incredibly helpful tool, but it can also be used against you by malicious actors. It’s important to know what your phone contains and how it can also make you vulnerable to attacks.

Now is the time to switch to an encrypted communication app

Stan Horaczek – Popular Science

End-to-end encryption is just the beginning.

How to Protest Without Sacrificing Your Digital Privacy

Joseph Cox, Lorenzo Franceschi-Bicchierai – Motherboard

How to keep your digital devices and accounts safe when exercising your right to peaceably assemble.

How to Protest Safely in the Age of Surveillance

Andy Greenberg, Lily Hay Newman – WIRED

Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest.

Evaluating video conferencing tools

Olivia Martin – Freedom of the Press Foundation (FPF)

Choosing the right tool can be difficult, especially if you’re planning to use it for sensitive work tasks. Here are some questions to help you evaluate and compare tools while you shop around.

Your smartphone and you: A handbook to modern mobile maintenance

Martin Shelton – Freedom of the Press Foundation (FPF)

If there’s one item in your possession housing the most information about you, it’s probably your phone. Keeping your information safe depends on learning a little more about how to choose your small computer, and how to care for it long term.

Choosing the right video conferencing tool for the job

Martin Shelton – Freedom of the Press Foundation (FPF)

Chances are you have recently spent more time in video chats than ever before, and may have jumped on multiple unfamiliar video call applications. Not all meetings have equal security and privacy needs, and sometimes you’re just concerned about everyones’ ability to join the meeting in the first place.

What about antivirus?

David Huerta – Freedom of the Press Foundation

Antivirus software is one of the oldest offerings available from the now billion-dollar cybersecurity industry. But what does antivirus software do to help protect our devices, what does it not do, and do we really need it?

Three types of passphrases

Harlo Holmes – Freedom of the Press Foundation

A short guide on how to generate the best passphrases for your digital life.

Verifying open source software

Harlo Holmes – Freedom of the Press Foundation

In this guide, we walk you through verifying the legitimacy of an open source software package before installation. As the old adage goes, “Check yo sigs before you wreck yo gigs.”

An in-depth guide to choosing a VPN

David Huerta – Freedom of the Press Foundation

A Virtual Private Network (VPN) is an essential tool for protecting your online activity. Figuring out which VPN to use and finding security among the snake oil can be a challenge. This guide will show you what to look for when shopping for a VPN.

Windows 10 Privacy Guide: Settings Everyone Should Use

Mayank Parmar – Bleeping Computer

Like almost all products these days, in its default state, Windows will track a lot of your activities to not only improve their products and services but also deliver ads and promotions.

Data detox: Four tips to refresh your relationship status with social media

The Firefox Frontier

Can you even remember a world before selfies or memes? Things have escalated quickly. Social media has taken over our lives and, for better or worse, become an extension of who we are online. Our vacations, friends, major life milestones and really anything personal you can think of is put on display for all to see in our social profiles. We’re innocently connecting with friends or catching up on the latest social trends while snoopers (hello Joe from Netflix’s You) and advertisers are using it to learn all they can about us.

Data detox: Four things you can do today to protect your computer

The Firefox Frontier

From the abacus to the iPad, computers have been a part of the human experience for longer than we think. So much so that we forget the vast amounts of personal data we share with our devices on a daily basis. On any given day we could be tackling sensitive work emails, planning our next vacation, or just booking some good ole doctor’s appointments. No big deal right? Well, in the wrong hands it can become a huge deal.

Data detox: Five ways to reset your relationship with your phone

The Firefox Frontier

There’s a good chance you’re reading this on a phone, which is not surprising considering that most of us spend up to four hours a day on our phones. And that’s likely to increase as we look for ways to stay connected to each other.


If you aren’t using two-factor authentication, your accounts are vulnerable

Richie Koch – ProtonMail Blog

Earlier this year, security researchers discovered a fire sale taking place on the dark web: 2.2 billion usernames and passwords that had been stolen in data breaches and compiled into a multi-volume database dubbed as Collection #1-5. With so many passwords leaked, there is a decent chance that yours was among them. If hackers tried to log in to your accounts before you had a chance to change your passwords, only one thing might have saved you: two-factor authentication.

Locking down Signal

Martin Shelton – Freedom of the Press Foundation

Concerned about the privacy and security of your communications? Follow our guide to locking down Signal.

Encryption toolkit for media makers: Disk Utility guide

Olivia Martin – Freedom of the Press Foundation

DiskUtility, available exclusively on macOS machines, is optimized to create encrypted spaces on both your computer and external storage devices.

