Why journalists should enable Signal usernames
With Signal’s new username and discoverability features, we’re done giving away phone numbers
Mozilla breaks into the anti-data broker game
Hundreds of data brokers aggregate and sell access to personal data, such as phone numbers, emails, addresses, and even purchasing habits collected through loyalty card programs, social media sites, apps, trackers embedded in websites, and more. Mozilla has a new monthly subscription service which automatically scans for your personal data on data broker websites, but there are other ways to make your data less easily searchable. Read more from the Digital Security Team.
Moving from passwords to passkeys
Instead of traditional passwords, where you log into a website with credentials that you know or store in a manager, a passkey is a credential that you store on your device, registered with an online account. Read more in our newsletter.
Journalists targeted with Pegasus yet again
Mercenary spyware firm NSO Group’s Pegasus spyware, designed to remotely access targeted smartphones, is marketed to governments around the world for the purposes of law enforcement and counterterrorism. But in the wild, we’ve seen governments repeatedly abuse this and similar spyware tools to infect journalists, spying on their most sensitive files, communications, and sources.
Harden your iPhone against thieves
Thieves don’t just steal iPhones for the hardware — they may also want access to banking apps and Apple Pay to facilitate fraudulent transfers and purchases. One thing that works in thieves’ favor is that people often use short passwords that are easy to shoulder surf and to memorize — typically only six digits. To minimize this risk, instead of typing in passcodes, where possible and practical consider opting for Face ID or Touch ID when unlocking the phone in public spaces.
Want improved adoption of digital security practices? Tell a good story.
Research concerning digital security narratives in journalism
Check if your account has been breached
If you have found your email in a data breach and the affected account is still active, you’re going to want to change the password for the relevant service right away.
Learn from the social media breach at SEC
On Jan. 9, 2024, the U.S. Securities and Exchange Commission’s account on X, formerly known as Twitter, was hijacked and used to post about the approval of a Bitcoin exchange-traded fund. This could have happened to anyone, whether an individual or a well-resourced organization. Learn how to mitigate similar attacks in this week's edition of our digital security digest
2024 resolution: Get started with security keys
Two-factor authentication (2FA) is great because it helps harden your account security. The strongest 2FA option commonly available today depends on a piece of hardware, a security key — a little device you can plug into your USB port to help log in.
Private browsing isn’t that private
On all major browsers, research suggests many users overestimate the privacy promises of private browsing mode, with many believing that it allows them to hide their IP address, encrypt their web traffic, browse anonymously, and more. That’s why you’ll want to read about what private browsing mode does and doesn’t do.
Audio: Every season is spooky season with Meta’s chatbot AI
October is cybersecurity awareness month and Martin Shelton, principal researcher at Freedom of the Press Foundation (FPF), explores Meta’s new AI chatbot features. What he finds is security news that’s creepier than any ghost and a tool that bleeds more than fake vampire fangs.With Meta releasing AI chatbot abilities …
Overcoming challenges when setting up newsroom Signal tiplines
We outline important decisions for newsrooms when setting up Signal tiplines
Lessons from a newsroom raid: How to encrypt your devices to protect yourself
Police raid on Marion County Record underscores digital security threats to media orgs.
Protección avanzada para Signal
También disponible en inglés.
Signal, la app de mensajería segura: Guía para principiantes
También disponible en inglés.
Aumenta la seguridad de tu WhatsApp
También disponible en inglés.
Autenticación de dos factores para principiantes
También disponible en inglés.
¿Cómo elegir un gestor de contraseñas?
También disponible en inglés.
Signal, the secure messaging app: A guide for beginners
Also available in Spanish.
How journalists can work from home securely
Both the newsroom and individual journalists must make some changes to work from home securely.
Choosing a password manager
Also available in Spanish.
Passkeys: Passwordless logins for beginners
One of the most common ways people get hacked is through phishing — when an attacker impersonates a trusted website to trick you into entering your credentials. But what if you never had to type in a password? Passwordless logins — known as passkeys — reduce your risk by enabling …
From Tik to Tok: Security considerations for newsrooms using TikTok
By the end of 2021, TikTok reached one billion monthly users, becoming one of the most popular social media platforms globally. In the United States, the platform was one of the few that significantly increased its share of users who said they regularly use the platform to get their …
How technology is changing the harassment of journalists — and what newsrooms can do about it
A study of mob censorship of journalists, and how media organizations and platforms are responding.
Taking care with source security when reporting on abortion
What journalists can do to better manage digital security for sources when reporting on abortion.
