惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Last Watchdog
The Last Watchdog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LINUX DO - 热门话题
G
GRAHAM CLULEY
S
Schneier on Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
Recorded Future
Recorded Future
I
Intezer
云风的 BLOG
云风的 BLOG
博客园 - Franky
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
T
Tenable Blog
The Hacker News
The Hacker News
T
The Blog of Author Tim Ferriss
Attack and Defense Labs
Attack and Defense Labs
D
DataBreaches.Net
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
News and Events Feed by Topic
有赞技术团队
有赞技术团队
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
N
News and Events Feed by Topic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Secure Thoughts
The Register - Security
The Register - Security
B
Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
The Cloudflare Blog
Webroot Blog
Webroot Blog
W
WeLiveSecurity
H
Heimdal Security Blog
博客园 - 三生石上(FineUI控件)
V
Vulnerabilities – Threatpost
G
Google Developers Blog
O
OpenAI News
V
V2EX
罗磊的独立博客
博客园_首页
N
News | PayPal Newsroom
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
TaoSecurity Blog
TaoSecurity Blog
Cloudbric
Cloudbric
H
Hacker News: Front Page
博客园 - 叶小钗
T
Tor Project blog
AI
AI

Electronic Frontier Foundation

Onward, Friends EFFecting Change: LGBTQ+ Solidarity Against the Tide of Surveillance EFFecting Change Site Banner 6.17.26 Victory! 702 has Expired! Yes to California's Bill to Ban Surveillance Pricing ‘News’ Site Keeps Hallucinating EFF Staffers LGBT Q&A: We’re Back With Season 2! Congress Just Rushed Through a Disastrous Copyright Office Overhaul The 702 Ultimatum: Warrant Requirement or Bust Enshittification Merch That Actually Fights Enshittification 🔊 Mass Surveillance for… Loud Music? | EFFector 38.11 How and Why to Fight Back Against Social Media Bans Tell Congress: Just Say No to NO FAKES VICTORY: Meta Strips Facial Recognition Code From Smart Glasses App After Public Outcry Cheers to the Winners of EFF’s 18th Annual Cyberlaw Trivia Night! EFFecting Change: If You Own It, Why Can't You Fix It? Internet Age-Gates Are a Growing Global Threat LGBT Q&A Season 1 Recap: Staying Safer Online EFF at TechCrunch Disrupt California’s AB 412 Still Demands Developers Do The Impossible Pulte Appointment Underscores Need to Reform Section 702 Spying EFF Testifies to Congress on Protecting Americans’ Rights from Government AI Move Fast, Surveil Things EFF at DEF CON 34 We're Fighting Mass Surveillance Tech—and Winning Welcome New EFF Executive Director Nicole Ozer One Step Forward, Two Steps Back: CA's AB 1856 Exempts Open Source But Expands Age-Gating Barcelona Cybersecurity Congress Age Verification is a Privacy Nightmare More License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints 🔒 A Win for Encrypted Messaging | EFFector 38.10 Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention! Your Privacy Shouldn't Be A Corporate Decision EFFecting Change: LGBTQ+ Solidarity Against the Tide of Surveillance We Must Not Normalize Digital Surveillance Abuses. EFF’s New Guide Underlines Concrete Steps to Fight Back. EFF at Black Hat USA Help EFF Solve an Issue That's Bigger than Creepy Ads The Science is Not Settled: How Weak Evidence is Fueling a National Push to Ban Social Media for Youth Broken Promises: RIP Instagram’s End-to-End Encrypted DMs Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats EFF Launches New Offline Campaign for Saudi Wikipedian Osama Khalid A Hackers Guide to Circumventing Internet Shutdowns Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare EFF to Fourth Circuit: Electronic Device Searches at the Border Require a Warrant EFFecting Change Site Banner 5.14.26 EFF Stands in Solidarity With RightsCon and the Global Digital Rights Community Congress Narrowed the GUARD Act, But Serious Problems Remain Free Signal Guide Milestone 1.0.0 Release of APK Downloader `apkeep` Powers Research