Encryption toolkit for media makers: An introduction

Olivia Martin – Freedom of the Press Foundation

For media makers working in film, journalism, and the arts, data protection is essential. Learn how you can use encryption to build up your defenses, and protect your work.

Privacy is power

Carissa Véliz – Aeon

Don’t just give away your privacy to the likes of Google and Facebook – protect it, or you disempower us all.

I Visited 47 Sites. Hundreds of Trackers Followed Me.

Farhad Manjoo – The New York Times

Earlier this year, an editor working on The Times’s Privacy Project asked me whether I’d be interested in having all my digital activity tracked, examined in meticulous detail and then published — you know, for journalism.

How to Quit Gmail and Reclaim Your Privacy

Jill Duffy – PCMag UK

Switching from Gmail (or any free email service that monetizes your data) to a privacy-focused email provider might seem like a hassle, but productivity expert Jill Duffy shows you how to do it with minimal fuss.

The WIRED Guide to Open Source Software

Klint Finley – WIRED

Everything you ever wanted to know about Linux, GNU, and how big companies are making money off of free, collaboration-based software.

Encryption toolkit for media makers: A VeraCrypt guide

Olivia Martin – Freedom of the Press Foundation

VeraCrypt, an open source tool available on all major operating systems, is well-suited to meet the data encryption needs of virtually any media team.

How to hear (and delete) every conversation your Amazon Alexa has recorded

Natt Garun – The Verge

Tor Is Easier Than Ever. Time to Give It a Try

Lily Hay Newman – WIRED

Been curious about Tor but worried it’s too complicated to use? Good news!


How to think about data in 2019

The Economist

It is tangible human beings, not abstract “data”, that power the online economy.

Choosing a password manager

Martin Shelton – Freedom of the Press Foundation (FPF)

As password breaches become more frequent, learning how to protect online accounts is more important than ever.

Melanie Ehrenkranz – Gizmodo

For the last seven years, SplashData has revealed its annual list of the most commonly used passwords of the year. This time around, the results reveal that, uh, we still have work to do.

The WIRED Guide to Data Breaches

Lily Hay Newman – WIRED

Everything you ever wanted to know about Equifax, Marriott, and the problem with Social Security numbers.

What Constant Surveillance Does to Your Brain

Kaleigh Rogers – Motherboard

Technology is getting more adept at tracking our moves and anticipating our choices, and being watched all the time can make us feel anxious.

Is public WiFi safe to use?

Richie Koch – ProtonVPN Blog

We have all done it: connected to a free public WiFi network we did not know to check emails, read the news, or scroll Instagram. What we often do not think about is that the same convenience that makes public WiFi so easy to use is also what makes it so attractive to hackers.

What to do if you are the victim of a data breach

Richie Koch – ProtonVPN Blog

It is likely that you will be a victim of a data breach at least once in your lifetime if you have not been already. This article goes over what you should do in the event that a corporation fails to secure your data.

How to protect your phone or computer when crossing borders

Ben Wolford – ProtonMail Blog

Border agents have broad powers to search people crossing borders, including their phones and laptops. But there are ways to protect your data when crossing international borders if you understand the technology and the law.

How to block online trackers

Richie Koch – ProtonVPN Blog

Here we will discuss some of the tools and techniques you can use to block websites from tracking you, but before we begin, it is helpful to know how these services actually follow you.

Online security 101: Tips for protecting your privacy from hackers and spies

Zack Whittaker – ZDNet

This simple advice will help to protect you against hackers and government surveillance.

12 mistakes that can get your data hacked – and how to avoid them

Richie Koch – ProtonVPN Blog

As more of your data gets uploaded to the web, it is more important to safeguard yourself. We’ve compiled 12 of the most common security mistakes that could compromise your data.

Six really practical ways to protect your privacy online

Amnesty International UK

Help stop companies and governments snooping on you with these 6 easy steps to protect your privacy online.

Internet Safety for Kids – 6 Tips to Protect Children Online

Leah Bachmann – LastPass

The internet is a complicated place. It’s where kids can find adorable dog pictures and the latest news on their favorite band or movie star, but it’s also the host of adult content that isn’t safe for kids. And just like you are at risk of exposure to data breaches and identity theft, so are your kids!

How to hear (and delete) every conversation your Google Home has recorded

Stefan Etienne – The Verge

What Does Private Browsing Mode Do?

