What Is a Backdoor, and What Does It Do?

The technology world is full of strange names, and “backdoor” is one of them. However, the implications of a backdoor on your system are more serious than a silly name would suggest.

Let’s take a look at what a backdoor is, what they do, and how they can affect you.

What Is a Backdoor?

Imagine you’re trying to get into an exclusive party. The only way to get in is to be on “the list,” and you know that some of your favorite celebrities have their name on it; unfortunately, you don’t.

You want to get in, so you look around the mansion where the party is taking place. As you’d expect, the front door is off-limits. Heavy-looking bouncers and security cameras watch the front and ensure nobody gatecrashes the party.

Fortunately, you find a way around the back of the mansion. Here, it’s much quieter; the garden is empty, there are no bouncers, and it’s dark enough that the CCTV won’t spot you.

You sneak through the garden and into a backdoor of the mansion. Now you can attend the party without being hassled by security. While you’re here, you could snap a few candid shots of your fave celebrities, listen out for gossip that the public won’t hear, or even pocket a few pieces of expensive cutlery.

This is what a backdoor is in computer science terms. It’s a way for an intruder to gain access to a system without going through the route with security on it. Because backdoors are invisible to a computer’s security system, victims may not realize their computer has one installed on it.

How Hackers Use Backdoors

Of course, if you used the back door enough times in future parties, the party organizers would catch on that someone was sneaking in. It’d only be a matter of time before someone caught you coming through the back, doubly-so if your little trick spread among eager fans.

Digital backdoors, however, can be harder to spot. Yes, a hacker can use the backdoor to do damage, but they’re also useful for spying and copying files.

When they’re used for spying, a malicious agent uses the secret entrance to gain remote access to the system. From here, they may click around and look for sensitive information without leaving a trace. They may not even need to interact with the system; they can instead watch the user go about their business and extract information that way.

A backdoor is also useful for copying data. When done right, copying data doesn’t leave a trace, allowing an attacker to harvest information that can lead to identity theft. This means someone can have a backdoor on their system that’s slowly siphoning their data.

Finally, backdoors are useful if a hacker wants to do damage. They can use a backdoor to deliver malware payloads without alerting the security system. As such, the hacker sacrifices the covert advantage of a backdoor in exchange for an easier time deploying an attack on a system.

How Do Backdoors Appear?

There are three main ways for a backdoor to come into existence; they’re discovered, created by hackers, or implemented by developers.

1. When Someone Discovers a Backdoor

Sometimes a hacker doesn’t need to do any work to create a backdoor. When a developer doesn’t take care to protect their system’s ports, a hacker can locate it and turn it into a backdoor.

Backdoors appear in all kinds of internet-connected software, but remote access tools are especially vulnerable. That’s because they’re designed to allow users to connect and take control of a system. If a hacker can find a way into the remote access software without needing credentials, they can use the tool for espionage or vandalism.

2. When Hackers Create a Backdoor

If a hacker can’t find a backdoor on a system, they may opt to create one themselves. To do this, they set up a tunnel between their computer and the victim’s, then use it to steal or upload data.

To set up the tunnel, the hacker needs to trick the victim into setting it up for them. The most effective way for a hacker to do this is to make users think it’s beneficial for them to download it.

For instance, a hacker may distribute a fake app that claims to do something useful. This app may or may not do the job that it claims to do; however, the key here is that the hacker laces it with a malicious program. When the user installs it, the malicious code sets up a tunnel to the hacker’s computer, establishing a backdoor for them to use.

3. When a Developer Installs a Backdoor

The most sinister applications of backdoors are when the developers themselves implement them. For instance, the manufacturer of a product will place backdoors inside the system that they can use at any time.

Developers create these backdoors for one of many reasons. If the product will end up on the shelves of a rival company, a company may implement backdoors to spy on its citizens. Likewise, a developer may add a hidden backdoor so that law enforcement can access and monitor the system.

