SlideShare una empresa de Scribd logo

Cyber security for journalists

Descargar como PPTX, PDF
Shanmugavel Sankaran
Shanmugavel Sankaran

Cyber-security for journalists

Tecnología
1 de 18
Cyber Security For Journalists
What will you do if Edward Snowden reaches you? You may not be currently reporting on sensitive topics involving government leaks. But what if a source contacts you with the promise of a big story and insists on encrypted communication? It happened to Glenn Greenwald, Laura Poitras, and Barton Gellman, the team approached by Edward Snowden Tor for anonymous browsing, Adium (for Macs) and Pidgin (for PCs) for secure IM conversations, and then a combination of Thunderbird, Enigmail, and PGP/GPG keys for a good, basic start on sending and receiving encrypted email. Cryptocat, for encrypted group chats, TrueCrypt, which encodes and password-protects files on your computer, and CCleaner, which cleans up your computer by deleting temporary files and overwriting deleted files to make them harder to recover https://archives.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php
Password We must also remember not to use the same passwords for different services, as well as to choose a secure password, which will not be fragments of words, and will be a combination of letters (large and small), numbers and special characters. Mnemonic technique is a good example. Select verses from your favorite songs and build password from it, for example: “My coat of many colors that mama made for me” converts to an easy to remember password “Mcomctmmfm.” Add a number in the middle and a special character on the end and you have a reasonable strong password: Mcomc5tmmfm&.
VPN virtual private network (VPN). Everyone must choose the one which suits him (a good price is approx. $ 2–5 per month, but there’s a variety of factors that influences the price—here list of over a hundred VPN‘s, and here, in turn, is the best VPN by PCMag for 2016). But you must note that some VPN services (eg. the popular “Hide My Ass”) are keeping logs in case they need to provide information to government agencies. We use CactusVPN (due to the combination of price, the ease of installation, as well as the availability of a mobile phone free of charge). we can also recommend VyprVPN or PureVPN.
Bitlocker (Windows) FileVault (MacOSX) BitLocker and FileVault are lazy solutions. A better alternative is the free and open-source program VeraCrypt (for Windows, MacOSX, Linux). When you’re using external disks, make sure to encrypt them as well. We know security experts who appreciate a paid Symantec Drive Encryption. For convenient encryption of individual files, you can use the free AxCrypt. Especially if you do not use encryption, you should use at least a program for secure deletion of data, for example Eraser. Note on the phone—iPhone users have enabled encryption by default, Android is doing that only on some phones (eg. Nexus 6 and later), so you need to check whether the option is enabled in
CryptoCat: Plug-in for Chrome, Safari, Firefox, Opera, iOS app. It allows you to transfer files in a secure way, in the future they will also offer integration with Facebook chat. SpiderOak: serves as a secure drive that uses cloud computing, but it is, unfortunately, a paid service since last year (60 days free, using 2GB) Viivo: a program to encrypt the files in the cloud Signal: This is a chat application similar to Whatsapp for Android and iOS. The app replaces the default program for SMS and enables a safe way for phone calls. Everything is encrypted on the client side, on your phone itself. In other words, as opposed to a regular phone, one can not easily overhear conversations or the content of text messages, as long as both parties have installed Signal. Signal is very easy to use, has a clean interface, the code is open-source and subject to audits—the only drawback is that they have a central server. You can avoid that risk by also using Orbot (see below) or VPN. The beta version is also available on desktop. Orbot: This is an app specially for Android. The program allows the channeling of some apps through the network Tor.
App Ops: Application for Android which allows you to downgrade rights for specific apps on your phone. AppLock: The application for Android that allows additional protection by locking apps with a password. Orfox (Android) or Onion Browser (iOS): This is a browser for android, directing traffic through the Tor network, blocking scripts and forcing https connection when possible. Definitely recommended, but still in the development phase (so it sometimes has annoying shortcomings). For iPhone owners: Onion Browser (iOS app paid $ 0.99.) https://medium.com/thoughts-on-journalism/defense-against-the-dark-arts-385aff5ed2f2
