Planet Earth (EFF) – Do you get creeped out when an ad eerily related to your recent Internet activity seems to follow you around the web? Do you ever wonder why you sometimes see a green lock with “https” in your address bar, and other times just plain “http”? EFF’s team of technologists and computer scientists can help. We engineer solutions to these problems of sneaky tracking, inconsistent encryption, and more. Our projects are released under free and open source licenses like the GNU General Public License or Creative Commons licenses, and we make them freely available to as many users as possible. Where users face threats to their free expression, privacy, and security online, EFF’s technology projects are there to defend them.
Below we go over five of EFF’s many technology tools and projects. In different ways, they all function to increase your security on the Internet—with the implicit assertion that personal privacy is at the foundation of that security.
Third-party tracking—that is, when advertisers and websites track your browsing activity across the web without your knowledge, control, or consent—is an alarmingly widespread practice in online advertising. Privacy Badger puts you back in control by spotting and then blocking third-party domains that seem to be tracking your browsing habits. Although Privacy Badger blocks many ads in practice, it is more a privacy tool than a strict ad blocker. Privacy Badger encourages advertisers to treat users respectfully and anonymously rather than the industry status quo of online tracking. It does this by unblocking content from domains which respect our Do Not Track policy, which states that the participating site will not retain any information about users who have expressed that they do not want to be tracked.
Even if you use Privacy Badger and other privacy-protecting add-ons, you can still possibly be tracked through a technique called “browser fingerprinting”. Panopticlick investigates how unique each browser is—and shows users just how easy it is for third parties to uniquely identify their browsers. A combination of a user tool and a larger research project, Panopticlick analyzes information about the configuration and version information of your operating system, browser, plug-ins, and add-ons, and compares it to a growing anonymous database of other browser fingerprints. This generates a “uniqueness score,” giving you an idea of how easily identifiable you and your browser may be on the Internet.
A collaboration between EFF and the Tor Project, HTTPS Everywhere is an extension for Firefox (both desktop and Android), Chrome, and Opera that makes your browser use HTTPS to encrypt its communication with websites to the greatest extent possible. Some websites offer inconsistent support for HTTPS, use unencrypted HTTP as a default, or link from secure HTTPS pages to unencrypted HTTP pages. HTTPS Everywhere fixes these problems by rewriting requests to these sites to HTTPS, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks.
Where HTTPS Everywhere gives users of all skill sets access to a web encrypted by default, Certbot offers all domain owners and website administrators a convenient way to move to HTTPS. Certbot is a client for the Let’s Encrypt certificate authority (CA) which is operated by the Internet Security Research Group. CAs play a crucial identification and verification role in the web encryption ecosystem—and Let’s Encrypt is one of the world’s largest, having issued certificates to over 5 million unique domains. Certbot deploys Let’s Encrypt certificates with easy-to-follow, interactive instructions based on your webserver and operating system.
Surveillance Self-Defense (SSD) is EFF’s guide to defending yourself and your friends from digital surveillance. In addition to tutorials for installing and using security-friendly software, SSD walks you through concepts like threat modeling, the importance of strong passwords, and protecting metadata. We put this all together with “playlists” for specific groups’ security needs and considerations, including LGBTQ youth, different professions (like academic researchers journalists, activists or protesters, and human rights defenders) and varied skill levels (from those new to security to online security veterans).
This report prepared by Gennie Gebhart for Electronic Frontier Foundation.