Examples of Backdoors in the Real World

A good example of a developer-added backdoor is the Borland Interbase case back in 2001. Unbeknown to users of Interbase, someone could access the software over the internet on any platform by using a “master account.”

All someone needed to do was enter the username “politically” and password “correct” to gain access to any database. The developers eventually removed this backdoor.

Sometimes, however, a hacker won’t exploit a backdoor that they find or create. Instead, they’ll sell the information on the black market to interested parties. For instance, a hacker earned $1.5 million over a period of two years by selling backdoor information, some of which led to the networks of Fortune 500 companies.

Protecting Yourself From Backdoors

While they may have a funny name, backdoors are not a laughing matter. Whether a hacker creates them, or a developer sneaks one in, they can cause a lot of damage.

If you want to keep yourself safe from backdoors, check out the best computer security and antivirus tools.

Read the full article: What Is a Backdoor, and What Does It Do?


iOS 14: How to view the website Privacy Report in Safari

With the iOS14 update, you can review the Privacy Report in Safari on iPhone and iPad to find out which sites are trying to track you.

Facebook facing a lawsuit over illegally harvesting biometrics in Instagram


Microsoft’s August 2020 Patch Fixes 120 Security Exploits

As annoying as they may be, it’s always important to allow Windows Updates to install security patches when they’re released.

If you want to keep your Windows 10 PC secure, be sure to download and install the August 2020 patch, as it fixes 120 security exploits in Microsoft’s operating system and associated software.

What Does the August 2020 Patch Fix?

This news comes in from the Zero Day Initiative, an organization dedicated to reporting zero-day exploits. In the report, the organization discusses the Windows 10 August 2020 update, which contains 120 patches:

“Of these 120 patches, 17 are listed as Critical and 103 are listed as Important in severity. Eleven of these bugs came through the ZDI program. One of these bugs is listed as being publicly known and two are listed as being under active attack at the time of release.”

The Zero Day Initiative goes on to list each bug. Of particular interest are the two exploits that are “under active attack.” This means that hackers have located and exploited these bugs before the researchers could report them.

The first of these two bugs is the CVE-2020-1380 exploit. This is an Internet Explorer vulnerability that allows hackers to run arbitrary code. A hacker sets up a website that exploits the bug, then tricks users into visiting it. If the user visits the website using Internet Explorer, the hacker gains user-level privileges on the victim’s PC.

The second critical issue is the CVE-2020-1464 exploit. This exploit is particularly dangerous, as it allows malicious files to bypass signature validation. Windows uses signatures to ensure that programs are from a reliable source, but hackers can now bypass this system.

Of course, these two bugs are only scratching the surface of this update. There are 118 other bugs that the update fixes, 17 of which are on a critical level. As a result, we recommend you manually check for a Windows Update now to secure your system.

Keeping Yourself Safe From Exploits

If you use Windows 10, the August 2020 update will bring some important fixes for your device. It’s a good idea to download it, as two of the patches fix exploits that are currently under attack.

If you’re unsure as to why this patch is important, read our article explaining what a zero-day vulnerability is and how it affects you.

Image Credit: Christiaan Colen/Flickr

Read the full article: Microsoft’s August 2020 Patch Fixes 120 Security Exploits


What Is Degree Fraud and Can You Prevent It?

After years of hard work, graduating from college is a cause for celebration. For many people, it also marks the end of formal education as they take their first tentative steps into the job market.

However, there are some out there who want to take advantage of your efforts. Rather than study or undergo training themselves, the fraudsters use publicly available information to falsely claim that they have graduated from college.

Fortunately, there are ways to prevent this fraudulent activity and protect yourself from degree fraud as well.

What Is Degree Fraud?

Graduation ceremony

Having already decided to invest time and money into higher education, you probably already know the benefits of obtaining a degree. But before we delve into how to protect yourself, it’s worth looking at what degree fraud actually is.