The basics 1. Install anti-virus software on your computer. If you have a new computer, install the anti-virus before connecting online to minimise your chance of catching a virus. 2. Firewall – Installing anti-virus software is not enough. The firewall is a stronger layer of security that you need to protect. Install software to reinforce your firewall protection. 3. Don’t use pirated software. If you cannot afford licenced software, there is a lot of open-source software out there that you can download and use safely. 4. If you are using a public computer or cannot gurantee that the computer is virus-free, you can opt for a USB flash drive. You will not leave any trace of your work on the computer. 5. Use secured password. The longer and more complicated the password, the harder it is for hacker to break in. Use at least 12 figures in your password with letters, symbols and different characters. Don’t use the same password for everything. If you don’t have an elephant memory, you can use KeePass to store passwords securely. But remember to keep your master password strong for KeePass. 6. DETEKT who has been spying on you. If you want to know whether you are being spied, you can download the free tool “Detekt” to scans your Windows computer for traces of (common spywares such as) FinFisher and Hacking Team RCS, commercial surveillance spyware that has been identified to be also used to target and monitor human rights defenders and journalists around the world.
Data management – How to delete, recover & encrypt your data? 1. Deleting your data – You think by clicking the “delete” button, your file will be deleted forever? The answer is “no”. The file you deleted can still be recovered even though it may no longer be visible. It is still somewhere in your computer or usb stick. In order to delete your file permanently, you can download free software (such as CC Cleaner) that allows you to delete your file permanently. 2. Recovering your data – However, journalists can use this to their advantage. If you are ever forced to delete your photograph by the authority, you can do so with the assurance that you can retrieve your photo when you get back to the office or home. All you need is the software (such as Recuva) to do that. But if the hard drive is damage severely (by fire), the data inside may not be recovered. 3. Delete / manage your metadata because it tells people a lot about you and how the file is being created. If you do not want to remain anonymous or protect your sources, keep the meta data for yourself.
Data management – How to delete, recover & encrypt your data? 1. Create a secured data back-up. You should always have a back-up of your important data but use a secured back-up. If you don’t want to carry sensitive data around when travelling, you should store your data in a secured drive (such as Mega.co.nz) that you can have access to wherever you go. Before storing your data, take one more security step to encrypt your data before storing them in a remote drive or cloud. 2. Encrypting your data. You can download free software (such as Boxcryptor) that encrypt data before you send it or store it in a cloud. To encrypt your file and prevent others to have access to your file on your computer, you can use TrueCrypt to encrypt your files. This allows you to create a “secret vault” in your computer which is only visible to you who knows the password and location of the file in your computer. You don’t need to know about encryption or coding, all you need to do is to follow the simple steps of the software. 3. What if I am forced to give away my password for the encrypted file? If you are ever in an extreme situation in which you have to reveal your password to the authority, you should take this last but important step to protect your sources or sensitive data. You can create “a hidden vault” within the “secret vault” in TrueCrypt. So your “secret vault” becomes a disguise in case you ever need to reveal your password for this “secret vault”. In this case, you can reveal the password to the authority to have access to your “secret vault”, but the real secret or sensitive data are stored in the “hidden file” within the “secret vault” which you have a different password to access that. Put the real sensitive content in the “hidden vault” but be aware that you should put the seemingly sensitive content in the “secret vault” which you will give the access to the authority so that they don’t suspect you and start looking for something else.
Protection measures about communications on the internet… 1. Encrypt your email messages. You can download web-based softwares (such as Mailvelope) to encrypt your emails so that no one (apart from yourself and your recipient) can read your messages. But this will require the recipient of your email to take the same measure. This software is only for web-based emails and it cannot encrypt your attached files in the email. For step-by-step tutorial of how Mailvelope works, please watch the video HERE. To encrypt files, you can use GPG encryption programme. 2. Securing instant messaging and audio/video conversations. Most popular instant messaging and audio/video platforms (such as Skype, Facebook chat, Google Hangout, etc.) that are owned by big corporations no longer provide the absolute privacy and anonymity you want. If you want to communicate sensitive information, you should use peer-to-peer online instant messaging and audio/video conferencing plateforms (such as Cryptocat, meet.jit.si, talky.io, Whispersystems, etc.). If you want to find out more secure messaging plateform, you can visit the Electronic Frontier Foundation which has enlisted all the latest secure messaging or audio/video conferencing platforms. (see below list of resources) 3. If you think that it is only in science fiction that you have to put your mobile phone in the fridge in order to prevent prying ears, then you are wrong. Our mobile devices can be switched on remotely and used as spying tools. We cannot remain anonymous using our mobile phones because the same network that provides you with internet access also provides you with the mobile communications. The ISP can locate you even though your mobile phone is not switched on. In many countries, you are required to provide your ID in order to buy a SIM card. What happen if you want to use your mobile phone and remain anonymous? There are some devices and applications (see below resources) out there which provide you with certain degree of security for your mobile commucations. For example, WhisperSystems is an application for smartphone users to make private call without their identities or location being revealed.
