With the recent unveiling of the intense Internet surveillance operation being carried out by the NSA, more people than ever are interested in keeping up to date on the latest laws, news, software, and other information related to maintaining privacy online. There is an immense number of blogs related to information security in all of its incarnations, so we have picked through the offerings to find you the best blogs that deal specifically with personal privacy law and technologies. These are listed mostly without any indication of which is better than any other and are instead separated into categories based on their focus. The focus of the blogs includes hacking methods, ways to protect yourself from identity theft, news on information security topics, and discussion about censorship and identity law.
Cream of the Crop
- The Privacy Blog – In a list of privacy blogs, one named The Privacy Blog would clearly seem to fit the criteria. Luckily, it is also one of the best in the genre for details on privacy in the technological world. Updates are posted weekly, and most of the content is original. This includes a podcast for those who would rather listen to news on the latest security threats. Content covers security technologies, opinions on privacy and hacking litigation, and news related to privacy threats and tools. Check out their latest podcast to get a taste of the monthly episodes.
- Electronic Frontier Foundation – The EFF is an organization dedicated to the defense of the right to privacy in a world where everyone from the hacker kid down the street to the government can snoop on you. Their Deeplinks blog includes almost everything related to privacy and personal rights with an impressive amount of content delivered daily. If there is news that remotely touches on electronic privacy – whether its copyright laws, government surveillance, hacker tricks, or even just swag – you can find it here, but the blog does have a marked legal focus. Check out this article on the issue of warrantless DNA acquisition.
Privacy on the Net
- The Online Privacy Blog – This blog is run by the company Abine, an Internet privacy software developer with products like DeleteMe and DoNotTrackMe. The content is a mix of news about online privacy laws, security breaches, tips for keeping yourself secure while using social media and other common online services, and press releases for the company. Two articles a week is the rough release schedule. Check out a report on the surveillance capabilities of Microsoft’s next console, the Xbox One.
- EPIC: Electronic Privacy Information Center – EPIC is an organization that provides information with a focus on online privacy, though they do branch out into related technological fields such as biometric data, drones, and other hot button issues. The majority of the site content is in their static information, but their news feed does provide short updates on current news and events. If you want to get a quick synopsis of privacy related news without excess analysis or reading, then their blog should come in handy. The rest of the site is also extremely valuable for its large amount of educational material. Check out their news report on a Supreme Court ruling on DNA privacy.
- WIRED: Threat Level Blog – WIRED is a site renowned for its news and insights into the world of technology, and their Threat Level blog applies the same quality of content to the dedicated topic of privacy and the law within the context of technology. Thanks to WIRED being a news organization, the tone of the articles stays more subjective than personal or company blogs, though opinion always bleeds through in writing. Check out this opinion article on email privacy law and the lack of protection that electronic communications receive legally.
- Freedom to Tinker – FtT posts focus on news related to technological privacy and law alongside a large amount of insightful commentary and opinion pieces. The number of writers is smaller than you will find on some bigger websites, while still being large enough to provide more variety of opinion than a single user blog and a decent update schedule. Check out this article from 2006 on wiretapping abuse and the NSA that foretells some of the recent privacy related news.
- ACLU on Technology and Liberty – The ACLU is a well-known American organization dedicated to the preservation of civil liberties in every form they take. Their blog is a robust and well-developed collection of useful and informational content on a variety of topics, and because of the volume of information they cover, the blog has several subsections to help those looking for information on a specific topic. For online privacy related news, the Technology and Liberty section is where you want to go. Check out this article on metadata to see just how important it can be in light of the NSA surveillance issue.
Privacy Law & Policy
- FCC Blog – The Federal Communications Commission is an organization with which most American are familiar due to its role in radio and television broadcasts as well as the Internet. As it is a government website, you can expect a lot of dry content and not so much in the way of unique viewpoints, but it is a good idea for Americans to stay abreast of an organization that influences their online privacy to a large degree. Check out this article detailing some of the consumer protection services the FCC offers.
- Privacy Law Blog – The Privacy Law Blog is managed by the Proskauer law firm, a group with a focus on international privacy law. The blog content does trend to US and EU policy and law. The topics covered are usually about informing about laws concerning privacy, patents, and security and updates to them. Though the release schedule is low compared to some of the others on the list, they still tend to release an article every week. Check out this report on the conundrum of when European privacy law applies to American companies.