on Android Apps 👎 California's Terrible, No Good, Very Bad Social Media Ban | EFFector 38.9 The SECURE Data Act is Not a Serious Piece of Privacy Legislation Offline: Osama Khalid EFF and 18 Organizations Urge UK Policymakers to Prioritize Addressing the Roots of Online Harm Shut Down Turnkey Totalitarianism EFF Submission to UK Consultation on Digital ID Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act A Bridge to Somewhere: How to Link Your Mastodon, Bluesky, or Other Federated Accounts Utah’s New Law Targeting VPNs Goes Into Effect Next Week Open Records Laws Reveal ALPRs’ Sprawling Surveillance. Now States Want to Block What the Public Sees. Digital Hopes, Real Power: From Connection to Collective Action Aaron v. Bondi EFF Submission to UN Report on the Role of Media in the Context of Israel’s Policies Toward Palestinians Former EFF Activism Director's New Book, Transaction Denied, Explores What Happens When Financial Companies Act like Censors The Open Social Web Needs Section 230 to Survive The GUARD Act Isn’t Targeting Dangerous AI—It’s Blocking Everyday Internet Use Congress Must Reject New Insufficient 702 Reauthorization Bill The Internet Still Works: SmugMug Powers Online Photography Act Now to Stop California’s Paternalistic and Privacy-Destroying Social Media Ban EFF Challenges Secrecy In Eastern District of Texas Patent Case California Coastal Community Must Reject CBP's AI-Powered Surveillance Tower EFF to 9th Circuit (Again): App Stores Shouldn’t Be Liable for Processing Payments for User Content 📁 How ICE Got My Data | EFFector 38.8 EFF Sues DHS and ICE For Records on Subpoenas Seeking to Unmask Online Critics Bay Area Members' Speakeasy with WISP Copyright and DMCA Best Practices for Fediverse Operators Palantir Has a Human Rights Policy. Its ICE Work Tells a Different Story Keep Pushing: We Get 10 More Days to Reform Section 702 EFF at RightsCon Stop New York's Attack on 3D Printing How Push Notifications Can Betray Your Privacy (and What to Do About It) Google Broke Its Promise to Me. Now ICE Has My Data. EFF Calls on Kuwait to Release Journalist Ahmed Shihab-Eldin Digital Hopes, Real Power: The Rise of Network Shutdowns EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government The Dangers of California’s Legislation to Censor 3D Printing The Bay Agenda: Security for Journalists EFF 🤝 HOPE: Join Us This August! Hot Off the Press: EFF's Updated Guide to Tech at the US-Mexico Border War as a Pretext: Gulf States Are Tightening the Screws on Speech—Again Speaking Freely: Dr. Jean Linis-Dinco We Need You: Our Privacy Cannot Afford a Clean Extension of Section 702 Yikes, Encryption’s Y2K Moment is Coming Years Early Comparison Shopping Is Not a (Computer) Crime EFF is Leaving X Banning New Foreign Routers Mistargets Products to Fix Real Problem Another Court Rules Copyright Can’t Stop People From Reading and Speaking the Law 👁 Selling Mass Surveillance | EFFector 38.7 Digital Hopes, Real Power: How the Arab Spring Fueled a Global Surveillance Boom Privacy Index Workshop EU Parliament Blocks Mass-Scanning of Our Chats—What's Next?
We Updated Our Privacy Policy. Here's What Changed and Why.
Lena Gunn · 2026-05-19 · via Electronic Frontier Foundation

We recently updated our privacy policy for the first time since 2022. Most of the changes are clarifications, reorganizations, and improvements in transparency, particularly around how third-party tools that run parts of our site operate. But one change is substantive enough that we want to address it directly.

The Change You Should Know About: Opt-In Email Tracking

We want to know how we’re doing with our advocacy: which campaigns get your attention and which do not, which topics you are very interested in, which less so, and which not at all. It helps us to do our work better and to prioritize or rethink our strategies as we push to build support for freedom, justice and innovation around the world.