Your degree certificate serves as a confirmation of your skills, ability, and hard work. For this reason, employers are often keen to employ graduates. In challenging economic times, though, the job market can be tough, with many people competing for each role.

It’s no secret that attending college is an expensive undertaking. On top of the academic costs, you also have to find a way to pay bills, rent, and buy groceries. Unfortunately, some people out there want the benefits of a college degree but without the effort.

As a result, they fraudulently claim to have graduated from college with a degree. One method is to create fake degree certificates, but some will also combine this with identity theft to claim another person’s credentials and experience.

No one wants to be a victim of identity theft, so it’s essential to know how to protect yourself. Likewise, although it seems as though you can’t do anything about fake degree certificates, there are ways to prevent the spread of false credentials.

This is a broader problem, but an influx of fake certifications flooding the market devalues your degree. It’s in your interest to prevent the spread of counterfeit credentials as well.

So, let’s look at some of the ways you can help slow the propagation of fraudulent degree certificates and protect yourself from identity theft.

1. Don’t Post Pictures of Your Degree Certificate

Degree fraud

We share most of our lives on social media, so it’s only natural you’d want to celebrate a milestone like graduating from college by posting some photographs. However, you shouldn’t post photos of your physical degree certificate.

On the certificate are personal details that enable social engineering, like your full name, the institution you attended, and the topic you studied. That said, you may be wise to this and blur or redact this personal information. Unfortunately, that doesn’t prevent degree fraud on its own.

Just as your government does with banknotes, colleges worldwide include logos, holograms, headers, and other design-based details in their certificates to verify their authenticity. By posting these details publicly, there is a risk that criminals will use that to create credible fake documents.

2. Change Your LinkedIn Privacy Settings

linkedin settings and privacy dropdown menu

LinkedIn is the most popular professional social network. While there are familiar features like the newsfeed and status updates, the site functions as an easy-to-access online resume. Searching for a job used to be a manual and active process requiring hours of form filling, website registrations, and cover letters.

These days, if you have a profile that stands out, businesses and recruiters can find and approach you with job offers. However, this only works if you share information about your background on your profile for others to view.

Currently, you have to sign in to view most profiles, but once you’re logged in, if you don’t tighten your settings, any registered member has access to the information posted on your profile. To improve your privacy, you can change your LinkedIn settings to limit who can see your email address.

In some cases, this alone could be enough for a fraudster, but it is especially useful when combined with other data they glean from your online presence.

3. Google Yourself Regularly

Screenshot of vanity search on GoogleIn the UK, April 28th is known as Ed Balls Day. In April 2011, the politician accidentally tweeted his own name when searching for posts mentioning him on Twitter. He has since embraced this, and each year pokes fun at himself. However, most people view vanity searches—purposefully hunting out online content about yourself—as something to be ashamed about.

But vanity searches serve a useful function when it comes to protecting yourself online. From old websites you no longer visit, media reports, publications you’ve authored, and even social media posts where you’re mentioned, there is a potential trove of easily accessible information about you.

There’s another reason to google yourself as well; public records websites. When you sign up for various government programs, participate in the census, or register to vote, some, if not all, of this information is publicly accessible. Although they pose a significant privacy risk, fortunately, you can delete your personal information from public record websites.

4. Share Documents Securely

ProtonMail encrypted inbox

Following research into the prevalence of degree fraud, the UK government issued recommendations to employers to not rely on your resume and inspect the certificates and transcripts themselves. If you have obtained your degree through an accredited institution, you should have no problems passing this check.

However, sharing documents with a prospective employer can be a tricky business. If they request physical copies, you can often ask your college to provide copies so you don’t have to send your originals. There will likely be a fee for this. Additionally, you should choose a secured postage option, preferably one requiring a signature upon delivery.

