In this era where information flows freely and the truth hangs in the balance, it is critical to safeguard privacy if you are a journalist or not. Due to the increased cyber threats, journalists have become hunters of the truth and targets of surveillance, hacking, and the dangers of compromised information.
Thankfully, there are many techniques and tools that you can use to uphold the integrity of your profession. This article gives you the steps to protect yourself and your sources, as the line between revelation and vulnerability blurs with each headline.
Top 10 privacy tips for journalists – Quick list
- Exercise practical judgment: Common sense is essential; even minor errors like writing sensitive details on scrap paper or using easily traceable devices can jeopardize security. Employ practical judgment in various scenarios, from meeting precautions to financial transactions, and stay updated on emerging threats and tools.
- Educate your sources: Spread awareness about privacy practices, emphasizing secure data storage and communication methods. Impart knowledge about secure guidelines to minimize information breaches, ensuring both parties adhere to stringent security measures.
- Exercise caution during meetings: Face-to-face meetings minimize interception risks, but surveillance cameras and ISP signals pose threats. Use caution: consider airplane mode, burner phones, or powering off devices. Verify identities and ensure trusted, direct communication.
- Handle phone calls discreetly: Phone conversations are convenient but generate stored data. Use prepaid phones, secure apps like Signal, or encrypted calls for confidentiality. Beware of claims; opt for reliable services like Signal or Silent Circle for enhanced privacy.
- Safeguard your messages: Choose messenger systems with end-to-end encryption like Signal, Dust, or Telegram. Prioritize security: messages must remain confidential during fact-checking or meetings.
- Explore anonymous communication methods: Traditional methods often reveal identities; SecureDrop and GlobaLeaks enable whistleblowers to upload information anonymously. Prioritize secure, anonymous channels to protect identities and information sources.
- Encrypt data and use passwords wisely: Robust encryption deters intruders. Implement full disk encryption using tools like VeraCrypt or Bitlocker. Android users can explore apps like Disk Decipher. Use strong, unique passwords and consider two-factor authentication for added security.
- Embrace two-step verification: Use varied verification methods like passwords, key cards, retina scans, or fingerprints. YubiKey provides advanced protection. Be cautious of intercepted verification messages.
- Secure your documents: Protect files and folders with additional password layers. Avoid storing highly sensitive information in cloud platforms. Use secure cloud providers like DropBox, OnionShare, or SecureDrop. Review privacy policies if sensitive data must be stored in the cloud.
- Encrypt your emails: Encrypting emails protects the content, ensuring confidential communication. You can encrypt email content with PGP encryption. Ensure both parties have access to public keys, and use reliable methods to locate keys, such as public servers.
Detailed list of top tips to use if you are a journalist
1. Exercise practical judgment
Using common sense is imperative. If you examine your daily routines, you’ll be surprised by the many minor errors you make. For example, jotting down notes on a scrap of paper containing even the tiniest details about your source or exchanged information can endanger both parties. The same applies to storing notes on your smartphone, laptop, or cloud services.
Besides data recording, you should exercise common sense in other scenarios. For instance, avoid using public transportation, which can be easily tracked when arranging meetings. Similarly, choose meeting spots without excessive security cameras.
Opt for cash, prepaid credit cards, or cryptocurrency for financial transactions. Furthermore, stay abreast of technological advancements. It’s essential to comprehend what you’re up against and know the available tools to aid you.
2. Educate your sources
As a journalist, you should ensure your sources are equally well-versed in privacy practices. Taking meticulous precautions on your end becomes futile if they jeopardize everything with an unencrypted email or a casual text message.
Ideally, your source should mirror every precaution you undertake to safeguard yourself and your source. As you gain knowledge, impart this wisdom to your sources and other parties who could potentially compromise the information, like your colleagues.
You may educate them about various aspects, such as secure data storage, methods of secure communication, and other preventive measures. Every party involved must adhere to secure guidelines to minimize the risk of information breaches.
3. Exercise caution during meetings
Several methods are available for communicating with your source, with meeting in person arguably one of the safest. The primary advantage of face-to-face meetings is the absence of third parties, which minimizes the risk of interception. Furthermore, it allows you to verify identities and ensures that information flows directly between trusted parties.
However, personal meetings bring their own set of risks, potentially outweighing the benefits. The most significant risk involves being spotted together by surveillance cameras or witnesses. Even if you evade these, ISP signals might inadvertently reveal your location.
A straightforward solution is to switch your phone to airplane mode, although GPS-enabled phones can still be tracked. It might be wiser for you and your source to power off your phones entirely or leave them behind. If phone access is imperative, consider using a burner phone during the meeting for added security.
4. Handle phone calls discreetly
Phone conversations with your source are a convenient alternative to in-person meetings and can simplify the interview process compared to emails or messages. However, phone calls have their drawbacks as well. For example, every call generates data the service provider stores, including details like the time, date, call duration, and phone numbers.
While using a prepaid disposable device is an option for phone calls, it may not always be practical. In the same breath, if your source needs to contact you, it is crucial to share the number securely. Alternatively, you can opt for voice or video calls via apps like Skype or Zoom. However, exercise caution as their security claims might not always be foolproof.
You can also choose a secure calling service, such as the Signal app, Whatsapp, or Silent Circle, as they provide enhanced privacy features.
5. Safeguard your messages
Messaging apps and messenger systems provide a convenient way to communicate, but certain messages must remain confidential whether you’re fact-checking or arranging meetings. So, when selecting a messenger system, prioritize those with secure end-to-end encryption.
As mentioned earlier, Signal is an excellent choice – secure, user-friendly, and completely free. Other options include Dust, Telegram, Threema, Viber, Slack, and more.
6. Explore anonymous communication methods
Traditional methods like in-person meetings, phone calls, and messages often reveal identities easily. Even with secure methods, prior contact is usually required to share contact information and communication preferences. Platforms such as SecureDrop and GlobaLeaks address this concern, allowing whistleblowers to upload information securely and anonymously.
7. Encrypt data and use passwords wisely
Encrypted data demands significant resources to decrypt, making access more challenging and costly for outsiders. Besides enhancing security, robust encryption may deter potential intruders. Consider full disk encryption for your computer, phone, or other devices.
Tools like VeraCrypt or Bitlocker are suitable for computers, and various methods exist for encrypting Android devices. iOS users can explore apps like Disk Decipher and Crypto Disk, derived from VeraCrypt, ensuring robust encryption.
8. Embrace two-step verification
If you’re a journalist looking to protect yourself and your source, consider using a two-step verification (2SV) whenever possible. Typically, you receive a verification code via email or SMS, adding an extra layer of security. However, be aware that intercepting these messages remains possible.
A more robust alternative is two-factor authentication (2FA), requiring two different verification types, such as passwords, key cards, or physical methods like retina scans or fingerprints. YubiKey, a USB device, exemplifies this, providing an additional layer of protection for accessing numerous resources and tools.
9. Secure your documents
Beyond device password protection, adding an extra layer of security to specific files and folders is crucial. For instance, confidential items like interview recordings or transcripts require proper hiding. There are certain cloud storage providers that can help secure your documents and achieve source protection, such as DropBox, OnionShare, SecureDrop, and Google Drive.
As a journalist, you should identify essential files and folders that must remain private and apply additional password protection using the methods discussed in this article. However, remember that the additional layer can be bypassed if the wrong person gains access to your computer, which increases the difficulty of retrieving sensitive data. So, make sure to keep your devices safe from intruders.
Regarding cloud storage, it’s advisable not to keep sensitive information there. However, if it’s unavoidable, carefully review the privacy policies of your systems.
10. Encrypt your emails
Encrypting emails is vital for secure communication and deserves special attention. For example, the PGP encryption method requires you to have access to your source’s public key and vice versa. Luckily, these keys are often stored on public servers and can be found by searching for the recipient’s name or email address.
An important factor to note is that while email content is encrypted, other details like date, time, sender, receiver, and subject line remain visible. Therefore, you might want to use a disposable email address to enhance your privacy. Such services allow you to sign up anonymously and delete the account when it’s no longer needed. Some providers, such as Guerrilla Mail and Mailinator, specialize in disposable email addresses.
11. Manage your browsing data
Securing your browsing activity is crucial, whether you’re protecting your sources or preventing specific details from leaking. Unfortunately, private browsing mode only hides your history from those accessing your device, but the sites you visit with your IP address can still be accessed.
Therefore, you should consider using a privacy-focused browser like Epic Privacy Browser or Comodo Dragon. However, keep in mind that these browsers might have limited functionality. Alternatively, deleting cookies provides a similar level of security.
Additionally, you can enhance security by clearing the DNS cache, disabling HTML Web storage, changing location settings, and using privacy extensions such as ScriptSafe or NoScript. These steps collectively bolster your online privacy.
12. Use the Tor browser
The Tor browser helps share files that must remain confidential and shielded from interception. It ensures anonymity for the sender and recipient, preventing unauthorized interception of the files. As of today, it stands as the most secure method for transferring sensitive files over the internet.
The data you send and receive traverses through this network passes through a randomized selection of nodes. Tor encrypts this data multiple times before it leaves your device, including the IP address of the subsequent node in the sequence. As the data travels, one layer of encryption is peeled off at each node, a process known as onion routing.
This meticulous internet encryption ensures that no one, not even the individuals managing the nodes, can access the content of the data or discern its destination.
13. Utilize alternative search engines
While browsers are essential, conventional search engines like Google and Bing pose threats to privacy due to their storage of search histories. Even a few searches could divulge sensitive information. As a journalist, you should adjust settings within search engines to halt the storage of your search text to protect your sources and yourself.
Alternatively, opt for search engines like DuckDuckGo or StartPage that don’t track your activity by default, ensuring your searches remain private and free from targeted ads.
14. Guard yourself against spyware
Attackers increasingly employ spyware, a malicious form of malware, to monitor devices and extract information. It can infiltrate devices through app installations, USB devices, or malicious emails. So, employing robust antivirus software is a crucial defense, with reputable options like Norton, Bitdefender, and Kaspersky providing effective protection.
