It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

“Mass Text,” indeed

404 Media reports that Immigration and Customs Enforcement officials added a random person to their six-person group chat, exposing sensitive information about the target of a manhunt. The messages in the group chat, labelled “Mass Text,” included information about the target’s criminal history, social security number, driver’s license number, and more. Unlike Signal or WhatsApp, the group chat was not end-to-end encrypted, instead using MMS (Multimedia Messaging Service), which leaks metadata to telecommunication carriers around the world. Joseph Cox of 404 Media writes, “The incident is a significant data breach and operational security failure for ICE, which has ramped up arrest efforts across the U.S. as part of the Trump administration’s mass deportation efforts.” Read more.

What you can do

  • Use more secure channels. There are some things we can learn from this. Perhaps it goes without saying, but standard SMS/MMS text messaging is not secure and should not be used for sensitive conversations. To ensure the messages, as well as voice and video calls, you send are locked down properly, we encourage journalists to use end-to-end encrypted messengers like Signal. Check out our beginner-friendly guide to using Signal for secure messaging, or if you already use it, read our in-depth guide to locking down Signal. While you’re at it, use Signal’s Safety Numbers to verify that you are talking to the intended recipient.
  • Look before you leap. The larger a group chat balloons, the more important it is to understand who is in it before saying anything sensitive. Don’t trust anyone else in the chat to have vetted everyone appropriately; others in the conversation could have made a sloppy mistake and added someone they didn’t intend to. Don’t end up with your own personal Signalgate.

Updates from our team

  • We are thrilled to have completed our 2025 Source Protection Programme in collaboration with collaborators at the Centre for Investigative Journalism, Electronic Frontier Foundation, Aegis Safety Alliance, and ACOS Alliance. In both Albuquerque, New Mexico, and El Paso, Texas, our team facilitated digital security trainings with dozens of journalists from around the country and the world. We want to extend a big thank you to the University of Texas at El Paso, as well as the University of New Mexico, for hosting us. We’re also so grateful for the time to teach, as well as to learn from the experiences of journalists reporting on the border.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin