Defender of your Digital Freedom

All Posts | May 14,2019

Critical security advisory: WhatsApp vulnerability

WhatsApp has reported that a security vulnerability in the app was exploited to install the NSO Pegasus spyware in certain iPhones and Android phones. The spyware can be installed by calling a target device. Even if the call is missed, the device could still be infected. The Financial Times has reported that a log of the call could disappear from the device, leaving no trace that the device was called and infected if the user of the device missed the call. The spyware can retrieve your calls, messages and data, and activate your camera and microphone, among malicious activities.

WhatsApp has stated the the vulnerability has been fixed in a recent update to the app. We urge all our readers to upgrade the app on your phone as soon as possible. If you noticed an incoming call that later disappeared from your call log, we advise that you erase / reset your phone.

In general, we advise updating your device's OS (such as iOS or Android) and apps as often as possible so that you have the latest security patches installed on your phone. We further advise purchasing your devices from only those manufacturers that have a reputation of keeping the OS updated for at least as long as you plan to use the device.

For more details regarding the security vulnerability in WhatsApp, please see https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/

For more information on keeping yourself safe and secure online, please visit https://security.sflc.in/

All Posts | Sep 20,2018

Digital Security Training at Amity Law School, Gwalior

On 20th Sept 2018, we conducted a Digital Security Training for Law Students at Amity Law School, Gwalior. We also discussed right to privacy and the personal data protection bill, 2018.

All Posts | Sep 13,2018

Digital Security Training at Amity University, Noida

On 13th Sept 2018, we conducted a Digital Security Training at Amity University, Noida for students from Computer Science Department, Amity School of Engineering and Technology.

All Posts | Sep 08,2018

Digital Security Training at Noida Institute of Engineering and Technology

On 8th Sept 2018, we conducted a Digital Security Training at Noida Institute of Engineering and Technology (NIET), Noida, for students from Computer Science Department after the Inaugration of Computer Society of India (CSI) Student Chapter.

All Posts | Sep 01,2018

Digital Security Training at Haiyya Camp, ‘Post. Don’t Rost’

Haiyya organised a Haiyya Camp, ‘Post. Don’t Rost’ on Sept 1st, 2018 to provide training on organizing skills to the participants so that they can take leadership and act on the issue of cyberbullying. As a knowledge partner to the event, SFLC.in conducted a session discussing issue of online harassment/ cyberbullying and various measures/ tools which can help in protecting privacy online.

All Posts | Aug 02,2018

Digital Security Training for Journalists

Event Announcement:

Journalists would wish to prevent the identification of sources (whitleblowers or others that do not wish to be identified) and also to conduct secure communication with their sources in the cases where some sources of information may face discrimination, persecution, death threats or other harsh measures if their identity is revealed.

The use of internet is increasing in every sphere of our lives, especially in the spheres of communication and transfer of documents. Insecure communication can be intercepted, accessed and even modified by eavesdroppers during transmission. Detailed digital profiles are created by tracking our browsing history and online activity. This information can be used to influence us in many ways as revealed by the recent infamous case of Cambridge Analytica data leak scandal. The number of attacks, both targeted and un-targeted, against unsuspecting people on the internet is rising.

We are conducting a workshop exclusively for journalists on August 3rd, 2018 from 4 PM to 5:30 PM in our office. In this workshop, basic digital security measures for protecting privacy will be discussed, followed by demonstrations showing how to use various tools for securing your communications & information/data.      

Date & Time: August 3rd, 4 PM to 5:30 PM


Software Freedom Law Centre, India

K-9, Second Floor, Jangpura Extension,New Delhi - 110014, India.

Nearest Metro Station: Jangpura, 550 m away

Google Maps Link: https://goo.gl/maps/p8xM8z98JE72

We cordially invite you to join us and participate in the workshop. Please email us at events@sflc.in or RSVP at 'https://www.eventbrite.com/e/digital-security-training-for-journalists-tickets-48529167045' to confirm your participation.

All Posts | Jul 31,2018

Digital Security Trainings in Kerala

SFLC.in conducted four Digital Security Trainings at Kerala, including two full-day workshops for Master Trainers from KITE (Kerala Infrastructure and Technology for Education), a training Lawyers at Kerala High Court Advocate Association (KHCAA), and a training for students and teachers at Adi Shankara Institute of Engineering and Technology. (more…)

All Posts | May 25,2018

Digital Security Training for Lawyers – May 26, 2018

We are glad to inform you that we are conducting a "Digital Security training for Lawyers" workshop on this Saturday (May 26, 2018) from 11 AM to 1PM at SFLC.in office premises.

Please register at https://www.eventbrite.com/e/digital-security-training-for-lawyers-tickets-46284564378.

You can also register by sending an email to us at events@sflc.in.

As per Sections 126-129 of the Indian Evidence Act, 1872, lawyers have a legal obligation to ensure that privileged legal communication is not disclosed to anyone except under a few scenarios specified in these sections. Such privileged communications can be misused to implicate the client and sabotage judicial proceedings. Sections 126-129 of the Indian Evidence Act provide instances where lawyers may or may not share evidence of such professional communication. Lawyers need to be aware of secure methods of communication in order to truly fulfill their obligations. A basic understanding of digital security practices will also be very useful in other aspects of their work, such as securing devices containing sensitive client/case information, protecting confidential information on a software level.

In this workshop, lawyers shall be informed about common online threats such as malware, ransomware and phishing attacks. Following which basic digital security measures for reducing risk will be discussed. Later, they will be trained on how to conduct secure communication in their daily life.

Please note that there are limited seats available.

All Posts | Apr 06,2018

Digital Security Training at Mozilla’s 20th Anniversary Celebrations

On Saturday March 31, SFLC.in hosted an event organized by the Mozilla Delhi Community on the occasion of the 20th anniversary of Mozilla. The event was organized at our New Delhi office from 11:30 AM to 2:30 PM, and had Mozilla volunteers sharing their experiences working with the Mozilla community and discussing the road-map for future campaigns.

At the event, Shashikanth Reddy, Technology Officer at SFLC.in and Mozilla Volunteer, conducted a Digital Security Training session with the theme “Basic Digital Security Measures”. In this session participants were introduced to privacy, digital security and also assessment of risks using the threat model. He pointed out that even though the Supreme Court of India recognized the fundamental right to privacy, India does not have adequate privacy and data protection laws. Emphasizing on the importance of informational self-determination, Shashikanth made a short presentation on basic security measures like preventing malware infection; using tracking protection and strong passwords with a password manager; risks with using HTTP and open public wi-fi networks, among other things. He spoke about the common ways of malware infection and mentioned a few precautions that users must take to ensure that they do not become victims of a malware attack. For e.g, a user should not download email attachments unless they trust the sender; beware of clicking on suspicious links, and should not connect/insert unknown USB or CD/DVD drives.

This was followed by a discussion on Aadhaar to raise awareness about issues such as exclusion and citizens’ privacy. Srinivas Kodali, interdisciplinary researcher working on data, cities and Internet, was invited to share updates on Aadhaar. In addition to highlighting problems with the Aadhaar project, Srinivas also spoke about the petitions against Aadhaar that are being heard in the Supreme Court of India.

The event ended by introducing participants to the different ways they can contribute to Mozilla and its community campaigns like Add-ons, Rust, WebVR, Privacy/Advocacy etc.