That said, most employers are likely to ask you for digital copies instead. Although you’ll probably have correspondence before they ask for these credentials, you should ensure you know and trust the person you are sending them to and verify that the request is legitimate. If you use one of the most secure email providers, you can encrypt the email to keep the contents only between you and the recipient.

You could even consider using one of the most secure cloud storage services. Storing your files in this secure space reduces the risk of interception and allows you more control over who can view and access it. For instance, you can choose to share the file only with a specific person and then remove this permission once the verification is complete.

Don’t Share Personal Information on Social Media

One of the best ways to protect yourself from degree fraud—or any fraud for that matter—is to be aware of and careful with the information you post online. Social media is a great way to make connections, catch up with friends, and build professional relationships.

However, this also makes it an ideal target for fraudsters, criminals, and social engineers. Educational background is a critical part of these attacks, but it isn’t the whole picture. There are plenty of other types of information you shouldn’t share online as well.

Read the full article: What Is Degree Fraud and Can You Prevent It?


iOS 14: How to view which app is using your camera or microphone

With iOS 14 and iPadOS 14, you can see when your camera or microphone is recording, which app is using it, and which app recently did, here’s how.

6 Super Secure Paid Antivirus Apps for Mac in 2020

Don’t believe everything you read online—Mac computers can get viruses. Sure, there might be a lower level of risk than on a Windows machine, but the threat is unquestionably large enough to require a high-quality antivirus app.

Several free antivirus apps exist, but if you want to make sure you have the best level of protection available, you need a paid app.

Here are the best paid antivirus apps for macOS in 2020.

1. Trend Micro Antivirus for Mac

Trend Micro has been a leading name in the antivirus world for many years. The company offers a range of solutions for desktop and mobile operating systems.

Two macOS packages are available: Maximum Security for Mac ($80/year) and Antivirus for Mac ($50/year). They have some key differences.

For example, the Maximum Security plan supports up to five devices, includes Trend Micro’s Pay Guard feature (for online payments), has a built-in password manager, and can protect both desktop and mobile devices.

In contrast, Antivirus for Mac is aimed at people who only want to protect a single macOS machine; only one device is allowed.

Both plans protect against ransomware, email scams, and social media privacy issues.

2. Avast Premium Security

avast paid comparison

Avast Premium Security has three plans available for Mac users.

The basic package ($70/year) will only protect a single macOS machine; the $90/year premium plan can protect up to 10 devices and lets you register PCs, Macs, iOS, and Android devices.

The top plan—called Ultimate—costs $100/year and adds Avast SecureLine VPN. We don’t recommend using this plan. There are better paid VPNs available that cost less than the $10 difference between the Premium and Ultimate plans.

Savvy MakeUseOf readers will know that Avast also has a free antivirus plan—but there are some critical differences between the paid and free versions. Most notably, the free app does not protect you against ransomware, phishing scams, webcam spying, or online payment threats.

3. Kaspersky Internet Security for Mac

Kaspersky has an overwhelming number of paid antivirus plans available, but most Mac users will want to decide between Kaspersky Internet Security and Kaspersky Total Security.

The Internet Security package includes protection against viruses and ransomware, webcam hacks, and online payment threats. It can be installed on both desktop and mobile devices.

If you opt for the Total Security plan, you’ll get everything included in the cheaper plan, plus a suite of tools aimed at keeping kids safe. The tool includes a “bad content” blocker and a GPS tracker. This package also comes with a password manager and backup software.

Perhaps the most significant selling point of Kaspersky, however, is the ability to choose how many devices you want to protect, meaning you’re not going to end up paying for protection you don’t use. Internet Security starts at $35/year for one device, and incrementally increases to $55/year for five devices. Total Security runs from $40/year to $60/year.

4. Bitdefender Antivirus for Mac

bitdefender paid mac

Bitdefender’s Mac product isn’t as comprehensive as its Windows solution, but it’s still one of the best paid antivirus suites for Mac. It also outperforms many of its competitors in AV-TEST’s independent antivirus testing, scoring full marks for protection, performance, and usability in the most recent round of results (June 2020).