Martin Shelton – Medium

Most popular web browsers support two types of windows: ordinary windows and “private browsing” mode. I research how people understand the web for a living. Trust me when I say, if you’re not sure what private browsing does, you’re in good company. Researchers have found widespread misconceptions about what information is visible through private browsing. So let’s talk about what it does and doesn’t do.

Three Reasons Why the “Nothing to Hide” Argument is Flawed


Over the years, we at DuckDuckGo have often heard a flawed counter-argument to online privacy: “Why should I care? I have nothing to hide.”
As Internet privacy has become more mainstream, this argument is rightfully fading away. However, it’s still floating around and so we wanted to take a moment to explain three key reasons why it’s flawed.

Two-Factor Authentication for Beginners

Martin Shelton – Medium

Passwords are the brittle wall that keep unwanted visitors out of your accounts. When it comes to account protection, two-factor authentication is one of the most effective defenses available.

The real problem with encryption backdoors

Ben Wolford – ProtonMail Blog

With appeals to “national security,” governments around the world are pushing for encryption backdoors that would allow them to break into the secure data of suspected criminals. Simply put, this is a terrible idea.

GDPR terminology in plain English

Alex Ewerlöf – freeCodeCamp

Learn what the General Data Protection Regulation is all about and in what way it affects users, developers and businesses.

Protect your data, protect your human rights: Amnesty’s three-step guide

Amnesty International UK

A step-by-step guide to protecting your data online, in the wake of the Cambridge Analytica and Facebook scandal.

Sarah Frier – Bloomberg

Facebook Inc. scans the links and images that people send each other on Facebook Messenger, and reads chats when they’re flagged to moderators, making sure the content abides by the company’s rules. If it doesn’t, it gets blocked or taken down.

But what if my password manager gets hacked?! A few thoughts on how to talk about security worries with non-experts

Jessy Irwin – jessysaurusrex

Security is not binary, it exists on a scale from 1 to 99 that will never, ever be 100%.

What does a secure web connection actually do?

Daniel Davis – DuckDuckGo

Many websites use “https://” at the beginning of their address rather than “http://“. But what protection does that give you? How much of your surfing data is secure?

How to create a genuinely strong password for your digital life

K.G Orphanides – WIRED UK

What sort of password ensures optimal security? There are a few ways to change and reset your password to make it stronger.

Security Vulnerabilities Explained with Rivers and Parties

Andrea Zanin – freeCodeCamp

Security vulnerabilities can be boring to learn. But you still need to learn them, unless you want some hacker to delete all your production databases. To make it a bit more entertaining, I tried to explain 3 major vulnerabilities in terms of every day life.

How Long is Long Enough? Minimum Password Lengths by the World’s Top Sites

Troy Hunt

I’ve been giving a bunch of thought to passwords lately. Here we have this absolute cornerstone of security – a paradigm that every single person with an online account understands – yet we see fundamentally different approaches to how services handle them. Some have strict complexity rules. Some have low max lengths. Some won’t let you paste a password. Some force you to regularly rotate it. It’s all over the place.

HTTPS explained with carrier pigeons

Andrea Zanin – freeCodeCamp

Learn how HTTPS works by reading about Alice, Bob and a lot of carrier pigeons.


Melanie Ehrenkranz – Gizmodo

Every year, SplashData compiles a list of the most popular passwords based on millions of stolen logins made public in the last year. And each time, we own ourselves. Hard. 2017 is no exception.

The Market for Stolen Account Credentials

Krebs on Security – Brian Krebs

Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.

A Simple Checklist To Help You Not Get Hacked

DJ Pangburn – Fast Company

There are a lot of in-depth guides to staying safe online. Citizen Lab and a group of security gurus built an interactive tool to keep things simpler.

I’m Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important

Troy Hunt

We’re on a march towards HTTPS everywhere. Almost 70% of web traffic today is encrypted and organisations not getting with the program are being increasingly penalised for lagging behind.

Have you been ‘pwned’ in a data breach? Troy Hunt can tell

Matt O’Brien – Associated Press

Troy Hunt has collected a trove of 4.8 billion stolen identity records pulled from the darkest corners of the internet — but he isn’t a hacker.

Here’s What I’m Telling US Congress about Data Breaches

Troy Hunt

Last week I wrote about my upcoming congressional testimony and wow – you guys are awesome! Seriously, the feedback there was absolutely sensational and it’s helped shape what I’ll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you!
As I explained in that first blog post, I’m required to submit a written testimony 48 hours in advance of the event. That testimony is now publicly accessible and reproduced [at the link].