- Privacy & Security Law Blog – The editors and contributors of this blog belong to the Davis Wright Tremaine law firm, a nationwide entity with over 500 associates. Their firm handles cases covering a wide variety of subjects, but the privacy and security blog is managed by their resident expert associates on the topic. Articles range from discussion on cybersecurity, discussion of data standards like HIPAA, and news related to changing laws regarding privacy and technology. Check out their report on a recently introduced federal data breach law.
- Law and Terrorism – Gregory S McNeal is a security specialist and university professor who has received national recognition by news corporations, Congress, the military, and other notable organizations. His blog only features content he writes himself, leading to a low update rate with articles that trend towards his focus and activities at the time, but this does mean the content covers topics that might not be the focus of other privacy blogs at the time. Check out his article on drones and due process to see the focus of his latest work.
- CERIAS Blog – The Center for Education and Research in Information Assurance and Security is an organization ran by several Perdue university professors and contributors. They broach topics ranging from the technical aspects of ensuring privacy in a digital world to the ethical, moral, and legal guidelines that govern the behavior of individuals and organizations when it comes to information privacy. The blogs content is updated one or two times a month, but every article is unique, lengthy, and full of useful information on security and privacy topics. Check out their objective look at NSA’s PRISM program.
- beSpacific – Most of the content on beSpacific is collected news and information about privacy, law, technology, copyrights, and finance. Rather than a blog to go to for original content, beSpacific is an amazing resource and repository for documents, press releases, and other articles in the topics it covers. Content is added daily, and on many days you will find up to ten new posts. Check out the main page. There is no better way to get an idea of the bevy of information hosted on the blog.
Privacy & Identity
- Privacy Rights Clearinghouse – The PRC is a nonprofit organization based out of California whose mission is to “engage, educate and empower individuals to protect their privacy.” The blog itself is not updated frequently, but the amount of information available regarding privacy concerns on the site in general is staggering. Check out this article for a few simple tips on keeping your privacy private.
- Bruce Schneier’s Blog – Bruche Schneier is an internationally renowned security specialist, a member of the board of directors of the EFF, and has published multiple books concerning security and cryptography. His blog content includes recordings of his speaking events, articles and opinions written by him, links to interesting security and cryptography articles, and important news on the same. All of his articles are well-cited and in a format that makes them both look professional and easily understood. His insights are great, and if you like his blog then you should definitely check out his published work. Check out his comparison of the privacy abuse of online companies to the Game of Thrones.
- Identity Theft Blog – The entire purpose of this blog and the other portions of its site is to educate people on the dangers of identity theft and how to protect themselves from those who would steal their information and put it to nefarious use. The updates are a bit slow, averaging two posts to the blog per month, but the extra content value in the rest of the site more than makes up for it. If you want to get educated on identity law, identity theft tactics, and how to protect yourself from identity theft, stop by this site. Check out this article showing how something as simple as filling in the information necessary for an insurance quote can give up compromising data.
- Spaf Blog – The Spaf Blog contains content written or reposted by Professor Eugene H. Spafford, an educator who specializes in digital forensics, privacy, and information security. He is also the founder and director of the CERIAS web blog listed in the above section. The original content is published roughly on a monthly schedule, but reposting occurs daily. There are over 5,000 article links on the over 500 pages of the blog. Check out the very first page for links to over a dozen high quality privacy articles.
- IdentityWoman – The alter ego of Kaliya Hamlin, IdentityWoman, is an intensely active force in the field of privacy information security. Her grammar and punctuation may not be perfect – meaning grammar nuts should avoid the blog – but it is to be expected given the busy schedule the super-heroine keeps. The content on the blog ranges from videos of her talks at various conferences (and “un”conferences), updates on notable privacy events, and her work in an astounding number of IT groups, consortiums, and organizations. Check out the collection of her speaking appearances for some good audio on user-centric identity.
- Krebs on Security – Brian Krebs got into information security for the same reasons many people do these days: thanks to the attacks of hackers on his personal computer network. This sparked a long career of security writing for the Bachelor of Arts, including a long stint as a major security author for the Washington Post with several front page appearances. As far as the blog goes, it is one of the best for quality, the amount of information presented, and originality. The frequency is also very good for the general quality and being a personal blog. Check out his article on the Styx exploit package and the article detailing the story behind its creation and marketing for a look at the brazen offering of script-kiddie tools.