We especially like some of Bitdefender’s dedicated Mac features. For example, the company’s Time Machine Protection tool adds an extra layer of security to your backups, ensuring you don’t fall victim to backup-based ransomware issues.

There’s also an adware blocker, a browser extension that can assess a site’s security on-the-fly, anti-phishing protection, and even cross-platform virus detection.

Bitdefender Antivirus for Mac costs $60/year and can protect up to three Mac computers. It will not cover iOS mobile devices.

5. Airo

airo mac antivirus cost

The four paid Mac antivirus apps we’ve looked at so far are all part of a wider product line-up from their respective companies. Airo is different—it is the only company on our list that focuses exclusively on antivirus for Mac; it does not make products for Windows or mobile devices.

Airo’s suite, which costs $50/year, includes real-time threat detection and prevention, a safe browsing tool to protect against phishing scams, and support for up to five computers.

And don’t worry, just because Airo is a less-recognizable name, it still managed to bag a perfect score when AV-TEST most recently (at the time of writing) tested the suite in December 2019.

5. Norton 360

Norton 360 comes in five different versions. The standard plan ($80/year) protects one device from standard web threats. In contrast, the most expensive package (Ultimate Plus, $350/year), lets you register an unlimited number of computers and mobile devices, and extends the coverage to both your online privacy and your identity.

For the best balance between cost and features, consider the Deluxe plan. It costs $100/year and supports up to five Macs and iOS mobile devices.

The package includes dark web monitoring, 50GB of cloud backup storage space, a password manager, parental controls, and protection against webcam attacks.

6. ESET Cyber Security for Mac

eset mac

Our last entry is ESET Cyber Security for Mac. Two paid plans for Mac are on offer: ESET Cyber Security and ESET Cyber Security Pro.

The basic plan ($50/year) will cover you against malware, ransomware, and network hackers on one device. You can add extra devices for $10/year per device.

If you sign up for the ESET Cyber Security Pro plan instead, you’ll also get protection on your non-macOS devices, such as Windows and Linux computers and Android smartphones.

One of ESET Cyber Security’s best features is its low draw on system resources. Antivirus suites are notorious power hogs, but ESET slashes the consumption by ditching popups, scheduling maintenance for overnight, and offering a battery-saving mode.

Which Is the Best Paid Antivirus for Mac?

It’s a near-impossible question to answer. You need to think about the features you want, the number of devices on which you want to run your antivirus, and how much you’re willing to pay.

If you had to push us, we’d probably opt for ESET or Kaspersky, but make sure you do your own research before committing. Remember, almost all paid antivirus will offer a free trial.

If you’d like to learn more about Mac security, make sure you check out our other articles on the best free antivirus apps for Mac and our analysis of the controversial MacKeeper security tool.

Read the full article: 6 Super Secure Paid Antivirus Apps for Mac in 2020


How to Prevent Pornographic Virus Alerts From “Apple”

Most people are quick to worry about virus alerts, which is why scammers take advantage of them with fakes. This is the case with the recent “pornographic virus alert” messages that claim to come from Apple.

If you see one of these messages, don’t believe it. We’ll explain how these alerts work and how you can get rid of them.

What Is the Pornographic Virus Alert?

While browsing the internet on your Mac, you might see a sudden popup that says “VIRUS ALERT FROM APPLE” or “PORNOGRAPHIC VIRUS ALERT FROM APPLE”. This warns you that your computer is “blocked” because it sent viruses over the internet, is using hacked or illegal software, accessed illegal pornography, or similar.

Fake Virus Alert Apple

The alert usually appears as a popup dialog window at the top of your browser, alongside blocks of text in the background warning you about strange activity on your computer. You may also hear a robotic voice warning you that you need to contact “Apple” right away.

