11 responses to “A Digital Security Guide for Journalists: When Privacy is Essential

  1. UPDATE: I’ve added steps to verify checksums for Mac & Linux devices and have also included a list of other tools to use when dealing with checksums. See the first few paragraphs of the ‘Software and Hardware Habits’ section for full content.

  2. UPDATE: Added a link [https://blog.torproject.org/blog/plaintext-over-tor-still-plaintext] in the beginning of the section highlighting Tor, in order to further stress this point (the following is content from the link):

    “Any plaintext communication over the Internet is open to intercept. This is true if the transport mechanism is email, http, tor, or carrier pigeons. Tor does not magically encrypt the Internet from end to end. Tor does wrap your traffic in encrypted layers as it transports it through the Tor network”

    I have also included a nice image (from the EFF) detailing how Tor functions.

  3. UPDATE: I’ve deleted the last sentence of the paragraph on social engineering, which included this:

    “even recently, with an unsuspected victim; America’s secret spy agency that specializes in surveillance tactics, the National Security Agency.”

    This is due to a recent public Q&A session with Snowden himself, that helped dispute the original claims that he used social engineering tactics to get to NSA agency passwords and leak their files (first reported by Reuters, I believe).

    More on the topic here: http://mashable.com/2014/01/23/edward-snowden-live-chat/

  4. Pingback: Surveillance in Sochi – A Summary of Events | vivalageeks: Exploring Activism & Technology

  5. UPDATE: I’ve included Bruce Schneier’s Password Safe in the section on password managers (end of the Software & Hardware Habits section): http://passwordsafe.sourceforge.net/

    I’ve also made a quick note that all of the mentioned password managers include password generators.

  6. UPDATE: A new brief addition on alternative search engines has been added near the end of the ‘Browsing & Research’ section. I mention two privacy-minded services: https://startpage.com/ and https://duckduckgo.com/

  7. UPDATE: Revised the ‘Threat Modeling Section’ with two changes:

    1.) Added in some important early steps, including thinking about what data you need to protect as a journalist and from whom.

    2.) Added a small section on Remote Access Tools, due to the fact that they are so commonly used.

  8. UPDATE: I have added some overviews of two security minded operating systems (similar to Tails) in the later part of the Browsing & Research section. These two operating systems are Whonix and QubesOS. Both utilize sandboxing and other security measures via virtual machines.

  9. UPDATE: I figured it would be best to mention the “death” of Truecrypt development, and comments regarding this can now be found at the very beginning of the section on the program.

  10. UPDATE: Added a section on cookie and other tracking-blocker plugins/addons in the Browsing & Research section. These tools include https://www.ghostery.com/ , https://www.eff.org/privacybadger and https://adblockplus.org.

  11. UPDATE: Added a brief paragraph on WhisperSystems’ new Signal app for iPhone users: https://whispersystems.org/blog/signal/
    You can find it in the mobile part of the “Other Communications” section.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s