So, to give us a rough picture of how we’re doing, we are introducing the option for you to provide explicit, opt-in consent for us to see how you interact with the emails we send you. That includes whether you open emails, and whether you click on the links inside them.

We know what you’re thinking: Doesn’t EFF strongly oppose nonconsensual tracking? You bet we do. Sneaky email tracking is ubiquitous on the web and EFF’s opposition to it remains unchanged. We have never used email tracking pixels and we’re not changing that. We’re not building profiles and we’re not sharing the data and we’re definitely not selling it.

But we do want to give you the option of allowing us to learn about how our communications are landing with you. Here’s how consent will work. We will ask, and if you say yes, we’ll be able to see whether you opened an email or not, and whether you clicked on any links. That's it.

If you say no, or ignore the ask entirely, nothing will change and we’ll do no tracking.

If you say yes, you can change your mind and opt out at any time by clicking an opt-out link in any future email or by contacting membership@eff.org.

We have heard many EFF members say that EFF is one of the only organizations that they trust with consent to track their emails. That trust is important, and we do not take it lightly. But it led us to think that if we ask, enough of you would agree that we could have a better picture of how our campaigns and other emails to you are landing and that, in turn, could help us decide what to double down on and what to change.

By giving you a real ability to consent, EFF is taking a very different path than most of the web. Asking isn’t the norm; it’s more or less never an option to say no and dark patterns often make it hard even if it looks like you can. Unfortunately, estimates have shown that 2/3s of emails received by users contain tracking, regardless of whether the senders received explicit consent at the time when a recipient signs up to receive their mailings. Automatic, nonconsensual tracking doesn’t have to be the default, and it shouldn’t be.

We hope our approach works and it inspires others. It shouldn’t be an abnormality that users are not tracked by default, and that only users who feel comfortable doing so choose to consent to tracking. We hope that our example will show mailing platforms, organizations, and users that a privacy-protective approach is better and worth doing and can still give an email sender a solid understanding what campaigns and other messages resonate with recipients. We weighed this decision carefully. We know that email tracking is something we've criticized when used covertly or without meaningful consent and that many people don’t like at all. For EFF, an opt-in requirement isn't a formality. It's the key distinction between a sneaky strategy and an aboveboard relationship with you. And to us, it’s just a common sense approach based on respect.

It’s also consistent with our advocacy and approach to technology. We have said for many years that strong consumer privacy laws must require real opt-in consent before data is collected. And we have walked our talk in other ways as well, including in pushing for Do Not Track policies and in Privacy Badger, which protects you from ads and trackers that violate the principle of user consent.

Again, this behavior has been our suggestion for privacy policies, and privacy laws. In 2022 we released a guide for nonprofits that recommended the following:

Not tracking email open rates can, unfortunately, sometimes cause list “hygiene” problems, because it becomes difficult to know whether email subscribers on your list are still interested. You can send occasional emails to ensure subscribers want to receive emails, either using open or click tracking, and informing people that the purpose of that specific email is to determine active subscribers. The essential point is to let users know when you are using tracking, and to do it in a limited way when possible....

The Internet Archive found that while they preferred to use no open tracking in their emails to subscribers, too many unreachable email addresses had been added to their list over the years, and some email addresses had even become spam traps. To continue working with their email service provider, they needed to activate some tracking. They needed email open data to know whether an email address was still active or not; but they didn’t need or want gender, age, or demographic data. They settled on informing users that their email open rates are being tracked, and offering the alternate option to sign up for plain-text versions of their emails, which won't transmit any data at all.

In 2019, we recommended that all strong consumer privacy laws must include opt-in consent for data collection. We wrote:

Right to opt-in consent

New legislation should require the operators of online services to obtain opt-in consent to collect, use, or share personal data, particularly where that collection, use, or transfer is not necessary to provide the service.

