Eva Galperin: what you need to know about stalkerware

Eva Galperin is director of cybersecurity for the online security organization Electronic Frontier Foundation.


Prior to her work for EFF [1], Galperin worked in security and IT in Silicon Valley. Her best-known work is protecting global privacy and free speech. She organized EFF’s Tor Relay Challenge, which helps online activists remain anonymous to the oppressive regimes they fight, and writes privacy and security training materials.

In this talk from a TEDWomen, Eva he describes the emerging danger of stalkerware — software designed to spy on someone by gaining access to their devices without their knowledge — and calls on antivirus companies to recognize these programs as malicious in order to discourage abusers and protect victims.


Some highlights

Use strong, unique passwords for all of your accounts. Use more strong, unique passwords as the answers to your security questions, so that somebody who knows the name of your childhood pet can’t reset your password. And finally, turn on the highest level of two-factor authentication that you’re comfortable using. So that even if an abuser manages to steal your password, because they don’t have the second factor, they will not be able to log into your account.

HelloSpy, which is another such product, had a marketing page in which they spent most of their copy talking about the prevalence of cheating and how important it is to catch your partner cheating, including this fine picture of a man who has clearly just caught his partner cheating and has beaten her. She has a black eye, there is blood on her face. And I don’t think that there is really a lot of question about whose side HelloSpy is on in this particular case. And who they’re trying to sell their product to.

I have managed to convince a couple of antivirus companies to start marking stalkerware as malicious. So that all you have to do if you’re worried about having this stuff on your computer is you download the program, you run a scan and it tells you “Hey, there’s some potentially unwanted program on your device.” It gives you the option of removing it, but it does not remove it automatically. And one of the reasons for that is because of the way that abuse works. Frequently, victims of abuse aren’t sure whether or not they want to tip off their abuser by cutting off their access. Or they’re worried that their abuser is going to escalate to violence or perhaps even greater violence than they’ve already been engaging in.


References

  1. Electronic Frontier Foundation

Related posts

  1. COVID-19: some concerns about Contact Tracing apps
  2. Weekly Privacy Roundup #3
  3. Weekly Tech Roundup #1
  4. Ring camera accounts breach: Amazon blames users, EFF respond!
  5. RIPlace: a new evasion technique that allows ransomware to bypass most antivirus