Move over Signalgate, let’s talk Venmogate

- The Latest
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - The Classifieds
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data Visualizations
  - Explore the Database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Donate

Illustrated skyline of a small town. — Electronic Frontier Foundation (CC BY 2.0)

It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

Endless Waltz

If you didn’t know his name last week (hey, I didn’t), national security director Michael Waltz took over the news because of a big mistake: It appears he inadvertently added the editor-in-chief of The Atlantic, Jeffrey Goldberg, to a Signal group for targeted bombings in Yemen. We’ve previously spoken about the security lessons journalists should consider from this event. Not very long thereafter, we also learned Waltz’s Venmo account was public, revealing at least 328 people who were likely in his phone’s contact list, including many journalists.

What you can do

As much as I like to think Venmo unearths some substantive stories for journalists, its privacy settings are kind of bonkers.
We don’t believe Venmo transactions were publicly available for Waltz. But for your own transactions, Venmo advises, “Your initial default privacy setting is Public, so everyone on the Internet can see your payments.” As a security person, I would like this to be set to private by default, but that’s just me. For now you can change this manually. In your Venmo app, navigate to: Settings (tap the little cog icon at top right) > Privacy > Private (visible to sender and recipient only)
From this same “Privacy” settings menu, go to “Friends list” and mark it private as well. It’s weird that this is “a thing” in Venmo, but OK.

Updates from our team

Next week our teammate David Huerta will be giving a talk with the National Association of Hispanic Journalists: “Don’t get hacked: Essential digital security for journalists.” It will cover practices for locking down your accounts, securing your smartphone, communications, and more. NAHJ members, please be sure to drop by on April 8 at 5 p.m. EST.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

–

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation

Endless Waltz

Get Weekly Tips & Advice

What you can do

Updates from our team

Sign Up. Take Action.