Any request for opt-in consent should be easy to understand and clearly advise the user what data the operator seeks to gather, how they will use it, how long they will keep it, and with whom they will share it. This opt-in consent should also be ongoing—that is, the request should be renewed any time the operator wishes to use or share data in a new way, or gather a new kind of data. And the user should be able to withdraw consent, including for particular purposes, at any time.

Opt-in consent is better than opt-out consent. The default should be against collecting, using, and sharing personal information. Many consumers cannot or will not alter the defaults in the technologies they use, even if they prefer that companies do not collect their information.

We are sticking to those recommendations, which unfortunately are not yet the law, and following our principles.

We hope that you will feel comfortable opting in, but we also respect that you need to make that decision for yourself, and that you may need to change it as you go. We’ll do our part to make that as clear and easy as possible. And if you do agree, we’ll be grateful for getting a chance to learn a little more about how we’re doing, hopefully in ways that can make us even more effective at ensuring that technology supports freedom, justice and innovation for all the people of the world.

Other Changes: Clarity and Stronger Protections

The rest of the update is largely about being more precise and provide more transparency into our practices.

Cookies on eff.org: The new policy tightens our cookie practices. Previously, we carved out exceptions for "remember me" and logged-in users; now we don't use persistent ID cookies on the eff.org domain at all. We also clarified that other EFF-operated sites‚ like acteff.org and shopeff.org‚ have their own cookie policies and that our policies aren’t the ones that apply there. We’re not happy that you have to navigate multiple policies like this, but it’s one of the ways that the cookie ecosystem has gotten unfortunately complex. We want to be sure you know that and know where to look for all the information.

Third-party tool transparency: Similarly, while the vast majority of EFF’s public-facing websites, online tools and tech projects are created internally, self-hosted, and self-maintained, some of them are not. In this new policy, we are working to be more detailed and explicit in the new policy about those third-party services, and how they operate under their own privacy policies, not solely ours.

To help you understand exactly what choices you have when using these tools, we're publishing dedicated Privacy Guides for each of them. The first is live now for our shop, which runs on Shopify: EFF Shopify Privacy Guide. Guides for our other third-party tools are coming soon. As always, we recommend installing Privacy Badger to limit exposure from third-party tracking.

Overall, EFF believes that when a project like the Atlas of Surveillance doesn't exist, and we think it should, we build it and maintain it. But what matters most to us is protecting your digital rights. So the time required to maintain and upgrade the tools we have built has to be weighed against our need to build new projects to fight new fights. And sometimes, a tool that was needed when we built it, like EFF’s Action Center, can be replaced by something that can take some of the weight off our internal staff.

To help make space for new projects, we carefully investigate services we rely on—like our campaign tools, payment processors, and online shop—and look for third party options that are the best in the industry and offer a level of privacy our users deserve. In this new privacy policy we try to give you as much information about those third-party services as we can.

GDPR data management: We added a clear, dedicated process for users in the EU and elsewhere to request deletion of their personal data. Email info@eff.org with the subject line "GDPR Data Deletion Request" and we'll respond within the legally required timeframe.

Data retention: We reorganized and clarified how long we keep different types of records (communications, financial records, donation paperwork) into a cleaner list. The substance is unchanged, but the structure should make it easier to find what's relevant to you.

Action Center: You may notice that the previous policy included a dedicated section on our Action Center - how we handled your campaign participation data, what we retained, and so on. That section is gone because we're transitioning our campaign tools to a third-party provider. This is the kind of situation the new third-party transparency language addresses: that provider operates under its own privacy policy, which we'll link to in its dedicated Privacy Guide. Our commitment to your privacy in those contexts doesn't change‚ it just lives in a different place now.

What Hasn't Changed

The fundamentals remain what they've always been: we don't sell your information, we don't share it with third parties without your real (not manufactured or dark-patterned) consent, outside of legal requirements we cannot change. We actively push back on legal demands we believe are improper. EFF's mission is to protect your digital rights, and our own practices will continue to reflect that. The changes we’ve described above will help us in that mission.

support EFF

You can read the full updated policy at eff.org/policy. If you have questions, we're always reachable at info@eff.org.