1. How to bypass internet censorship? In countries where internet censorship is a common practice to oppress the media or critical voices, access to information or communication can be a problem for journalists and human rights activities. There are ways to bypass internet censorship that come at a very small price. You can rent a virtual private network (VPN) that will encrypt and redirect all your traffic from your computer to that VPN. However, this does not prevent your ISP or the government from noticing that you are using a VPN that is located in the other end of the world. But what they cannot do (thus far) is to block the VPN connections. 2. Using temporary email service to remain anonymous.If you want to avoid spam or don’t want to give your real email address to strangers, you can use temporary email service (such as GuerrillaMail or Mailinator) to remain anonymous. The service provides you with an unique email address that you can dispose. 3. Private browsing. Cleaning your cookie and internet history is not enough. If you want to minimise the chance for internet surveillance, you can use Tor Browser so that no one can see what sites you have visited or track down your location. It will also allows access to websites not available for normal browsers.
General guide on cyber security 1. https://securityinabox.org 2. https://www.level-up.cc 3. http://saferjourno.internews.org/pdf/SaferJourno_Guide.pdf 4. https://learn.equalit.ie 5. Passwords storage software http://keepass.info 6. Secured back-up server http://mega.co.nz 7. Email encryption https://www.mailvelope.com/ 8. Electronic Frontier Foundation https://www.eff.org (you can check out the EFF secure messaging scorecard with a list of secured platforms) 9. Secured mobile communications application https://whispersystems.org/ 10. https://europeanjournalists.org/blog/2015/01/22/cyber-security-training-for-journalists/
Investigative Journalists Email ● If you travel to a country known for spying on the media, don’t rely on an email provider based there. ● At home, use a secure provider – you can tell if your email is secured by looking for the “https” in the address bar. Gmail is secure by default, while Yahoo and Facebook settings can be adjusted. Why? If you use a free wireless network, anyone can tap into your screen with a simple and free software program. That’s a problem if you’re communicating with a source. It’s as if you were in a busy public place having a conversation with a confidential source, Guerra explained, “but you’re both screaming.” ● Don’t assume your employer is protecting your account. Ask your technology desk about what precautions it takes, and consider getting a personal account from Google or Yahoo over which you have control.
Passwords and the Two-Factor Login If you have Gmail, everyone knows your User Name. So a hacker only needs your password. An obvious first step is using a more complex password. There are guides to creating stronger passwords listed below. Also, for more sensitive interactions, Gmail, Twitter, and Facebook have added an additional – optional – layer of protection – the two-factor login. When you activate the two-factor login, and enter your password, the account sends a text message to your phone, providing you a unique authentication code you must enter before accessing the account.
Log In Settings Establish multiple user accounts on your computer, including at least one user account in addition to the default administrator account. Making sure the second account has no administrative privileges, then use that login for your daily work. Then if malware tries to install automatically, the computer will alert you with a message requiring the administrator password.
MalWare ● Beware of suspicious attachments, keep your programs updated, and install a good antivirus program. Usually programs you buy will provide greater protection. ● Watch for emails from groups or people you might know, but which seem slightly off – small grammar changes or odd punctuation. ● Mac users, avoid being lulled into a false sense of security. ● Outdated computers without security patches can put you on greater risk. Guerra describes some useful specific tools here (English and Spanish).
When Something Goes Wrong Make noise if your computer starts acting wacky. Reach out to one of the nonprofit groups dedicated to detecting and tracking attacks and training users. They include: ● Access Now runs a 24/7 Digital Security Helpline available in seven languages. ● The Committee to Protect Journalists, based in New York, advocates on behalf of reporters around the world and fields requests for assistance. ● Reporters Without Borders, based in Paris, does similar advocacy as CPJ. ● The Citizen Lab at the University of Toronto, researches Internet security and human rights. ● https://gijn.org/digital-security/

