This is not an easy time for journalists all over the world, with the discoveries of surveillance on citizens, which includes journalists and their sources.
The old-fashioned promises Im not going to reveal my sources identity or give up my notes are kind of empty if youre not taking steps to protect your information digitally, says Barton Gellman of the Washington Post, whose source, former NSA contractor Edward Snowden, helped uncover the scope of the NSAs and British GCHQs operations.
Senior journalist Michael Dagan believes that it is possible to make it difficult for anyone to intercept your emails, the text messages youre sending or your phone calls, using a range of methods.
He has written a guide to his colleagues all over the world, which can help them protect their work and fulfil their mission.
Here are some of his tips to ensure that a journalists sources and data are secure and well. Access to the full guide is at the link below.
1. Beware of big names:Presume that large companies encryption systems and possibly even big name operating systems (proprietary software) have back doors that secret services in their country of origin (at least in the US and the UK) can access.
2. Always encrypt everything:Security experts use simple math to make their point: as you raise the cost of decrypting your files (say, for intelligence agencies like the NSA), you automatically increase the degree of effort expended on following you. If youre not Chelsea Manning, Julian Assange, or Edward Snowden and if you werent involved in active surveillance around Trump Tower apartments, they may give up the effort even if your encrypted communications were stored. And should anyone decide to track you despite your efforts, it will be more of a headache if you use strong encryption like AES (Advanced Encryption Standard) and tools like PGP or open VPN, which are the strongest widely available encryption methods (VPNs are used by the US government itself). But if you want bullet-proof security, you will need more than the AES encryption method. P.S. if you want to discover the year your information landed at the NSAs hands, just have a peekhere.
3. Perform full disk encryption:This is done just in case someone gets their hands on your computer or phone. Full disk encryption can be done usingFileVault,VeraCryptorBitLocker. Putting a computer to Sleep (instead of Shutdown or Hibernate) may allow an attacker to bypass this defense. Here,Mika Leegives a complete guide for encrypting your laptop.
4. Avoid chatting with sources on the phone:All phone companies store data related to the caller and the receivers numbers, as well as the location of the devices at the time calls were made. In the US and several other countries, theyre required by law to disclose information on registered calls in their possession. What can be done? You should use a secure call service, such as the one the Signal app which was tested repeatedly for security possesses. Although this may mean that both the source and the editor need to download the appas well, the process takes just a few minutes. Here is aguideon how to use it. Just for the hang of it, check out how many of your non-journalist friends are hanging out there. However you choose to communicate with your source, do not bring your mobile phone to sensitive meetings. Buy a disposable device and find a way to convey its number to the source in advance. The source needs to have a disposable safe device too. Authorities can track your movement through cellular network signals and its advised to make it harder on them to locate you retroactively in the exact same cafe where the source was sitting. If you fail to follow this rule, all local authorities will be required to do is ask (politely and legally) for the video filmed by the cafs security camera at the time of your meeting.
5. Choose secure messengers:your calls (cellular ones and via landlines) can be monitored by law enforcement agencies and each SMS is like a postcard all text is fully visible to those who may intercept it. Therefore, use Messengers that allow for secure end to end call: signal, which was already mentioned above, and Telegram are considered to be the safest (although Telegram as well as WhatsApps web apps were compromised once and then fixed). According to some experts, you can also consider using SMSSecure, Threema and even Whatsapp.The Signal Protocol has been actually implemented intoWhatsApp,Facebook Messenger, andGoogle Allo, making conversations using them encrypted. However, unlike Signal and WhatsApp, Google Allo and Facebook Messenger do not encrypt by default, nor notify users that conversations are unencrypted but offer end-to-end encryption in an optional mode. You should also keep in mind that Facebook messenger and WhatsApp are both owned by Facebook.Adium and Pidgin are the most popular Mac and Windows instant messaging clients that support the OTR (Off the Record) encryption protocol and Tor the webs best encrypted browser, which we will get to in detail later (See how to enable Tor in Adiumhereand in Pidginhere). Naturally, you could also use the Tor Messenger itself, which is probably the safest of them all.Two final notes on texting: A cyber security expert Ive discussed this with, says you should also have a working hypothesis that text is encrypted but the fact that these specific two individuals are talking, at this present time, might not go unnoticed.The second note is you should also remember to delete the messages in your phone (although this may not be enough to withstand a forensic check), just in case your device falls in the wrong hands, toavoid exposingthem.
