Friday, May 05, 2017

To hoodwink intolerance, online guide asks journos to operate anonymously, use encryption for messaging

By Our Representative
In a new guide on how to operate in a changed atmosphere of intolerance, journalists across the world have been told make it “difficult for anyone to try and intercept” their emails, text messages and phone calls as part of the measures “to make the lives of those who want to uncover your sources and the information being revealed to you much harder.”
Written by Michael Dagan, a senior editor with 25 years’ experience, the guide has been forwarded to following the mention of the Committee to Protect Journalists in an article (click HERE), with the comment: “This is not an easy time for journalists all over the world, with the discoveries of surveillance on citizens, which includes journalists and their sources.”
Dagan says, “The degree of effort you’re prepared to take to protect your privacy, your sources’ anonymity and your data’s safety, should be commensurate to the likelihood of a real threat, be that hacking or spying.”
Pointing out that there is “an air of danger to freedom of speech and freedom of the press is spreading slowly like a dark cloud over the Western Hemisphere", the guide says, US today has a "serving president accuses a former president of surveillance”, even as preventing “central US media outlets access – so far always granted, and taken for granted – to press conferences he holds.”
In his 5,000-words guide, Dagan says, journalists should be “securing on-device applications and functions” thus reducing the “attack surface”, i.e. “limiting the installed apps to the bare minimum, installing only from trusted sources, selecting apps that require minimal rights, keeping the system fully patched and updated, and having as many security controls on the device.”
He wants journalists to isolate their “devices and/or their environment” with “physical insulation of a computer for the purpose of checking files, or the use of prepaid mobile devices.”
Cautioning the use of both “digital and real world”, Dagan says, “For example, never write down the name of the source, certainly not on any app or on any document that’s stored on your computer – and most certainly not on anything stored on the cloud.”
Giving a whole lot of information on how to “encrypt everything” using “full disk encryption” using “FileVault, VeraCrypt or BitLocker”, Dagan wants journalists not to put their computer to “sleep”, as it “may allow an attacker to bypass this defense.”
Asking journalists to “avoid chatting with sources on the phone”, Dagan says, “All phone companies store data related to the caller and the receiver’s numbers, as well as the location of the devices at the time calls were made.”
“In the US and several other countries, they’re required by law to disclose information on registered calls in their possession”, he points out, adding, “You should use a secure call service, such as the one the Signal app – which was tested repeatedly for security – possesses.”
Dagan warns, “Your calls (cellular ones and via landlines) can be monitored by law enforcement agencies and each SMS is like a postcard – all text is fully visible to those who may intercept it”, adding, “Therefore, use messengers that allow for secure end to end call”, especially those where “the Signal Protocol has been actually implemented into WhatsApp, Facebook Messenger, and Google Allo, making conversations using them encrypted.”
However, his advice says, “Do not use organizational chats” such as “Slack, Campfire, Skype and Google Hangouts”, especially for private conversations. “They are easy to break in, and are exposed to disclosure requests for courts use, to resolve legal issues at the workplace”, he adds.
Asking journalists to protect data on computer, Dagan says, “It’s very easy to break regular passwords, but it can take years to break passphrases – i.e., random combinations of words. We recommend trying secure password management tools like: LastPass and 1Password and KeePassX”, even as using “two-factor authentication”.
Other advices include on how to become anonymous online, using private browsing mode and alternative browsing, such as TOR, developed by the US Navy, which “allows you to operate in a hidden network, carry out private communications and set up web sites anonymously.”
Click HERE for the complete guide

No comments: