7 online security tools for journalists and the privacy-inclined

By Owen Moore – https://www.flickr.com/photos/132053576@N03/17765606909/, CC BY 2.0, Link

It’s 2017, and we now live in a world where terms like “surveillance” and “hacking” and “encryption” are no longer used by just the techy folks. People care about keeping their online data private and protecting it has become big business. Over the next four years, market growth is set to grow over 10% annually.

statistic_id595182_cyber-security-market-revenues-worldwide-2016-2021

But unfortunately for those seeking more privacy online, recent laws passed in the UK and US have made it clear that you’re never as secure as you think you are. In November 2016, UK Parliament passed the Investigatory Powers Bill (lovingly referred to as Snooper’s Charter). There are plenty of summary articles to browse online, but the most significant addition found in the bill is the requirement for all web and phone companies to store browsing history of every customer for one year, so police and other authorities can have access to them.

A few days ago, the US Congress rolled back previous FCC regulation protecting the sharing of user data by ISPs. Now, ISPs are allowed to sell “sensitive” data such as browsing history to the highest advertising (or government) bidder without user consent. And on top of new regulation, troves of documents published by Wikileaks earlier in March revealed how the CIA could be hacking into iPhones, Android devices, Smart TVs and other Internet-connected devices.

These are big changes to each country’s privacy laws, and for journalists, it likely means that now is a good time to double down on online security tools. I’ve rounded up some of the most useful privacy tools and resources to download.

Lastpass

Password managers are good practice. I like Lastpass but other people use apps like 1Password or Dashlane. Whatever your preferred format, using a password manager increases security and saves you the trouble of remembering all your passwords. Despite Lastpass being hacked in 2015, most users only needed to change their master password to the vault while the individual passwords stayed secure. I’ve come to think that nothing is 100% foolproof online, but it sure beats using a generic password for all websites. For the really paranoid, go old school: write all your passwords in a paper notebook and keep it in a secure location at home.

Download

HTTPS Everywhere

Developed by the internet advocacy group Electronic Frontier Foundation and the Tor Project, this Chrome extension will switch any http website to its https equivalent automatically. Why is this important? Well without that little “s” on the end, your browsing history, what you click on, cookies, etc. These handy screenshots from the HTTPS info site explain the difference.

An unencrypted HTTP website can reveal all of the following information:

Screen Shot 2017-03-31 at 10.56.31 AM

By contrast, an encrypted HTTPS site only shows this info:

Screen Shot 2017-03-31 at 10.56.39 AM

The HTTPS Everywhere extension runs in the background and you can set certain rules for it to follow. You can even set it to block all unencrypted websites.

Download

WhatsApp (but Signal is better)

Most people use WhatsApp for it’s ease of use and international messaging. But compared to other messaging apps, it’s actually one of the more secure ones out there. Whatsapp features end-to-end encryption for all messages by default. However, after the Westminster Attack on March 22, Home Secretary Amber Rudd has demanded access to Whatsapp’s encryption key. Whether or not this goes through remains to be seen. But for the extra cautions, there’s always Signal. Compared to Whatsapp this has become the privacy-seeker’s app of choice due to it’s open source code and one-to-one messaging encryption. If you’re still trying to decide between secure messaging apps, here’s a good comparison article.

Download Whatsapp – iPhone or Android

Download Signal – iPhone or Android

FileVault or Bitlocker

When it comes to hard drive encryption, both Mac and Windows have built-in tools for data and file protection. Aside from using a unique password at your login screen this is one of the simplest things you can do to protect info that is on your computer but not on the web.

How-to articles for Filevault (Mac) and Bitlocker (Windows)

Mailvelope

Another handy Chrome extension, Mailvelope can turn your Gmail or Outlook account into end-to-end encrypted emails. Using PGP technology, you can list your key in the directory for others to find and send private messages. These messages become scrambled as soon as they are sent, and can only be unscrambled by a receiver with a corresponding key. This sort of messaging has become the private mailbox for many online publishers, with some journalists even listing their PGP key in their Twitter bio. For an easy introduction to how it works and getting started check out the Mailbelope website.

Mailvelope

 DuckDuckGo

This Canadian based company has created a search engine alternative to Google that claims to be absolutely tracking-free. That means no cookies, browser tracking or search history storing. If you’re doing research on sensitive topics such as terrorism, ISIS, jihad or child exploitation, this would be a good way to stay off of any sketchy watch lists.

DuckDuckGo

VPNs (if paranoid use Tor)

Speaking of watch lists, odds are good that you’re already on one. Especially in the UK, internet privacy has become so flimsy due to surveillance legislation that complete anonymity can seem like a fantasy. Some have turned to VPNs (Virtual Private Network) as their hope. VPNs act as the middle man between you and a server (usually containing a website). When the URL request comes to the website, all it can see is the VPN, not your computer. This method of browsing is encrypted, and there are plenty of options out there (see list below). But for some, standard VPNs just don’t do it.

That’s where Tor comes in: the mecca of online anonymity and security. Though sluggish at times, the Tor browser hides your location and identity by bouncing your GET request through a series of other Tor-running devices (also called a distributed network) before the server receives it. The signal goes through the same jumbling process on the way back, making it near impossible to detect the source. That being said, Tor still isn’t invincible. The FBI has already admitted to creating malware that can hack the encryption. Tor goes through constant updates, so security can be improved. But the constant game of cat-and-mouse has shown that there are still potential holes. Nevertheless, for online browsing it’s still considered one of the best tools out there.

Top ten VPNs list


Did I miss an obvious tool? Is there something you use or would like to recommend? Leave a comment or tweet me your thoughts.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s