6. Do not use organizational chats:Slack, Campfire, Skype and Google Hangouts should not be used for private conversations. They are easy to break in, and are exposed to disclosure requests for courts use, to resolve legal issues at the workplace. Therefore, its best to avoid them, not only when it comes to conversations with sources, but also conversations between colleagues, editors, etc., when you need to pass information received from your source, whose identity must be kept under cover. Many popular VoIP services like Jitsi have built-in chat features, and several of them are designed to offer most of Skypes features, which make them a great replacement.
7. In extreme cases, consider using aBlackphone:This phone, which strives to provide perfect protection for web surfing, calls, text messages and emails, is probably the best substitute for a regular phone if you are about to topple your government or getting ready to publish secret military files. An anti-bullet vest may also come in handy. Alternatively, try to do without a cell phone, Or opt for a cellular phone RFID signal-blocking bag. Theres always an option that even the Blackphone can be tracked using its IMEI (the mobile phones ID).
8. Protecting Data on your computer:Its very easy to break regular passwords, but it can take years to break passphrases i.e., random combinations of words. We recommend trying secure password management tools like: LastPass and 1Password and KeePassX. Youll need to remember only one password, versus too many Passwords. And still, when handling important services such as your email, do not rely on password managers: Just make sure you remember the password.In aninterviewto Alastair Reid in journalism.co.uk, Arjen Kamphuis, an information security expert, recommended that for encrypted hard drives, secure email, and unlocking laptops, one should choose a password of over 20 characters. Of course, the longer the password, the harder it is to crack but the harder it is to remember too. Thats why he recommends the use of a passphrase. It can be anything, like a line of your favorite poetry, Kamphuis says, maybe a line from something you wrote when you were nine that no one else will know about.Reid reports this thought provoking calculation, using theGibson Research Corporations password strength calculator: A password like F53r2GZlYT97uWB0DDQGZn3j2e, from a random password generator, seems very strong, and indeed it is, taking 1.29 hundred billion trillion centuries to exhaust all the combinations even when the software is making one hundred trillion guesses per second.
9. Two-factor authenticationis also a very good idea. In a regular two-stage authentication you sign in with your password and receive a second code, often via a text message to your smartphone. You can use Yubikey, as well as hardware tokens to further secure sensitive files on your computer. For more information, read the7 golden rules for password security.
10. Assign a computer for inspecting suspicious files/attachments:The easiest way to distribute malware and spyware is through installation via USB or through attachments and email links. It is recommended therefore you use one air-gapped computer to examine these threats under quarantine. With this computer, you can freely use a USB and download files from the Internet, but do not transfer the files to your regular computer or re-use that USB.
11. How to buy your own secured computer:Security expert Arjen Kamphuisrecommendspurchasing a pre-2009 IBM ThinkPad X60 or X61. These are the only modern enough laptops with modern software systems, which enable replacing low level software. Another point to take into account is that you should not buy your computer online, as it may be intercepted during delivery. Kamphuis recommends buying it from a second-hand store for cash. He also points out that you should abolish all connectivity: Remove all Ethernet, modem, Wi-Fi or Bluetooth capabilities. Personally, I know security experts who wouldnt trust such a computer.
12. Educating your Sources:Its possible that by the time the original and valuable information reaches you, its already too late. Your source may have made every possible mistake, leaving behind a trail of evidence. But beyond the need to secure the information once its in your hands, you should strive to teach your sources how to hide the information: store it securely and communicate safely via safe devices. Most people have no clue how to handle sensitive information, and in general what theyre up against the moment they get in touch with you.
13. Use a designated secure system for receiving documents:Replace Dropbox or Google Drive and use something less popular but more secure. For example,SecureDropis a designated system allowing you to receive files from anonymous sources and to safely scan and check them. Edward Snowden described Dropbox as hostile to privacy and recommendedSpideroakinstead. OnionShare is another free service that allows transferring files easily and anonymously.