The Safest Conversation You’ll Have This Holiday

Gennie Gebhart, Soraya Okuda, and Jason Kelley – Electronic Frontier Foundation (EFF)

Do your friends and family rope you into providing tech support when you’re home for the holidays? Use this opportunity to be a digital security hero and rescue your family from tracking cookies, unencrypted disks, insecure chats, and recycled passwords.

Your Holiday Cybersecurity Guide

Robert Graham – Errata Security

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I’d write up a quick guide of the most important things.

How to give your parents the security talk this Thanksgiving

Alfred Ng – CNET

Yes, it can be a pain, but teaching them to avoid phishing emails now will save headaches later. Here’s help.

Two passwords are always better than one

Jessy Irwin – The Outline

Two-factor authentication adoption rates are low. Is it because cybersecurity experts are making the perfect the enemy of the good?

How to Protect Yourself Against Spearphishing

Joyce Rice and Micah Lee – The Nib

The famous “DNC hacks” weren’t hacks – they were phished. Don’t let it happen to you!

The One Valuable Thing All Websites Have: Reputation (and Why It’s Attractive to Phishers)

Troy Hunt

Here’s something I hear quite a bit when talking about security things: “Our site isn’t a target, it doesn’t have anything valuable on it.”
This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it’s a perfectly reasonable position. They don’t collect any credentials, they don’t have any payment info and in many cases, the site is simply a static representation of content that rarely changes. So what upside is there for an attacker?

Secure your Chats!

Net Alert

When you send a postcard through the mail, the content is not protected and anyone who handles it could read it. The same is true of SMS text messages–any carrier of the message can potentially read the contents.
When a message is encrypted, it is scrambled so that only the sender and receiver can read it. Think of it like using a sealed envelope to send a letter in the mail instead of a post card.

What Is Privacy?

Privacy International

Privacy is a fundamental right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built.

A Guide to Common Types of Two-Factor Authentication on the Web

Jacob Hoffman-Andrews and Gennie Gebhart – Electronic Frontier Foundation (EFF)

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it’s becoming much more common across the web. With often just a few clicks in a given account’s settings, 2FA adds an extra layer of security to your online accounts on top of your password.

Decoding two-factor authentication: which solution is right for you?

Nathan White and Anqi Li – Access Now

You may have heard of two-factor — or multi-factor — authentication (2FA or MFA) as a way to add a layer of security on top of your accounts. In addition to your username and password, enabling two-factor lets you use a second form of authentication, which may block thieves from accessing your information. A second factor to show that you are you — not an intruder — could be a hardware key, a dedicated phone application, an SMS text message, or your fingerprint. With so many options, it can be hard to decide which second factor to use. That’s why we created this guide to help you make an informed choice.

The Unexpected Benefits of Encrypted Writing

Standard Notes

I’ve spent about the last decade of my life developing tools for note taking and file management, the most important of which is an encrypted note-taking app. And when I talk to others about how their lives changed once they knew their thoughts and words were private, the response is always the same: “I feel free,” is what I hear. They talk about the subtle, but powerful, difference privacy brings you. You become accustomed to the luxury of knowing what you say will never be repeated.

Passwords Evolved: Authentication Guidance for the Modern Era

Troy Hunt

Up until the last couple of decades, we had a small number of accounts and very limited connectivity which made for a pretty simple threat landscape. Your “adversaries” were those in the immediate vicinity, that is people who could gain direct physical access to the system. Over time that extended to remote users who could dial in – I mean literally dial in via phone – and that threat landscape grew. You pretty much know the story from here: more connectivity, more accounts, more threat actors and particularly in recent years, more data breaches. Suddenly, the simple premise of matching strings no longer seems like such a good idea.

Privacy Mythbusting #6: Security equals privacy. (Nope!)

DuckDuckGo Blog

When we talk about online privacy, we often hear responses like: “I’m protected by my antivirus software, spam filter, etc.” While security software is important in staying safe online, it is a common misconception that security = privacy. It does not.

Privacy Mythbusting #5: I own my personal information. (Not as much as you think.)

DuckDuckGo Blog

When you sign up for a website, you’re often presented with a “Terms of Service” that outlines how your data is collected and used. But, did you know that all that information about you, that you work so hard to protect, is rarely ever your exclusive legal property?

Privacy Mythbusting #4: I can’t be identified just by browsing a website. (If only!)