Recomendados

The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Onlinepcsafe
 
Hackers tools (816 4816-10)
Hackers tools (816 4816-10)Hackers tools (816 4816-10)
Hackers tools (816 4816-10)Shoaib Sheikh
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasureEdie II
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Protecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyProtecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyAEGILITY
 
Network Security
Network SecurityNetwork Security
Network SecurityVIKAS SINGH BHADOURIA
 

Recomendados

The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Onlinepcsafe
 
Hackers tools (816 4816-10)
Hackers tools (816 4816-10)Hackers tools (816 4816-10)
Hackers tools (816 4816-10)Shoaib Sheikh
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasureEdie II
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Protecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyProtecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyAEGILITY
 
Network Security
Network SecurityNetwork Security
Network SecurityVIKAS SINGH BHADOURIA
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 
Honeypot and Steganography
Honeypot and SteganographyHoneypot and Steganography
Honeypot and SteganographyPreeti Yadav
 
Network seurity
Network seurityNetwork seurity
Network seurityNaqash Rasheed
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Secure communication
Secure communicationSecure communication
Secure communicationTushar Swami
 
Communication security 2021
Communication security 2021Communication security 2021
Communication security 2021MuhammadusmanRana10
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities- Mark - Fullbright
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
Network security
Network securityNetwork security
Network securityAkhilesh Jain
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data SecurityFrederik Questier
 
Network Security
Network SecurityNetwork Security
Network SecurityRamasubbu .P
 
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011shawn_merdinger
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure Compliance and Certification Training
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!Roberto Martelloni
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Steinar Aandal-Vanger
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
NWSLTR_Volume8_Issue1
NWSLTR_Volume8_Issue1NWSLTR_Volume8_Issue1
NWSLTR_Volume8_Issue1Charles Klondike
 
TheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptxTheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptxHAYDEECAYDA
 

Más contenido relacionado

La actualidad más candente

Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 
Honeypot and Steganography
Honeypot and SteganographyHoneypot and Steganography
Honeypot and SteganographyPreeti Yadav
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Secure communication
Secure communicationSecure communication
Secure communicationTushar Swami
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011shawn_merdinger
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 

La actualidad más candente (20)

Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???
 
Honeypot and Steganography
Honeypot and SteganographyHoneypot and Steganography
Honeypot and Steganography
 
Network seurity
Network seurityNetwork seurity
Network seurity
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
 
Secure communication
Secure communicationSecure communication
Secure communication
 
Communication security 2021
Communication security 2021Communication security 2021
Communication security 2021
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network security
Network securityNetwork security
Network security
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCry
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
 
Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
Ransomware
RansomwareRansomware
Ransomware
 

Similar a Cyber security for journalists

TheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptxTheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptxHAYDEECAYDA
 
10 steps to protecting your computer to the world of internet.
10 steps to protecting your computer to the world of internet.10 steps to protecting your computer to the world of internet.
10 steps to protecting your computer to the world of internet.Khalil Jubran
 
Staying Safe - Overview of FREE Encryption Tools
Staying Safe - Overview of FREE Encryption ToolsStaying Safe - Overview of FREE Encryption Tools
Staying Safe - Overview of FREE Encryption ToolsMicky Metts
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionService2Media
 
Module5 desktop-laptop-security-b
Module5 desktop-laptop-security-bModule5 desktop-laptop-security-b
Module5 desktop-laptop-security-bBbAOC
 
Stackfield Cloud Security 101
Stackfield Cloud Security 101Stackfield Cloud Security 101
Stackfield Cloud Security 101Stackfield
 
Essential Technologies for Psychologists
Essential Technologies for PsychologistsEssential Technologies for Psychologists
Essential Technologies for PsychologistsBradnor444
 
Information security questions
Information security questions Information security questions
Information security questions gamemaker762
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Jay Nagar
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudNordic Backup
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guideNguyen Xuan Quang
 
Internet security
Internet securityInternet security
Internet securityrfukunaga
 
Covid 19 guide how to secure your data while working away from office
Covid 19 guide how to secure your data while working away from officeCovid 19 guide how to secure your data while working away from office
Covid 19 guide how to secure your data while working away from officeBrijesh Joshi
 