- 1 Raindrop – This blog, written and maintained by Gunner Peterson, focuses on security more from a business standpoint than it does on individual privacy and identity. The posts are long and informative, but they assume some familiarity with security issues and the technologies from which they derive. This makes it not so friendly to newcomers to the world of security, but it is more useful to those who want high level information. The blog is updated roughly three to four times a month with mostly original articles of notable length. Check out this article on mobile APIs and security, a useful and important consideration for any business.
- CERT – The US government’s Computer Emergency Readiness Team’s site does not officially call itself a blog, but the main page is comprised of time-ordered updates that keep you posted on the latest patches for notable applications like WordPress, Adobe, Java, and Google apps. The site should be on every CEO’s and CISO’s short list to check frequently to see if they happened to miss any important updates. They also occasionally post security bulletins and information from themselves and large IT companies. In addition to their tracking of security updates, the site features a number of resources on protecting yourself from online threats and general security information. Check out the National Cyber Awareness System, a springboard for links to information on security.
- Bleeping Computer – While the main page does feature a blog roll of updates and articles, Bleeping Computer is far more than just a security blog. The blog updates themselves are standard fare for a security focused blog, though the focus is clearly on education and teaching for people who might not be as tech savvy as some professionals or enthusiasts. Once you have gotten your daily update, swing over to the forums and other information resources to get help on understanding and fixing computer problems ranging from security issues to day to day malfunctions. A great overall resource for computer users of all skill levels. Check out their guide on how to remove a tricky bit of disguised malware that disguises itself as antivirus software.
- Malware Don’t Need Coffee – While the writing style is haphazard and points to someone using English as a second language, there is no better blog out there if you want to know everything there is to know about the latest malware and exploit kits on the streets. The posts are extremely tech heavy, so less savvy readers will likely need to do additional research when reading. Posts come roughly every two weeks, but they are loaded with content and worth the wait. Check out this detailed and lengthy article on the ransomware called Urausy.
- InfoWorld’s Security Articles – InfoWorld is a news site, similar to Wired, which focuses on everything technology. Just like Wired, they also feature a dedicated section for security related articles. As with other news sites, you can expect frequent updates and original content with a more neutral tone overall. You can also branch out from security related articles into general technology news when you finish getting updated. This is a great resource to keep on hand and check daily. Check out this article on bug bounties, the new method larger IT companies are using to hunt down security vulnerabilities in their applications.
Most of these companies function in the Information Security world in some form or fashion. They usually maintain fairly decent blogs as a way to generate site traffic, keep their users informed, and to increase their appearance as “leaders” in the field. You do have to watch out for product placement in some of them, but they are self-motivated to provide good and reliable information that keeps people coming back.
- Fortinet Blog – Fortinet is a company that produces physical and virtual firewalls alongside other network security equipment and applications. The blog sees regular contributions from five different writers, keeping things both fresh and current. Article topics are typically educational pieces on malicious IT attack forms, patch updates for major IT organizations, and security and privacy related news.Check out this post on how to determine if a seemingly innocuous email in your inbox might just be a phishing attempt or other scam.
- FireEye Blog – FireEye is an Information Security company with a focus on antimalware applications, penetration testing, and overall system protection. Their blog focuses on the latest trends and tools in malicious cyber activity, and there is a definitive slant towards tech-heavy articles. A great resource, but those less inundated in the world of IT may have to spend some time with Google to get the full value that the articles represent. The speed of their updates is a bit slow for a company blog, averaging two to three posts a month. Check out this informative post concerning a Trojan that recently swept across Asia.
- Kaspersky Blog – Kaspersky is most widely known for their antivirus and antimalware applications. There is a bit more “Yay Kaspersky products!” in this blog compared to some of the other companies, but it still manages to get balanced out by the actual information. Check out their article detailing the dangers and costs of employees misusing networked devices while on the job.
- SANS Securing the Human – SANS is a company that works to increase security on what is most often the biggest weak point in a network, the human user. On their blog, you will usually find articles relating to attacks that attempt to take advantage of the user, such as phishing attempts and other social engineering scams. They also have a monthly newsletter full of extra material. Check out their look at passwords, one of the biggest mistreated tools in keeping things secure.
- TrendMicro Blog – Like Kaspersky, TrendMicro focuses on malware detection, prevention, and removal software. The blog itself tends to focus on preventative measures against malware and other security related issues. The update schedule is fairly slow for having multiple writers, but there is no rehashed content. Check out a post on the dangers of media overflow when it comes to your pictures and other digital information that ends up stored on the Internet, forever.