To “resolve” the problem, the alert displays a phone number that it wants you to call. It claims that this leads you to Apple Support, but of course that’s not true.

And to lead you into doing what the scammers want, the popup often locks your browser up. If you’re not aware of how to force-close it, you might feel like you have no choice but to call the scammers.

Are Porn Viruses Real?

Before we show you how to stop this virus behavior, you might wonder why you’re seeing these pornographic virus alerts. As it turns out, this is a fake virus message. You didn’t do anything illegal; everything the ad claims is completely made up.

Most of the time, these virus alerts pop up from rogue online ads. When browsing normally, you may suddenly have your browser hijacked by one of these pages. It uses JavaScript commands to “lock” you in the page, which makes you think it’s actually stuck if you don’t know any other ways out.

The phone number doesn’t go to Apple Support—it leads to scammers who want you to pay for “virus removal” that you don’t need. Remember that legitimate companies like Apple don’t use these scaring tactics and try to have you call random numbers.

While the virus popup might look official because the top toolbar resembles Apple’s site, take a look at the URL in the address bar (if it’s visible) for another telltale sign of a fake. Many of these popup URLs are a string of random characters followed by—a far cry from the real

How to Remove Pornographic Virus Alerts on Your Mac

Let’s look at the steps to close out and prevent these alerts from happening in the future. We’ve already looked at how to prevent “Microsoft” pornographic virus alerts, so take a look at those steps if you use Windows too.

1. Close Your Browser

First, you’ll want to close out the fake alert so you can use your computer properly. The easiest way to do this is by completely closing  your browser, whether you use Safari, Chrome, or something else.

To quit the current app on your Mac, press Cmd + Q. This will close Safari and Firefox instantly, but you’ll have to hold it to close Chrome. Re-open your browser, and you should be at a fresh window away from the earlier nonsense.

If the regular method doesn’t work, you’ll need to force-quit the app instead.

Force Quit App from the Applications Window

After closing, a problem can occur if your browser is set up to automatically open the last session when it starts. In that case, it will keep loading the fake virus page. To get around this, hold the Shift button when you click the Safari icon in your Dock to load a fresh session.

If Safari isn’t pinned to your Dock, browse to the Applications folder in Finder and drag it to the Dock to pin it. Otherwise, you can pin the app by right-clicking it in your Dock while it’s open and choose Options > Keep in Dock.

This Shift trick won’t work for other browsers. As a result, if you have them set up to reopen the last session, you’ll need to change that setting. Press Cmd + Comma to open the Preferences panel for your browser and look for an option like On startup or [Browser] opens with to disable loading the previous session automatically.

Chrome Continue Left Off

2. Check for Unwanted Software

Most of the time, these pornographic virus alerts aren’t related to anything on your computer. Because they load from bad online ads, you don’t have much control over them.

However, it’s still a good idea to check for unwanted software when you see these alerts. There’s a chance that it appeared from something you installed on your computer or a browser extension or plugin.

Head to the Applications folder in Finder to see what you have installed and remove anything you don’t recognize or need anymore. Sort by Date Modified to show apps that you installed recently, which are more likely to cause the problem.

Move App to Trash

For more control, check out the best ways to uninstall apps on your Mac.

You should also take a look at your browser extensions and settings to check if anything malicious made its way in. In Chrome, head to the three-dot Menu and choose More tools > Extensions to see what you have installed and disable anything you don’t trust.

In Safari, press Cmd + Comma to open the Preferences panel and look at the Extensions tab to review what you have installed.

In the general settings of each browser, it’s also smart to check your homepage, new tab page, and default search engine to make sure they’re what you expect. Finally, have a look at your Mac’s startup items if you want to make sure that nothing is set to run when you boot up.

3. Scan for Malware

As mentioned, a website abusing JavaScript to spam you with fake pornographic alerts isn’t really a virus. However, it’s not a bad idea to scan for malware while you’re checking your system for something unsavory.

