How to protect your data if you are a Free Journalist
Currently, all over the world, there are countless journalists. Journalists master a lot of important and emerging first news.
Every day, journalists risk their lives giving us the news. In addition to that, journalists have increasingly become targets of hackers. Moreover, with the current state of government surveillance of online communications, journalists’ sources are at risk of being burned, and their rights are at risk of being violated. Notably, mass surveillance is increasingly pervasive and less noticeable.
So how do you add an extra layer of security between the computer, the network a journalist uses, and the websites they visit?
In order to effectively fight against surveillance and censorship, journalists, can use software developed by civil society organizations and implement concrete measures thanks to cybersecurity guides available online.
Warning: always do research on the tools you are about to use and the techniques you are going to implement. Technologies are changing rapidly, and the advice given today may not work tomorrow!
Protection of journalists’ data: risks and best practices
If freedom of the press is one of the most precious rights of our democracies, the mistrust and detestation of these by a growing section of public opinion and those in power makes it difficult to protect journalists’ data (contact details, sources, written documents, photographs, videos, etc.).
Social networks are often unable to meet their security commitments, allowing unduly to proliferate on their platforms threats and hateful messages against journalists, as well as multiple messages of misinformation.
Spyware, including Pegasus, created for mobile devices turns a cell phone into a mobile monitoring station. For Pegasus, at least 180 journalists have been identified as possible targets in 2021, with significant implications for the journalists’ own safety and that of their sources.
The protection of data and more particularly of confidential sources, the cornerstone of journalistic ethics, is increasingly difficult to ensure. When journalists agree to protect a person’s identity, they must now make every effort to do so, especially when a source could be arrested or harmed.
Maintaining privacy has become more difficult due to spyware, but also increasing levels of digital surveillance and control by authorities and the public.
Taking into consideration all the above, it is particularly recommended to:
Perform a digital risk assessment
This will help assess and, if possible, mitigate the risks to the person and the sources. The Rory Peck Trust has a comprehensive digital risk assessment model for journalists.
Ask yourself who might want to target you, or your source, and consider what means this adversary might have in terms of power, money and technological capability.
Use of Devices
Whenever possible, do not use your personal or work devices to contact sensitive sources. Buy devices designed specifically to communicate with them and keep your work and personal data separate. If possible, pay for these devices and SIM cards in cash and avoid linking them to anything that could identify you, such as a credit card or ID card (This may not always be possible depending on where you live and work).
Enable two-factor authentication for all accounts and use long, unique passwords and a password manager.
Regularly update your devices, apps, and browsers to the latest version to better protect against malware and spyware.
Educate the source about digital best practices and associated risks so they can contact you in the most secure way possible.
Limit contact with the source as much as possible.
Be aware that your Internet Service Provider (ISP) keeps a copy of your browsing history that a government can subpoena you to produce, or that company employees can access.
Research ISPs in the relevant country to determine who they belong to and whether the government is accessing user data through legal or other means.
Use a VPN to better protect your internet history and prevent it from being logged by your ISP or platforms like search engines. Choose a VPN service that doesn’t log your browsing history and isn’t known to share data with governments or others. Governments can create or manage licensed VPN service providers or require compliant services to report user data.
Communication with sources
When registering contact information, use a pseudonym instead of the source’s real name, and encourage them to do the same for you. When the contact is over, both of you delete each other’s contact information from your respective devices and online accounts.
Be aware that mobile phone companies and Internet service providers collect data about their users, including data that can be used to identify you and locate your contacts.
SMS messages and landline or mobile phone calls made through a telecommunications company are not encrypted, which means that governments and others can access the information.
Your cell phone can be used to locate you and your source. If you’re meeting in person, both of you leave your phones at home. In-person meetings are safer than online communications.
Receipt and management of documents
Be aware that almost everything you do on your devices is likely to leave a trace, even after deleting it. Computer experts can recover deleted content even if you used specialized software to sanitize your computer.
Keep sensitive documents on a computer isolated from any computer network, which has been modified so that it cannot connect to the Internet. This reduces the possibility that a stranger can access it.
Send sensitive documents via Secure Drop using the TOR browser if configured by your newsroom or organization. You will need the help of a digital security expert.
Whenever possible, encrypt your devices, documents, and external drives, and be sure to choose a long, unique encryption password. Keep up to date with encryption laws in the countries you live, work and travel to. You may be asked to unlock encrypted devices, in which case the choice to do so or not will be yours.
The protection of journalists’ data is proving to be a considerable challenge for freedom of expression, not only because it protects journalists, but also because it guarantees the integrity of their sources, who sometimes do not hesitate to put their lives in danger to expose the truth.
Why should journalists use a VPN?
If you are a journalist, you better read this chapter to strengthen your cybersecurity. If you’re not, you can also read it to learn how to protect your information and unlock geo-restrictions to enjoy greater online freedom.
VPN for journalists offers the best solution, creates a new virtual network connection and passes all your existing network traffic through its server, encrypting them along the way. Of course, you can also choose servers from different countries to connect to corresponding websites.
Also, in some countries and regions, online services (social networks, websites, videos, live services, etc.) may be blocked. Thanks to a VPN, journalists can easily unblock geo-restrictions to search for data or statistics.
We reiterate the importance of doing your research before choosing a VPN provider. Make sure that the provider does not save and share the list of sites you visit.
There are a lot of unsafe VPN providers that have designed their tool to be able to dig through all of your data. More details Here.