Digital security post-Snowden has become a staple of the reporter’s toolkit. If you want extra layers of protection for your work but aren’t sure where to begin, your first move as a Gmail user should probably be with the service’s two-step verification. CJR also spoke with several cybersecurity experts to put together an essential set of tools for journalists, starting with the simplest and ending with the safest. All of them are open source or included with most operating systems.
1. Secure your hard drive
Both of these tools encrypt your entire hard drive, making data impossible to access if your computer is stolen. And both are included free with many versions of your operating system.
Using PGP (“Pretty Good Privacy”) encryption, these tools ensure that only your email recipient will be able to read your message. Anyone who intercepts the message will just see a string of nonsensical characters. Cameran Ashraf, a digital safety trainer for Global Journalist Security, calls it “about as good as it gets for secured electronic communications.”
3. Make it easy for sources to chat…
CJR heard Cryptocat called “the gateway drug of encryption” when we first covered it in 2013, for its easy-to-use, intuitive interface. It’s a platform for encrypted instant messaging—available both on computers and smartphones—and doesn’t require users to make an account.
4. …And for them to pass important files
The Guardian, Gawker Media, and The New Yorker all use SecureDrop to allow whistleblowers to leak documents anonymously. However, it requires your organization to set up the infrastructure. “The platform may come across as more complex but it really is a solution that takes all sorts of threats into account,” said Runa A. Sandvik from the Freedom of the Press Foundation. For individuals trying to receive files anonymously, Michael Carbone of digital rights NGO Access recommends OnionShare.
5. Use a disposable OS
Tails is essentially an operating system on a USB stick—loaded with tools like Tor, which hides your location when browsing—that you plug into a computer. “I liken it to the way doctors change gloves,” says Susan E. McGregor, assistant director of Columbia’s Tow Center for Digital Journalism. The computer leaves no trace that Tails was used, and Tails wipes itself clean after each session. That means it retains no cookies or identifying information, and even if you’re attacked by malware, hackers will have nothing to steal.