14. Dont keep notes:neither on a laptop, nor calendars or contact lists on your cellphone or computer or in the cloud do not keep record of your sources name, initials, phone number, email or user name in messengers. Just dont.
15. Visual tracking:On the way to sensitive meetings, avoid using public transportation and guide your source to do the same. You should also avoid meeting places such as modern malls, where video cameras are spread all over the place.
16. Evading social media:Some people prefer to opt for radical anonymity. If for some reason, you need to vanish from the face of the earth without leaving a fully blown profile behind on every social media, totally delete your accounts. Its different from deactivating them, a state in which all your info is stored and can be re-activated.
17. Make friends among hackers:This will help you avoid big mistakes, save time and headaches and keep you up to date on the technological arms race.
18. Payment method:Pay for everything in cash, consider using Bitcoins buy them anonymously (use thisBusiness Insiderguide for that purpose) and, if you have somebody willing to accept them at the other end of the transaction, useDarkcoin. A pre-paid credit card from an online store is also an option.
19. Scribble wisely:If you jotted down information on a piece of paper, what they used to call a note in the Precambrian world, destroy it. And dont forget even that wrinkled one at the bottom of your pocket. Yes, right next to that gum.
You can see the eBook PDF-version of this guidehere.
See the rest here:
Online privacy guide for journalists - Radioinfo (subscription)
- Jitsi - Business VoIP Phone Service | OnSIP [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Softonic - Jitsi - Download [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- The Architecture of Open Source Applications: Jitsi [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Jitsi - Wikipedia, the free encyclopedia [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Jitsi - Official Site [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- FLOSS Weekly 293: Jitsi Meet - Video [Last Updated On: May 9th, 2014] [Originally Added On: May 9th, 2014]
- Jitsi Overview: FLOSS Weekly 293 - Video [Last Updated On: May 9th, 2014] [Originally Added On: May 9th, 2014]
- NetSecDemo Secure FTP over Jitsi - Video [Last Updated On: May 9th, 2014] [Originally Added On: May 9th, 2014]
- Jitsi VoIP softphone Hands On Tutorial - Video [Last Updated On: May 11th, 2014] [Originally Added On: May 11th, 2014]
- Eliyah Moore, Barum Jiu Jitsi Vs Cahel Gonzalez, 5 Star Martial Arts - Video [Last Updated On: May 16th, 2014] [Originally Added On: May 16th, 2014]
- How to download and install Jitsi - Video [Last Updated On: May 17th, 2014] [Originally Added On: May 17th, 2014]
- Jitsi (Mac) - Download - Softonic [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Using XMPP chat with Jitsi - Video [Last Updated On: September 12th, 2014] [Originally Added On: September 12th, 2014]
- Jitsi - SIP Softphone - Video [Last Updated On: September 12th, 2014] [Originally Added On: September 12th, 2014]
- The Luminosity of Free Software Episode 20 - Video [Last Updated On: September 13th, 2014] [Originally Added On: September 13th, 2014]
- FOSDEM 2014 - Jitsi Videobridge And Webrtc - Video [Last Updated On: September 16th, 2014] [Originally Added On: September 16th, 2014]
- Just Linux touch screen and Jitsi - Video [Last Updated On: September 16th, 2014] [Originally Added On: September 16th, 2014]
- jitsi.org | Jitsi [Last Updated On: September 17th, 2014] [Originally Added On: September 17th, 2014]
- Bitcoin and dark wallet could be used by terrorists. So what? [Last Updated On: September 24th, 2014] [Originally Added On: September 24th, 2014]
- Top messaging apps flat-out flunk EFF's security review [Last Updated On: November 5th, 2014] [Originally Added On: November 5th, 2014]
