Oh, Brother (printers)!
The best time to patch your connected devices is all the time
Should you try Google Advanced Protection?
It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.Android 16 drops — and with it, Advanced Protection modeJournalists and other at-risk …
Journalist searched and detained at US airport
CBP searched an Australian journalist’s phone. He noted he was questioned over materials in his blog, social media posts, and reporting
Report examines scams on the rise
The report also examines users’ choices in authentication methods, highlighting passkeys
The automated license plate reader dragnet
Automated license plate readers are everywhere, and they can often tell a story about your movement
Signal blocks Microsoft Recall from recalling
Signal is making it harder for your private messages to get pulled into Microsoft’s new Recall AI feature
Telegram’s growing mountain of data requests
Telegram’s transparency reporting bot suggests their compliance with data requests from authorities has exploded between 2024 and 2025.
Ask a security trainer: Checking identities in Signal
Welcome to “Ask a security trainer,” the column where the Digital Security Training team at Freedom of the Press Foundation (FPF) answers your burning questions at the intersection of journalism and security. Submit yours here! Let’s jump right into this week’s question.Dear DST,I’ve been seeing this story …
NSO Group fined in WhatsApp suit
The lawsuit also reveals more about how NSO Group executed its attacks on WhatsApp users, including journalists.
Chrome concedes third-party cookie fight
Third-party cookie ad tracking in Chrome is here to stay. If you’re sticking with Chrome, let’s talk about some safer settings.
Signalgate: The saga continues
The Signalgate saga continues. This time, Defense Secretary Pete Hegseth sent operational Yemen missile strike details to his wife and brother. Fortunately you can learn from Hegseth’s mistakes.
Tariffs and security updates
If you’re like me, you’re thinking about whether to buy electronics ahead of potential tariffs, and how long those devices will receive updates
Siding with Apple, court rejects UK’s secrecy request
A transparency win in a case concerning backdoor requests to Apple
Move over Signalgate, let’s talk Venmogate
Friends don’t let friends show the national security adviser is on their Venmo contact list
Security lessons from a Signal group chat
The editor-in-chief of The Atlantic is added to a Signal group chat discussing national security information — presumably by accident
Advice column: Should I be concerned about AI transcription tools?
There are some great uses for time-saving AI transcription tools, but it’s important to also know when to avoid uploading to a cloud provider
Ad CEO boasts about data broker capabilities
If our digital security trainer were in charge of data broker services, he might keep his cards closer to the vest. But that’s just him
Dropping malicious browser extensions
Browser extensions are powerful, but not all are trustworthy. Here’s how to scale back to the ones you trust
Advice column: So you’ve been targeted by a famous person
Our digital security team examines the security risks to journalists if a prominent person targets them online, and what can be done to prepare
Google’s personal data removal updates
Google updates its “Results about you” tool to help users remove unwanted or outdated information about themselves
Apple pulls encrypted iCloud from the U.K.
After government demands for global access to Apple’s end-to-end encrypted iCloud, the company disables the feature regionally
Advice column: Is it safe to unlock my phone with my face?
Welcome to “Ask a security trainer,” the column where the Digital Security Training team at Freedom of the Press Foundation (FPF) answers your burning questions at the intersection of journalism and security. Submit yours here! Let’s jump right into this week’s question.Dear DST,I have some sensitive data …
X temporarily blocks Signal links
While X might be able to block links, it will have a tougher time blocking Signal usernames
U.K. officials demand iCloud backdoor
The “snoopers’ charter” order for access to end-to-end encrypted iCloud accounts applies globally
Signal allows synching with new devices
Ever linked a new device to your Signal account, only to find you didn’t get your old messages? No longer!