Covid 19 guide how to secure your data while working away from office
Covid 19 guide how to secure your data while working away from officeCovid 19 guide how to secure your data while working away from office
Covid 19 guide how to secure your data while working away from officeESDS Software Solution Pvt. Ltd
 
Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)Future Insights
 

Similar a Cyber security for journalists (20)

NWSLTR_Volume8_Issue1
NWSLTR_Volume8_Issue1NWSLTR_Volume8_Issue1
NWSLTR_Volume8_Issue1
 
TheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptxTheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptx
 
10 steps to protecting your computer to the world of internet.
10 steps to protecting your computer to the world of internet.10 steps to protecting your computer to the world of internet.
10 steps to protecting your computer to the world of internet.
 
Staying Safe - Overview of FREE Encryption Tools
Staying Safe - Overview of FREE Encryption ToolsStaying Safe - Overview of FREE Encryption Tools
Staying Safe - Overview of FREE Encryption Tools
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcription
 
NWSLTR_Volume8_Issue2
NWSLTR_Volume8_Issue2NWSLTR_Volume8_Issue2
NWSLTR_Volume8_Issue2
 
Ransomware
RansomwareRansomware
Ransomware
 
Module5 desktop-laptop-security-b
Module5 desktop-laptop-security-bModule5 desktop-laptop-security-b
Module5 desktop-laptop-security-b
 
Stackfield Cloud Security 101
Stackfield Cloud Security 101Stackfield Cloud Security 101
Stackfield Cloud Security 101
 
Essential Technologies for Psychologists
Essential Technologies for PsychologistsEssential Technologies for Psychologists
Essential Technologies for Psychologists
 
Information security questions
Information security questions Information security questions
Information security questions
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the Cloud
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guide
 
Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)
 
Internet security
Internet securityInternet security
Internet security
 
Covid 19 guide how to secure your data while working away from office
Covid 19 guide how to secure your data while working away from officeCovid 19 guide how to secure your data while working away from office
Covid 19 guide how to secure your data while working away from office
 
Covid 19 guide how to secure your data while working away from office
Covid 19 guide how to secure your data while working away from officeCovid 19 guide how to secure your data while working away from office
Covid 19 guide how to secure your data while working away from office
 
Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)
 

Más de Shanmugavel Sankaran

The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
Wilson Sonsini Executive Orders on TikTok and WeChat: Ambiguity and a Few Oth...
Wilson Sonsini Executive Orders on TikTok and WeChat: Ambiguity and a Few Oth...Wilson Sonsini Executive Orders on TikTok and WeChat: Ambiguity and a Few Oth...
Wilson Sonsini Executive Orders on TikTok and WeChat: Ambiguity and a Few Oth...Shanmugavel Sankaran
 
national standards of People's Republic of China
national standards of People's Republic of China national standards of People's Republic of China
national standards of People's Republic of China Shanmugavel Sankaran
 
FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91Shanmugavel Sankaran
 
FixNix and life of Chief Nixer__ A photo essay
FixNix and life of Chief Nixer__ A photo essayFixNix and life of Chief Nixer__ A photo essay
FixNix and life of Chief Nixer__ A photo essayShanmugavel Sankaran
 

Más de Shanmugavel Sankaran (9)

Educate empower experience
Educate empower experienceEducate empower experience
Educate empower experience
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
Wilson Sonsini Executive Orders on TikTok and WeChat: Ambiguity and a Few Oth...
Wilson Sonsini Executive Orders on TikTok and WeChat: Ambiguity and a Few Oth...Wilson Sonsini Executive Orders on TikTok and WeChat: Ambiguity and a Few Oth...
Wilson Sonsini Executive Orders on TikTok and WeChat: Ambiguity and a Few Oth...
 
national standards of People's Republic of China
national standards of People's Republic of China national standards of People's Republic of China
national standards of People's Republic of China
 
FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91
 
World earth day
World earth dayWorld earth day
World earth day
 
FixNix and life of Chief Nixer__ A photo essay
FixNix and life of Chief Nixer__ A photo essayFixNix and life of Chief Nixer__ A photo essay
FixNix and life of Chief Nixer__ A photo essay
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
 
Learning from great souls..
Learning from great souls..Learning from great souls..
Learning from great souls..
 