We recommend using the free version of Malwarebytes for Mac to run a scan and see if it finds anything. If this is your first time using the software, it will prompt you to start a free trial of Malwarebytes Premium. This isn’t necessary for a quick scan, but it won’t hurt either.

Avoid Virus Alert Popups in the Future

Once you’re able to get away from the fake alert page and make sure there are no traces of unwanted software on your system, you should keep an eye out for this behavior in the future.

Unfortunately, because this popup typically occurs from rogue ads, you can’t fully control whether you see it. The best step you can take is to avoid shady websites that are more likely to have nasty ads. But these can come from anywhere, as bad actors game the system to sneak them into Google Ads and similar.

If you notice the popups always occur on one site, try to avoid it in the future. And if they show up across sites, an extension like Privacy Badger might help.

Virus Alerts From Apple Are Fake

Now you’re aware what these fake pornographic virus alerts are from Apple, how to deal with them, and what you can do to avoid them in the future. Hopefully, you won’t ever come across them again, but they’re thankfully easy to get rid of when they show up.

For more on Mac security, check these dangerous practices that will infect your Mac with malware.

Read the full article: How to Prevent Pornographic Virus Alerts From “Apple”


Luca Todesco teases SEPROM code execution with checkra1n

Famed hacker and security researcher Luca Todesco teased images this weekend showcasing checkra1n integration with a new unpatchable SEPROM exploit.

What Is the EARN IT Bill and How Will It Affect Digital Privacy?

Every so often, a government puts forward a bill that threatens our privacy on the internet. One of these is the American EARN IT bill, which caused discontent amongst privacy enthusiasts due to potentially making privacy a thing of the past.

Let’s explore what the EARN IT bill is, what it’s trying to achieve, and why you should care.

What Is the EARN IT Bill?

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (EARN IT Act of 2020) is the new bill to tackle abusive content online. The bill’s acronym is not a coincidence; the initial idea was that websites had to “earn” protection by obeying the government’s guidance.

The “protection” in question is section 230 of the Communications Decency Act. If a business wants this protection, they have to allow the installation of a governmental backdoor on their systems. If they allow it, they’re protected; however, if they don’t, someone can sue them into bankruptcy.

Two relatively vague terms are fundamental to understanding the EARN IT bill: “section 230” and “governmental backdoor.” As such, before we can discuss what the EARN IT bill means for the internet, let’s explore what these terms mean and understand why they’re essential.

What Is “Section 230?”

Section 230 of the Communications Decency Act is titled “Protection for private blocking and screening of offensive material.” This is an important section of the act, as it allows websites to promote free speech without getting into trouble.

Section 230 aims to separate the people making statements on a website from the host of said website. For example, imagine if a website owner installed a forum that they hosted themselves. They leave for a few days and come back to find that some rogue users posted illegal content on the forum.

If this case ends up going to the courts, it’s not inherently clear who here was in the wrong. Was it the host, as they let the content sit there unmoderated? Or is it the user, who posted illegal content in the first place?

Fortunately, section 230 answers the problem for us. It states that, when illegal content finds its way onto a website, the original poster is in trouble:

(1) Treatment of publisher or speaker

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

This is the protection that the original EARN IT bill had companies “earn.” If they complied, content produced on their website was the uploader’s responsibility. If they didn’t, they could be treated as a publisher of illegal content and subsequently sued.

What Is a “Governmental Backdoor?”

You’ll usually see the term “backdoor” in shady or criminal activity. It’s an entry point in a system that skirts around the defenses and allows for unfettered entry.

Backdoors can either be planned in advance or created by hackers. For the former, a company develops devices with a pre-made backdoor that others can use for spying. Huawei came under fire about backdoors in their devices in 2019, which caused friction over the idea of letting Huawei set up 5G in other countries.

Hackers can also set up backdoors for themselves. They infect a system with malware which then “opens up a passageway” for rogue connections to enter through.

