Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Digital Self-Defense for Journalists: An Introduction


Digital Self-Defense for Journalists: An Introduction

Guard your walls. ( Peter Levy )

Protecting Yourself without Losing Your Mind

Digital self-defense is becoming an important part of the journalistic toolkit. Beyond risks to everyone’s digital lives―webcam hacking, email breaches, identity theft―people who work in newsrooms have even more at stake. Newsrooms are some of the biggest targets in the world for state-sponsored digital attacks , as well as more routinethreats.

But security is not about locking everything down. It can feel overwhelming if everything is under threat. Instead it’s about making it harder to access information that is especially important to secure. There is no such thing as “perfect security.” Instead, it’s more about building stronger roadblocks, and making it harder for others to access our data withoutconsent.

Focus on SpecificThreats

Consider the information you want to protect, who might want it, what ways that information can be compromised, and what you can do to address the security gap. Security specialists call this practice threat modeling .

Rather than thinking about security in the abstract, thinking about a threat model can help journalists to focus on specific problems and solutions. For example, with few exceptions, most of us are not likely to be directly targeted by three-letter agencies. Instead, most of us might be more cautious about our sources being identified in connection with specific stories. Many of us need to open countless documents through email each day, yet need to avoid malicious files or links. Many of us simply want to avoid an embarrassing public-facing data breach .

Understand Encryption

Using encryption is one of the most effective ways to make it harder for others to access ourdata.

Encryption helps protect the content of your messages shared between you and other services online. Imagine if you sent a postcard, leaving the text readable to anyone who wants to read during its journey. The internet works in a similar way. For example, when connecting to an open wi-fi access point, anyone on the network can see the flow of unsecured traffic in readabletext.

So what do we do? Most of the time, we’re doing routine work and may not be on high alert. Even in those cases, we still want to minimize our data footprint fromsurveillance.

Connect to the Web MoreSafely
Digital Self-Defense for Journalists: An Introduction
Especially when you’re on an open wi-fi network, consider using a Virtual Private Network ( VPN ) for an encrypted connection that will tunnel all your traffic through a remote location. That remote location can still read your unencrypted traffic, but it will be encrypted on your local network. This can be helpful for protecting your traffic when visiting conferences or cafes. There are no shortage of inexpensive services that can help protect your Web traffic from local network snooping. You might also check if your newsroom uses a VPN so you can tunnel through theirnetwork. If you’re conducting research, you can often be identified through unsecured traffic, as well as other loose identifiers such as your IP address. Consider using Tor Browser to encrypt and anonymize your Web traffic. With Tor, your browsing traffic will appear to come from a remote location, and will be encrypted on your local network. This can be helpful when doing sensitive research. Unless absolutely necessary, avoid putting personally identifying information into TorBrowser.
Digital Self-Defense for Journalists: An Introduction
Use StrongAuthentication

A good password is often the only thing stopping an attacker from having access to youraccount.

Everyone knows you use the same password everywhere. Stop using the same passwordeverywhere. Consider using a password manager. Password managers can help you to keep track of all of your passwords, and can help generate randomized passwords. It’s also a convenient way to automatically enter passwords in your Web browser, saving time and headaches when filling out forms. Some of the most popular tools include 1Password and KeePassX (free). Use two-factor authentication. Two-factor authentication adds an additional level of security on top of your password, asking for one more piece of information before you can access the account. Typically this is a number sent to your phone via SMS or a mobile app, such as Google Authenticator . Countless popular Web services allow you to add two-factor authentication to your account, making it much more difficult for an unauthorized third party to access youraccount.

Use two-factor authentication wherever possible, but especially your primary email. If someone gets into your email, at a minimum, they can gain entry to your other online accounts by resetting your passwords that rely on email authentication. Gmail users can set up two-factor authentication here .

Beware of ThirdParties

Of course, even a secured connection to the Web can betray our communications if the destination has the power to share consumers’ activities with a third party. For example, unless your newsroom hosts their own email servers, chances are that your newsroom uses a proprietary email provider that can decrypt your communications. Many news organizations do . Likewise, when we communicate with sources, we’re often leaving breadcrumbs about those conversations in the form of metadata information about who is talking to whom, when, and for how long. These are not hypothetical problems for news organizations. For example, in 2013 the Department of Justice subpoenaed telephone companies for two months of phone records of reporters at the Associated Press. In other words, we often entrust our data to companies that may (willingly or unwillingly) share it with thirdparties.

Be Safer WhenCommunicating

Securing your communications with colleagues and sources is becomingeasier.

If you’re concerned about the privacy of your SMS messages or phone calls, use Signal for iOS or

Viewing all articles
Browse latest Browse all 12749