Último

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Último (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

Cyber security for journalists

  • 2. What will you do if Edward Snowden reaches you? You may not be currently reporting on sensitive topics involving government leaks. But what if a source contacts you with the promise of a big story and insists on encrypted communication? It happened to Glenn Greenwald, Laura Poitras, and Barton Gellman, the team approached by Edward Snowden Tor for anonymous browsing, Adium (for Macs) and Pidgin (for PCs) for secure IM conversations, and then a combination of Thunderbird, Enigmail, and PGP/GPG keys for a good, basic start on sending and receiving encrypted email. Cryptocat, for encrypted group chats, TrueCrypt, which encodes and password-protects files on your computer, and CCleaner, which cleans up your computer by deleting temporary files and overwriting deleted files to make them harder to recover https://archives.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php
  • 3. Password We must also remember not to use the same passwords for different services, as well as to choose a secure password, which will not be fragments of words, and will be a combination of letters (large and small), numbers and special characters. Mnemonic technique is a good example. Select verses from your favorite songs and build password from it, for example: “My coat of many colors that mama made for me” converts to an easy to remember password “Mcomctmmfm.” Add a number in the middle and a special character on the end and you have a reasonable strong password: Mcomc5tmmfm&.
  • 4. VPN virtual private network (VPN). Everyone must choose the one which suits him (a good price is approx. $ 2–5 per month, but there’s a variety of factors that influences the price—here list of over a hundred VPN‘s, and here, in turn, is the best VPN by PCMag for 2016). But you must note that some VPN services (eg. the popular “Hide My Ass”) are keeping logs in case they need to provide information to government agencies. We use CactusVPN (due to the combination of price, the ease of installation, as well as the availability of a mobile phone free of charge). we can also recommend VyprVPN or PureVPN.
  • 5. Bitlocker (Windows) FileVault (MacOSX) BitLocker and FileVault are lazy solutions. A better alternative is the free and open-source program VeraCrypt (for Windows, MacOSX, Linux). When you’re using external disks, make sure to encrypt them as well. We know security experts who appreciate a paid Symantec Drive Encryption. For convenient encryption of individual files, you can use the free AxCrypt. Especially if you do not use encryption, you should use at least a program for secure deletion of data, for example Eraser. Note on the phone—iPhone users have enabled encryption by default, Android is doing that only on some phones (eg. Nexus 6 and later), so you need to check whether the option is enabled in
  • 6. CryptoCat: Plug-in for Chrome, Safari, Firefox, Opera, iOS app. It allows you to transfer files in a secure way, in the future they will also offer integration with Facebook chat. SpiderOak: serves as a secure drive that uses cloud computing, but it is, unfortunately, a paid service since last year (60 days free, using 2GB) Viivo: a program to encrypt the files in the cloud Signal: This is a chat application similar to Whatsapp for Android and iOS. The app replaces the default program for SMS and enables a safe way for phone calls. Everything is encrypted on the client side, on your phone itself. In other words, as opposed to a regular phone, one can not easily overhear conversations or the content of text messages, as long as both parties have installed Signal. Signal is very easy to use, has a clean interface, the code is open-source and subject to audits—the only drawback is that they have a central server. You can avoid that risk by also using Orbot (see below) or VPN. The beta version is also available on desktop. Orbot: This is an app specially for Android. The program allows the channeling of some apps through the network Tor.
  • 7. App Ops: Application for Android which allows you to downgrade rights for specific apps on your phone. AppLock: The application for Android that allows additional protection by locking apps with a password. Orfox (Android) or Onion Browser (iOS): This is a browser for android, directing traffic through the Tor network, blocking scripts and forcing https connection when possible. Definitely recommended, but still in the development phase (so it sometimes has annoying shortcomings). For iPhone owners: Onion Browser (iOS app paid $ 0.99.) https://medium.com/thoughts-on-journalism/defense-against-the-dark-arts-385aff5ed2f2