In the case of the EARN IT bill, it would ask for businesses to create a backdoor for the government to use. If the government believes that a user posts illegal content, they can use the backdoor to view encrypted information and identify the culprit.

The Current History of the EARN IT Bill

The EARN IT bill you’ll see today is different from the original copy. As such, let’s look at what it initially said and how it has evolved.

The Original EARN IT Bill

When the EARN IT bill first appeared, it didn’t inspire much confidence in privacy advocates. EFF reported on the bill when it came out, noting its dangerous elements.

In the original bill, the government appoints 19 people as a commission for the internet. These people would work with the National Center for Missing and Exploited Children (NCMEC) to draw up a list of “best practices.”

Then, the government would ask businesses to comply with these practices. If they do, the government can then establish a backdoor to read encrypted messages for law enforcement purposes. Because the company allowed the government to look at their user’s messages, it has “earned” the right for protection under section 230.

If the business does not, the government declares that they haven’t earned the right to use section 230. As such, if someone does post illegal content on the website, the site’s owner comes under fire.

The Revised EARN IT Bill

Fortunately, the original bill underwent some changes to make it less stern; however, it still poses a threat to your privacy online.

As EFF reports again, this new bill doesn’t have the “earn it or lose it” aspect of the original draft. Instead, the new bill will weaken section 230 so that if websites host child abuse imagery, law enforcement can take the host to court. It also scraps the 19-person committee and gives their powers to state legislature.

As such, instead of demanding businesses to “comply or die,” each state will have its own laws as to how to tackle child abuse imagery. At the very least, someone can sue a website hosting these images, even if the host didn’t post the pictures themselves.

Arguments For and Against the EARN IT Bill

As you might expect, the bill’s existence has caused major debate. The new revised version has its supporters and critics, who put forward their arguments for and against EARN IT.

Arguments For the EARN IT Bill

Support for EARN IT comes from governmental sources, as well as anti-child abuse organizations. Currently, law enforcement finds it hard to take down abusive images online. They can’t tackle the host, because section 230 protects them; however, they can’t get information on the original poster due to encryption.

These groups hope that EARN IT gives law enforcement more power to get rid of child abuse imagery. If a state allows it, the law can monitor encrypted data directly. At the very least, websites that host abusive content lose protection under section 230, thus prompting web hosts to be diligent about what users post on their websites.

Arguments Against the EARN IT Bill

Critics, however, don’t believe that the ultimate goal for EARN IT is to prevent child abuse imagery online. They believe the government is actually targeting a major thorn in their side: encryption.

Encryption is the government’s worst nightmare. It allows people to say and post whatever they please without governments tracking their every action. As such, privacy advocates watch closely for any potential “encryption buster” bills disguised as something else.

Privacy advocates argue that the EARN IT bill won’t do much to catch criminals. The posters will likely use VPNs and encryption services of their own, which makes it extremely hard to track them. As such, advocates believe the main goal for EARN IT is to weaken encryption and allow the government to see what everyone is posting.

How the EARN IT Bill Will Affect Your Privacy

How this bill will affect you depends on the laws that each state will set. For instance, some will demand that websites have a backdoor for law enforcement. If this happens, the government can monitor your communications as you use the website.

This also affects you even if you’re not in the US. For example, if you visit an American website, there’s a chance that the government can monitor your data. As such, if the EARN IT bill passes, it may force privacy advocates around the world to adopt measures such as the Tor Browser.

Keeping Your Privacy Online

With the new EARN IT bill making its way through government, it poses a threat to those who want privacy on the internet. Even if it does pass, you can still protect yourself using a VPN or the Tor Browser.

If you do decide to take control of your privacy, be sure to read these top tips for using the Tor Browser.

Image Credit: Proxima Studio/Shutterstock

Read the full article: What Is the EARN IT Bill and How Will It Affect Digital Privacy?