- When I say join me in a jitsi meet... - Video [Last Updated On: November 7th, 2014] [Originally Added On: November 7th, 2014]
- Jitsi Flasms Dogfooding: Using your own imperfect solutions helps improve them, - Video [Last Updated On: November 10th, 2014] [Originally Added On: November 10th, 2014]
- IETF91 chairs meeting Honolulu Jitsi Meet presentation - Video [Last Updated On: November 17th, 2014] [Originally Added On: November 17th, 2014]
- IETF91 chairs meeting Honolulu Jitsi Meet questions - Video [Last Updated On: November 18th, 2014] [Originally Added On: November 18th, 2014]
- jitsi videollamada - Video [Last Updated On: December 26th, 2014] [Originally Added On: December 26th, 2014]
- Skype Encrypted Alt. SIP Jitsi Combo [Last Updated On: February 7th, 2015] [Originally Added On: February 7th, 2015]
- Jitsi Wikipdia [Last Updated On: February 7th, 2015] [Originally Added On: February 7th, 2015]
- Jitsi for Mac | MacUpdate - Apple Mac OS X Software & Apps ... [Last Updated On: February 13th, 2015] [Originally Added On: February 13th, 2015]
- Nexi Unified Communication Jitsi Presentazione full - Video [Last Updated On: February 19th, 2015] [Originally Added On: February 19th, 2015]
- Jitsi - secure IM & VoIP | security in-a-box [Last Updated On: March 21st, 2015] [Originally Added On: March 21st, 2015]
- JITSI - Video [Last Updated On: April 8th, 2015] [Originally Added On: April 8th, 2015]
- Jitsi: A Multi-Protocol, Cross Platform Compatible Chat ... [Last Updated On: July 24th, 2015] [Originally Added On: July 24th, 2015]
- jitsi/jitsi-meet GitHub [Last Updated On: July 24th, 2015] [Originally Added On: July 24th, 2015]
- Jitsi Tutorial 1 - Installation - Top Windows Tutorials [Last Updated On: August 8th, 2015] [Originally Added On: August 8th, 2015]
- Jitsi, ostel.co and ISP censorship | The Guardian Project [Last Updated On: August 30th, 2015] [Originally Added On: August 30th, 2015]
- Jitsi | Tiki Suite [Last Updated On: August 30th, 2015] [Originally Added On: August 30th, 2015]
- Jitsi SIP Softphone Review - About.com Tech [Last Updated On: August 30th, 2015] [Originally Added On: August 30th, 2015]
- Jitsi Configuration and Review - Callcentric [Last Updated On: August 30th, 2015] [Originally Added On: August 30th, 2015]
- A Skype alternative worth its salt: Jitsi | usability ... [Last Updated On: September 6th, 2015] [Originally Added On: September 6th, 2015]
- Jitsi (Build 3132) [Last Updated On: September 24th, 2015] [Originally Added On: September 24th, 2015]
- [jitsi-users] SIP - Lync Connect deosnt work [Last Updated On: December 19th, 2015] [Originally Added On: December 19th, 2015]
- Jitsi - Wikipedia, la enciclopedia libre [Last Updated On: December 22nd, 2015] [Originally Added On: December 22nd, 2015]
- Why did Atlassian Acquire Jitsi? (Hint: WebRTC Multiparty ... [Last Updated On: March 6th, 2016] [Originally Added On: March 6th, 2016]
- Jitsi Download - Softpedia [Last Updated On: March 16th, 2016] [Originally Added On: March 16th, 2016]
- OpenFire Jitsi as Skype(desktop sharing) and Temviewer ... [Last Updated On: March 20th, 2016] [Originally Added On: March 20th, 2016]
- Jitsi - WOW.com [Last Updated On: April 11th, 2016] [Originally Added On: April 11th, 2016]
- Review: Jitsi the ultimate SIP voice and video client ... [Last Updated On: April 22nd, 2016] [Originally Added On: April 22nd, 2016]
- Jitsi WOW.com | Prometheism.net [Last Updated On: May 1st, 2016] [Originally Added On: May 1st, 2016]
- Jitsi - OSTN - Guardian Project Open Dev [Last Updated On: May 21st, 2016] [Originally Added On: May 21st, 2016]
- Jitsi - FreeBSD Wiki [Last Updated On: May 22nd, 2016] [Originally Added On: May 22nd, 2016]
- Jitsi - [Last Updated On: May 24th, 2016] [Originally Added On: May 24th, 2016]
- Chocolatey Gallery | Jitsi 2.8.5426 [Last Updated On: May 28th, 2016] [Originally Added On: May 28th, 2016]