  • 8. The basics 1. Install anti-virus software on your computer. If you have a new computer, install the anti-virus before connecting online to minimise your chance of catching a virus. 2. Firewall – Installing anti-virus software is not enough. The firewall is a stronger layer of security that you need to protect. Install software to reinforce your firewall protection. 3. Don’t use pirated software. If you cannot afford licenced software, there is a lot of open-source software out there that you can download and use safely. 4. If you are using a public computer or cannot gurantee that the computer is virus-free, you can opt for a USB flash drive. You will not leave any trace of your work on the computer. 5. Use secured password. The longer and more complicated the password, the harder it is for hacker to break in. Use at least 12 figures in your password with letters, symbols and different characters. Don’t use the same password for everything. If you don’t have an elephant memory, you can use KeePass to store passwords securely. But remember to keep your master password strong for KeePass. 6. DETEKT who has been spying on you. If you want to know whether you are being spied, you can download the free tool “Detekt” to scans your Windows computer for traces of (common spywares such as) FinFisher and Hacking Team RCS, commercial surveillance spyware that has been identified to be also used to target and monitor human rights defenders and journalists around the world.
  • 9. Data management – How to delete, recover & encrypt your data? 1. Deleting your data – You think by clicking the “delete” button, your file will be deleted forever? The answer is “no”. The file you deleted can still be recovered even though it may no longer be visible. It is still somewhere in your computer or usb stick. In order to delete your file permanently, you can download free software (such as CC Cleaner) that allows you to delete your file permanently. 2. Recovering your data – However, journalists can use this to their advantage. If you are ever forced to delete your photograph by the authority, you can do so with the assurance that you can retrieve your photo when you get back to the office or home. All you need is the software (such as Recuva) to do that. But if the hard drive is damage severely (by fire), the data inside may not be recovered. 3. Delete / manage your metadata because it tells people a lot about you and how the file is being created. If you do not want to remain anonymous or protect your sources, keep the meta data for yourself.
  • 10. Data management – How to delete, recover & encrypt your data? 1. Create a secured data back-up. You should always have a back-up of your important data but use a secured back-up. If you don’t want to carry sensitive data around when travelling, you should store your data in a secured drive (such as Mega.co.nz) that you can have access to wherever you go. Before storing your data, take one more security step to encrypt your data before storing them in a remote drive or cloud. 2. Encrypting your data. You can download free software (such as Boxcryptor) that encrypt data before you send it or store it in a cloud. To encrypt your file and prevent others to have access to your file on your computer, you can use TrueCrypt to encrypt your files. This allows you to create a “secret vault” in your computer which is only visible to you who knows the password and location of the file in your computer. You don’t need to know about encryption or coding, all you need to do is to follow the simple steps of the software. 3. What if I am forced to give away my password for the encrypted file? If you are ever in an extreme situation in which you have to reveal your password to the authority, you should take this last but important step to protect your sources or sensitive data. You can create “a hidden vault” within the “secret vault” in TrueCrypt. So your “secret vault” becomes a disguise in case you ever need to reveal your password for this “secret vault”. In this case, you can reveal the password to the authority to have access to your “secret vault”, but the real secret or sensitive data are stored in the “hidden file” within the “secret vault” which you have a different password to access that. Put the real sensitive content in the “hidden vault” but be aware that you should put the seemingly sensitive content in the “secret vault” which you will give the access to the authority so that they don’t suspect you and start looking for something else.
  • 11. Protection measures about communications on the internet… 1. Encrypt your email messages. You can download web-based softwares (such as Mailvelope) to encrypt your emails so that no one (apart from yourself and your recipient) can read your messages. But this will require the recipient of your email to take the same measure. This software is only for web-based emails and it cannot encrypt your attached files in the email. For step-by-step tutorial of how Mailvelope works, please watch the video HERE. To encrypt files, you can use GPG encryption programme. 2. Securing instant messaging and audio/video conversations. Most popular instant messaging and audio/video platforms (such as Skype, Facebook chat, Google Hangout, etc.) that are owned by big corporations no longer provide the absolute privacy and anonymity you want. If you want to communicate sensitive information, you should use peer-to-peer online instant messaging and audio/video conferencing plateforms (such as Cryptocat, meet.jit.si, talky.io, Whispersystems, etc.). If you want to find out more secure messaging plateform, you can visit the Electronic Frontier Foundation which has enlisted all the latest secure messaging or audio/video conferencing platforms. (see below list of resources) 3. If you think that it is only in science fiction that you have to put your mobile phone in the fridge in order to prevent prying ears, then you are wrong. Our mobile devices can be switched on remotely and used as spying tools. We cannot remain anonymous using our mobile phones because the same network that provides you with internet access also provides you with the mobile communications. The ISP can locate you even though your mobile phone is not switched on. In many countries, you are required to provide your ID in order to buy a SIM card. What happen if you want to use your mobile phone and remain anonymous? There are some devices and applications (see below resources) out there which provide you with certain degree of security for your mobile commucations. For example, WhisperSystems is an application for smartphone users to make private call without their identities or location being revealed.