It’s important to extend this vigilance to mobile devices as well.
Besides, some reliable apps can sometimes be misused for spying, rendering antivirus software insufficient. Therefore, for effective source protection, regularly review your apps and scrutinize their settings. You should also stay vigilant for any suspicious activities or permissions that apps request, ensuring you maintain control over the data you share.
15. Use a reliable VPN
To maintain the confidentiality of sources in journalism, employing a Virtual Private Network (VPN) is a pivotal step. A VPN encrypts internet traffic and routes it through remote intermediary servers. This double-layered approach ensures privacy by preventing Internet Service Providers (ISPs) from monitoring your activities.
Moreover, websites, apps, or services you use won’t identify you through your IP address. This is particularly crucial when using open Wi-Fi connections, safeguarding your data from interception by malicious entities.
While VPNs shield your online activities from third parties, know that the VPN provider itself could potentially access your data. Therefore, opting for a VPN with a no-logs policy is vital. Such providers adhere to a strict policy where they pledge not to store any information about your online activities.
Choosing a reputable VPN and trusting their commitment eliminates concerns about revealing your sources. By integrating a VPN into your journalism practices and ensuring it follows a logless policy, you fortify your online privacy, creating a secure digital environment where your activities remain confidential and safe.
16. Keep everything up to date
In the digital landscape, hackers and intelligence services often exploit security vulnerabilities that have persisted over time due to a lack of updates. Maintaining the security of your system is paramount; regularly update your operating system and all software programs.
The recommended practice is to enable automatic downloads of new versions and patches, providing an excellent defense against potential breaches and attacks.
17. Encrypt your communications
Beyond simply assuring your sources that your communications are impenetrable, encrypting it guarantees that unauthorized individuals cannot trace these conversations. So, installing end-to-end text message encryption software such as Signal is essential.
Also, encryption software offers various benefits, such as end-to-end encryption, meaning only the sender and the receiver can read the messages. No intermediary, not even the provider, can access the content of your conversations.
You can also add an extra layer of protection by setting up a password. This ensures that only individuals with the correct password can access your conversations. Importantly, encryption programs do not provide any backdoor access, ensuring that even governments cannot breach your privacy.
Furthermore, they offer a secure deletion option whereby, upon exiting the application, all conversations are instantly erased. This method ensures that the messages you share with your discussion partner remain entirely safe, enhancing privacy and security.
18. Generate strong passwords using a password manager
In the realm of digital security, even if you diligently follow all the recommendations in this guide, your data could still be vulnerable to password cracking. Since passwords are the sole gateway to encrypted information, securing them is paramount.
One effective strategy is using a password manager, which generates robust passwords for each of your accounts and safeguards them effectively. Password managers generate highly complex passwords that are often impossible to memorize, but worry not – the password manager remembers them for you.
All you need to recall is the master password that grants access to all others. It must be intricate, comprising symbols, capital letters, special characters, numbers, and spaces. Crucially, it must be unique and should never be reused somewhere else.
Some password managers that provide excellent options for safeguarding your passwords include Dashlane, NordPass, KeePass, LastPass, and more.
19. Create a hidden volume in a USB Key
Encryption is essential to safeguard your most sensitive documents and contacts. Storing such data in an encrypted USB key ensures that nobody can access this information without your password. However, situations may arise where you are compelled by legal entities to disclose your private key.
A prudent approach involves encrypting an entire USB key volume. You can store a robust password for this volume in your password manager. Subsequently, create another volume inside the main one, which remains undetectable and invisible. The password for this hidden volume should differ and be stored in the manager as something inconspicuous.
The objective is to transfer sensitive files in the encrypted and visible volume. Then, you should hide the most sensitive files within the concealed volume. If compelled to reveal the USB key password, you can provide access to the false sensitive data, safeguarding the identity of your sources. Applications such as VeraCrypt can help you encrypt and hide the volume of your USB key.
20. Check your system vulnerabilities
Despite taking numerous precautions, your system can still be susceptible to certain types of theft. Some functionalities in your operating system meant to enhance user experience, like speed improvements or preset settings, might inadvertently cause security breaches.
Independent developers have created software to bolster your computer’s security to counter this. For macOS users, two programs exist to assess system vulnerabilities: OSX-Config-Check and Lynis. Linux users primarily rely on Lynis but have the flexibility to combine it with other systems’ check software, and Windows users can opt for a Security Checkup.
These programs operate via command lines in Terminal, except for Security Checkup, which runs on Java. The usage instructions are clearly outlined on the links’ main pages, ensuring a straightforward process for users of all operating systems.
FAQs
To protect their confidential source, journalists should hide the source’s name, location, and other identifiable details that may uncover their identity.
Journalist confidentiality is the need and duty to protect their identity and sources.
You can securely store your photos on cloud storage, an external hard drive, or USB storage sticks. However, regardless of your chosen option, you should always password-protect and encrypt all files.