DuckDuckGo Blog

When we first released our study on private browsing modes, a lot of people were shocked to see that websites could still track them even when they blocked cookies and used private browsing (aka “incognito mode”).

Privacy Mythbusting #3: Anonymized data is safe, right? (Er, no.)

DuckDuckGo Blog

Companies often tell you that sharing your data is safe because they “anonymize” it by first removing or obfuscating your personal information. However, this depersonalization leads to only partial anonymity, as companies still usually store and share your data grouped together. This data group can be analyzed, and in many cases, then linked back to you, individually, based on its contents.

Privacy Mythbusting #2: My password keeps me safe. (Not necessarily!)

DuckDuckGo Blog

If you’ve ever used the same password on more than one website, then your accounts may be compromised due to data leaks. Once a hacker gets your login information from a single site, they can try it on other sites. Many hackers use automated tools to cycle through leaked password lists, trying them on many popular websites.

Privacy Mythbusting #1: Nobody else cares about privacy! (Umm, yes they do.)

DuckDuckGo Blog

When was the last time you spoke with your friends or family about Internet privacy? Sadly, for most people, the answer is never. In general, people believe that only a small percentage of people care about privacy, and while we know that isn’t true, it is something that keeps most people from talking about privacy.

Don’t be fooled: Metadata is the real data

Mo Bitar – Standard Notes

In a crime case, investigators don’t have access to “the truth” — the data, if you will. All they have are clues which can be put together to make as perfect a guess as possible as to what the nature of the truth is. Metadata.

How To Encrypt Your Devices


When data is encrypted, it turns into a seemingly random collection of characters, unless of course you have the decryption key! The ability to encrypt all the data on a device is now usually built-in to its operating system, meaning there is no good excuse not to protect your privacy in this manner.

VPNs Are Absolutely a Solution to a Policy Problem

Mo Bitar – Standard Notes

VPNs are absolutely a solution to policy issues, and we would be wrong to treat them differently.

Encryption Makes a Better World

Mo Bitar – Standard Notes

Changing the nature of governance through encryption.

Privacy is Power

Mo Bitar – Standard Notes

Why the fight for privacy matters.

Upgrading WhatsApp Security

Martin Shelton – Medium

With over a billion users, there’s a good chance you have friends on WhatsApp, an easy-to-use mobile messenger. With some tweaks, you can make it much more secure for routine conversations.

A Followup About AV Test Reports

Robert O’Callahan – Eyes Above The Waves

Well, my post [Disable Your Antivirus Software (Except Microsoft’s) – listed below] certainly got a lot of attention…

For Data Privacy Day, Play Privacy As A Team Sport

Gennie Gebhart – Electronic Frontier Foundation (EFF)

Protecting digital privacy is a job no one can do alone. While there are many steps you can take to protect your own privacy, the real protection comes when we recognize that privacy is a team sport. So as we celebrate Data Privacy Day on January 28, don’t just change your tools and behavior to protect your own privacy—encourage your friends, family, and colleagues to take action, too.

Disable Your Antivirus Software (Except Microsoft’s)

Robert O’Callahan – Eyes Above The Waves

I was just reading some Tweets and an associated Hackernews thread and it reminded me that, now that I’ve left Mozilla for a while, it’s safe for me to say: antivirus software vendors are terrible; don’t buy antivirus software, and uninstall it if you already have it (except, on Windows, for Microsoft’s).

How to Use Social Media at a Protest Without Big Brother Snooping

Lily Hay Newman – WIRED

“From the point of view of an individual, if you’re going to post something online you should do so under the assumption that it might be viewed by law enforcement,” says Jay Stanley, a senior policy analyst at the ACLU.


Password Managers for Beginners

Martin Shelton – Medium

Passwords are often the only thing standing between a hacker and your online accounts. This guide helps you choose a password manager to help you create strong, unique passwords. It’s an easy way to make browsing the web easier, faster, and more secure.

Going dark: online privacy and anonymity for normal people

Troy Hunt

I want to talk about practical, everyday things that people who aren’t deeply technical can do to better protect themselves. They’re simple, mostly free and easily obtainable by everyone.


Securing Your Digital Life Like a Normal Person

Martin Shelton

Whenever I talk about my research publicly, I often get a variant of the same question: “What can I, Normal Person, do to improve my security?”

Why Banning Secure Email Won’t Stop Terror

Andy Yen – ProtonMail Blog

Page last updated 15 August 2020