  • 12. 1. How to bypass internet censorship? In countries where internet censorship is a common practice to oppress the media or critical voices, access to information or communication can be a problem for journalists and human rights activities. There are ways to bypass internet censorship that come at a very small price. You can rent a virtual private network (VPN) that will encrypt and redirect all your traffic from your computer to that VPN. However, this does not prevent your ISP or the government from noticing that you are using a VPN that is located in the other end of the world. But what they cannot do (thus far) is to block the VPN connections. 2. Using temporary email service to remain anonymous.If you want to avoid spam or don’t want to give your real email address to strangers, you can use temporary email service (such as GuerrillaMail or Mailinator) to remain anonymous. The service provides you with an unique email address that you can dispose. 3. Private browsing. Cleaning your cookie and internet history is not enough. If you want to minimise the chance for internet surveillance, you can use Tor Browser so that no one can see what sites you have visited or track down your location. It will also allows access to websites not available for normal browsers.
  • 13. General guide on cyber security 1. https://securityinabox.org 2. https://www.level-up.cc 3. http://saferjourno.internews.org/pdf/SaferJourno_Guide.pdf 4. https://learn.equalit.ie 5. Passwords storage software http://keepass.info 6. Secured back-up server http://mega.co.nz 7. Email encryption https://www.mailvelope.com/ 8. Electronic Frontier Foundation https://www.eff.org (you can check out the EFF secure messaging scorecard with a list of secured platforms) 9. Secured mobile communications application https://whispersystems.org/ 10. https://europeanjournalists.org/blog/2015/01/22/cyber-security-training-for-journalists/
  • 14. Investigative Journalists Email ● If you travel to a country known for spying on the media, don’t rely on an email provider based there. ● At home, use a secure provider – you can tell if your email is secured by looking for the “https” in the address bar. Gmail is secure by default, while Yahoo and Facebook settings can be adjusted. Why? If you use a free wireless network, anyone can tap into your screen with a simple and free software program. That’s a problem if you’re communicating with a source. It’s as if you were in a busy public place having a conversation with a confidential source, Guerra explained, “but you’re both screaming.” ● Don’t assume your employer is protecting your account. Ask your technology desk about what precautions it takes, and consider getting a personal account from Google or Yahoo over which you have control.
  • 15. Passwords and the Two-Factor Login If you have Gmail, everyone knows your User Name. So a hacker only needs your password. An obvious first step is using a more complex password. There are guides to creating stronger passwords listed below. Also, for more sensitive interactions, Gmail, Twitter, and Facebook have added an additional – optional – layer of protection – the two-factor login. When you activate the two-factor login, and enter your password, the account sends a text message to your phone, providing you a unique authentication code you must enter before accessing the account.
  • 16. Log In Settings Establish multiple user accounts on your computer, including at least one user account in addition to the default administrator account. Making sure the second account has no administrative privileges, then use that login for your daily work. Then if malware tries to install automatically, the computer will alert you with a message requiring the administrator password.
  • 17. MalWare ● Beware of suspicious attachments, keep your programs updated, and install a good antivirus program. Usually programs you buy will provide greater protection. ● Watch for emails from groups or people you might know, but which seem slightly off – small grammar changes or odd punctuation. ● Mac users, avoid being lulled into a false sense of security. ● Outdated computers without security patches can put you on greater risk. Guerra describes some useful specific tools here (English and Spanish).
  • 18. When Something Goes Wrong Make noise if your computer starts acting wacky. Reach out to one of the nonprofit groups dedicated to detecting and tracking attacks and training users. They include: ● Access Now runs a 24/7 Digital Security Helpline available in seven languages. ● The Committee to Protect Journalists, based in New York, advocates on behalf of reporters around the world and fields requests for assistance. ● Reporters Without Borders, based in Paris, does similar advocacy as CPJ. ● The Citizen Lab at the University of Toronto, researches Internet security and human rights. ● https://gijn.org/digital-security/