- Jitsi - Quora [Last Updated On: May 31st, 2016] [Originally Added On: May 31st, 2016]
- Jitsi - Mensajera instantnea segura de texto, audio y ... [Last Updated On: August 10th, 2016] [Originally Added On: August 10th, 2016]
- Jitsi - Wikipedia [Last Updated On: October 27th, 2016] [Originally Added On: October 27th, 2016]
- Trying to install jitsi meet with apache2 - Stack Overflow [Last Updated On: October 29th, 2016] [Originally Added On: October 29th, 2016]
- Jitsi softphone for Windows OnSIP Support [Last Updated On: November 23rd, 2016] [Originally Added On: November 23rd, 2016]
- Jitsi for Mac - Download - jitsi.en.softonic.com [Last Updated On: February 6th, 2017] [Originally Added On: February 6th, 2017]
- Jitsi for Windows - Secure Instant Messaging and VoIP [Last Updated On: February 11th, 2017] [Originally Added On: February 11th, 2017]
- Edward Snowden's New Job: Protecting Reporters From Spies - WIRED [Last Updated On: February 14th, 2017] [Originally Added On: February 14th, 2017]
- Snowden helping develop tools to protect journalists and whistleblowers - 'to make the game a little more fair' - Press Gazette [Last Updated On: February 15th, 2017] [Originally Added On: February 15th, 2017]
- Jitsi Meet - Android Apps on Google Play [Last Updated On: March 9th, 2017] [Originally Added On: March 9th, 2017]
- 5 Apps You Didn't Know You Needed - Syracuse University News [Last Updated On: April 3rd, 2017] [Originally Added On: April 3rd, 2017]
- Encrypted Chat Took Over. Let's Encrypt Calls, Too - Huffington Post [Last Updated On: April 25th, 2017] [Originally Added On: April 25th, 2017]
- Your Essential List of 7 Productivity Hacks and Time Management Tips - Business 2 Community [Last Updated On: May 11th, 2017] [Originally Added On: May 11th, 2017]
- Diaspora* and Other Free Software Are Available in the Occitan Language, Thanks to Volunteer Translators - Global Voices Online [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- Jitsi Meet (advanced) Projects [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- How to Configure and Set-Up Jitsi - Liberty Under Attack [Last Updated On: June 6th, 2017] [Originally Added On: June 6th, 2017]
- Jitsi - PediaView.com [Last Updated On: June 14th, 2017] [Originally Added On: June 14th, 2017]
- FAQ | Jitsi [Last Updated On: June 25th, 2017] [Originally Added On: June 25th, 2017]
- FAQ | Jitsi | Prometheism.net - euvolution.com [Last Updated On: June 26th, 2017] [Originally Added On: June 26th, 2017]
- Tsirang vegetable vendors commit to selling local chillies - Kuensel, Buhutan's National Newspaper [Last Updated On: June 27th, 2017] [Originally Added On: June 27th, 2017]
- FAQ | Jitsi | Futurist Transhuman News Blog [Last Updated On: June 29th, 2017] [Originally Added On: June 29th, 2017]
- FAQ | Jitsi | Prometheism.net euvolution.com | Futurist ... [Last Updated On: July 5th, 2017] [Originally Added On: July 5th, 2017]
- Jitsi | Futurist Transhuman News Blog - euvolution.com [Last Updated On: July 10th, 2017] [Originally Added On: July 10th, 2017]
- Gladstone gold does club proud - Gladstone Observer [Last Updated On: July 19th, 2017] [Originally Added On: July 19th, 2017]
- Fox Sports 1 Dials Up VCC for The Herd With Colin Cowherd - TV Technology [Last Updated On: December 22nd, 2019] [Originally Added On: December 22nd, 2019]
- Fox Sports 1 Utilized Video Call Center to Extend Reach of Shows Like The Herd with Colin Cowherd - Sports Video Group [Last Updated On: December 22nd, 2019] [Originally Added On: December 22nd, 2019]
- Home schooling tips: The things I wish I'd known before the schools went into lockdown - Telegraph.co.uk [Last Updated On: March 26th, 2020] [Originally Added On: March 26th, 2020]
- What Is the Most Secure Video Conferencing Software? - VICE [Last Updated On: March 26th, 2020] [Originally Added On: March 26th, 2020]