Tools

EFF’s team of technologists and computer scientists engineers solutions to the problems of sneaky tracking, inconsistent encryption, and more. Where users face threats to their privacy and security online, EFF’s technology tools are there to defend them.

Third-party tracking—that is, when advertisers and websites track your browsing activity across the web without your knowledge, control, or consent—is an alarmingly widespread practice in online advertising. Privacy Badger puts you back in control by spotting and then blocking third-party domains that seem to be tracking your browsing habits. Although Privacy Badger blocks many ads in practice, it is more a privacy tool than a strict ad blocker. Privacy Badger encourages advertisers to treat users respectfully and anonymously rather than the industry status quo of online tracking. It does this by unblocking content from domains which respect our Do Not Track policy, which states that the participating site will not retain any information about users who have expressed that they do not want to be tracked.

Even if you use privacy-protecting browser extensions, you can still possibly be tracked through a technique called “browser fingerprinting.” Panopticlick investigates how unique a given browser is, and shows you just how easy it might be for third parties to uniquely identify your particular browser. A combination of a user tool and a larger research project, Panopticlick analyzes information about the configuration and version information of your operating system, browser, plug-ins, and add-ons, and compares it to a growing anonymous database of other browser fingerprints. This generates a “uniqueness score,” giving you an idea of how easily identifiable you and your browser may be on the Internet.

HTTPS Everywhere is an extension for Firefox (both desktop and Android), Chrome, and Opera that makes your browser use HTTPS to encrypt its communication with websites wherever possible. Some websites offer inconsistent support for HTTPS, use unencrypted HTTP as a default, or link from secure HTTPS pages to unencrypted HTTP pages. HTTPS Everywhere fixes these problems by rewriting requests to these sites to HTTPS, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks.

Certbot offers all domain owners and website administrators a convenient way to move to HTTPS and offer their users encryption by default. Certbot is a client for the Let’s Encrypt certificate authority (CA) which is operated by the Internet Security Research Group. CAs play a crucial identification and verification role in the web encryption ecosystem—and Let’s Encrypt is one of the world’s largest. Certbot deploys Let’s Encrypt certificates with easy-to-follow, interactive instructions based on your webserver and operating system.

Surveillance Self-Defense (SSD) is EFF's guide to defending yourself and your friends from digital surveillance. In addition to tutorials for installing and using security-friendly software, SSD walks you through concepts like threat modeling, the importance of strong passwords, and protecting metadata. We put this all together with “playlists” for specific groups’ security needs and considerations, including LGBTQ youth, different professions (like academic researchers journalists, activists or protesters, and human rights defenders) and varied skill levels (from those new to security to online security veterans).

        

For those with design, programming, and/or security skills, volunteering to dig into the code is an even more direct way to contribute to these projects.

Even with invaluable volunteer help, keeping EFF’s tech projects running smoothly for the millions of users who rely on them requires serious development and maintenance.  Make a donation to support our technology projects work here.