Privacy and Encryption Advocacy and Consumer Guidance in Mainstream Tech
The Electronic Frontier Foundation launched “Encrypt It Already”, a campaign pressuring major consumer tech providers to expand and complete end-to-end encryption (E2EE) commitments and make protections easier to use. The campaign tracks where encryption is promised but not delivered (e.g., E2EE for Facebook group messages, interoperable encrypted RCS messaging promised by Apple and Google, and E2EE for Bluesky DMs), where encryption exists but is not enabled by default (e.g., Telegram encrypted chats, WhatsApp backups, and Ring camera footage settings), and where additional encrypted storage and controls are being urged (e.g., encrypted backups for Google Authenticator and broader encrypted Android backups). EFF’s stated goal is to shift control of communications and stored data toward users by pushing vendors to ship E2EE features, enable them by default, and broaden encrypted data coverage.
Separately, consumer privacy concerns continue to shape adoption and trust in data-collecting devices and platforms. A Clutch survey cited in reporting found 74% of respondents are concerned about how wearable devices handle personal data, and only 58% are confident their wearable protects their data—sentiment that may drive brand switching decisions. In parallel, an Apple-focused article on “privacy rules” promoted user configuration steps within the iPhone ecosystem (e.g., Safari anti-tracking features, a dedicated Passwords app, and other privacy controls), but it does not describe a specific incident or vulnerability and reads primarily as general privacy guidance tied to Data Privacy Day.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Clutch survey highlights rising wearable privacy concerns
A Clutch survey reported that 74% of respondents are concerned about how wearable devices handle personal data, while only 58% are confident their wearable protects that data. The findings also showed privacy concerns are affecting purchasing behavior and brand loyalty as wearable adoption continues.
EFF launches 'Encrypt It Already' encryption campaign
The Electronic Frontier Foundation launched its 'Encrypt It Already' campaign to push major technology companies to expand end-to-end encryption across consumer products and services. The campaign highlights unfulfilled encryption promises, non-default protections, and additional data types and services that should be covered.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Commentary on Post-Quantum Cryptography Readiness and Gaps in End-to-End Encrypted Messaging
Security commentary highlighted that **end-to-end encryption (E2EE)** has materially improved privacy in mainstream messaging, but important gaps remain—especially where plaintext or recoverable ciphertext is reintroduced via **cloud backups** and multi-party backup chains. The discussion pointed to Apple’s iMessage ecosystem as an example where E2EE can be undermined if device backups are not protected with *Advanced Data Protection (ADP)*, and noted uneven progress across platforms on **post-quantum** resilience (e.g., Signal and Apple cited as having post-quantum protections, while Android messaging protocols were described as not yet upgraded). Separate industry perspective argued organizations should accelerate **post-quantum cryptography (PQC)** planning due to the long lead time required for migration and the risk of “**harvest now, decrypt later**” collection by sophisticated adversaries. It emphasized that guidance from **NIST** and **CISA** has shifted toward urgency, warned that widely used public-key cryptography (e.g., **RSA/ECC**) faces future quantum risk, and described practical blockers such as building a usable cryptographic inventory at scale—where common discovery approaches (like certificate scanning) miss embedded and non-obvious cryptographic dependencies.
Jun 29, 2026
Mobile OS Privacy Features and Advice Content Around Data Privacy Day
Apple rolled out a new iOS feature on select recent **iPhone** and cellular **iPad** models that, when enabled, reduces the precision of location data shared with a user’s **cell carrier**, aiming to make it harder for law enforcement, spies, and criminals to obtain precise location via telecom providers. Apple said the change does not reduce location precision shared with apps or with first responders during emergency calls, and initial support is limited to specific devices on **iOS 26.3** and a small set of carriers in markets including Germany, Thailand, the UK, and the US; the move lands amid ongoing concerns about carrier targeting and telecom surveillance, including reported China-linked intrusions into major US carriers. Samsung separately described an upcoming **Galaxy** privacy feature intended to mitigate “shoulder surfing” by obscuring on-screen content in public settings, with configurable visibility controls for apps, sensitive entry fields, and notification pop-ups. A third item is a **generic privacy tips** article tied to Data Privacy Day that recaps Apple ecosystem features (e.g., Safari anti-tracking, a Passwords app, Hide My Email, and app hiding/locking) rather than reporting a specific new security event or disclosure.
Jun 29, 2026
Recent Security Features and Best Practices for Consumer Devices and Services
Several recent updates and advisories highlight new security features and best practices for consumer devices and services. *elementaryOS 8.1* introduces Secure Session as the default, enhancing privacy by requiring explicit app permissions and improving support for modern hardware. Android 16 now offers an Advanced Protection mode, which consolidates Google's strongest security and privacy features, blocking sideloading, spam, unsafe links, and insecure networks, though it must be enabled manually. Additionally, enabling Private DNS mode on Android encrypts DNS queries, protecting users from eavesdropping on public networks. For iPhone users, a shortcut can be configured to trigger the device's camera and location sharing via text, providing a rapid recovery option if the phone is lost or stolen. Passwordless authentication is gaining traction, with passkeys allowing users to sign in securely without traditional passwords, reducing phishing risks and simplifying cross-device access. The TSA has also reiterated warnings about the risks of public Wi-Fi and USB charging stations at airports, advising travelers to use VPNs and power-only cables to avoid data theft and malware. For organizations using Google Workspace, the Passwd password manager offers enterprise-grade encryption, zero-knowledge architecture, and compliance features, ensuring secure credential management within the Google ecosystem. These developments reflect a broader industry trend toward stronger, user-friendly security measures and increased awareness of digital hygiene for both individuals and organizations.
Jun 29, 2026