Clawing back your data on X
Purging your social media posts is getting much simpler
The 2025 journalist’s digital security checklist
Our digital security training team's checklist to help journalists secure their digital life.
Lock down your Bluesky account
Among journalists, Bluesky is taking flight. Critical account security protections are still under development
New leaks on police phone unlocking tech
Recent insight into the capabilities and limitations of GrayKey, a secretive phone forensics tool, highlight the importance of updates
How to shop for a journalist: A security gift-giving guide
Sometimes I need gifts for my journalist friends. Journalists don’t typically treat themselves to gadgets and services that will make their jobs safer and easier, but maybe you can treat them instead.
WhatsApp lawsuit highlights spyware abuses (again)
In lawsuit against NSO Group, documents reveal the spyware vendor disconnected 10 abusive government customers
Use Signal’s new call links
The encrypted messaging app just rolled out a new feature to let users join a call with just a link — groups no longer required
Election safety support for journalists
Alongside a coalition of press freedom organizations, we’ve teamed up with the Knight Election Hub to support journalists.
Advice column: Is my phone always listening?
Advice column: Is my phone always listening?
Stop ad-based location tracking
Tracking IDs baked into your mobile device reveal visits to abortion clinics and more.
Support the Internet Archive
Help out a critical resource for journalists as it experiences a series of digital attacks.
Chrome phases out popular ad blocker — what now?
It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.In the newsIn its push to rework permissions within Google Chrome desktop …
See, this is why we need encryption
U.S. intelligence agencies suggest China is involved in a breach of multiple major U.S. telecommunications providers.
Indicted NYC mayor forgets phone passcode
Eric Adams allegedly claimed that he had changed the passcode and told the FBI he did not remember it.
Discord boosts private call encryption
Discord announced its rollout of end-to-end encryption for voice and video calls in one-to-one and group direct messages, voice channels, and Go Live streams.
Understanding every one of Signal’s identifiers
We’ve heard some questions about the difference between Signal usernames, phone numbers, profile names, profiles, and nicknames. Let’s talk about it.
Advice column: Why trust Signal?
FPF's digital security advice column today answers, why should I trust Signal?
Advice column: Two-factor authentication woes
FPF's digital security advice column today answers, what happens if I lose the phone I use for two-factor authentication?
Advice column: Top three security tips
FPF's digital security advice column today answers, what are your top three security tips?
Google backtracks on ad privacy plan
Google has a habit of hitting the brakes on products and features — so much so that it’s become something of a meme to be “killed by Google.” This time it decided to backtrack on its long-standing plan to replace traditional tracking in its Chrome browser.
What the AT&T breach means for source protection
We can learn a lot about how to get ahead of these problems.
Mail surveillance is widespread
According to data unearthed in a congressional probe, more than 60,000 requests by federal investigators and police captured data on 312,000 letters and packages between 2015 and 2023.
When data brokers break
We often talk to newsrooms about dealing with data brokers — companies that aggregate and sell data from commercial and public records. According to recent reporting from TechCrunch, an alleged breach of a U.S. data broker impacted at least 300 million people. Their reporting suggests “mixed results” verifying the authenticity of the data.
Apple’s password app
In the hope of simplifying how customers can log into apps and websites, Apple has announced it will offer a new Passwords app in its upcoming versions of iOS 18, iPadOS 18, and macOS 15.
Oops, all breaches!
Data breach notification service “Have I Been Pwned?” has added the login information associated with 361 million email addresses. Have I Been Pwned owner Troy Hunt says as many as 151 million of these unique email addresses have never been seen in his database before. The website boasts tracking over 13.5 billion breach accounts. Some of these credentials are reportedly harvested from users’ devices infected with information-stealing malware.
