It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.
Endless Waltz
If you didn’t know his name last week (hey, I didn’t), national security director Michael Waltz took over the news because of a big mistake: It appears he inadvertently added the editor-in-chief of The Atlantic, Jeffrey Goldberg, to a Signal group for targeted bombings in Yemen. We’ve previously spoken about the security lessons journalists should consider from this event. Not very long thereafter, we also learned Waltz’s Venmo account was public, revealing at least 328 people who were likely in his phone’s contact list, including many journalists.
What you can do
- As much as I like to think Venmo unearths some substantive stories for journalists, its privacy settings are kind of bonkers.
- We don’t believe Venmo transactions were publicly available for Waltz. But for your own transactions, Venmo advises, “Your initial default privacy setting is Public, so everyone on the Internet can see your payments.” As a security person, I would like this to be set to private by default, but that’s just me. For now you can change this manually. In your Venmo app, navigate to: Settings (tap the little cog icon at top right) > Privacy > Private (visible to sender and recipient only)
- From this same “Privacy” settings menu, go to “Friends list” and mark it private as well. It’s weird that this is “a thing” in Venmo, but OK.
Updates from our team
- Next week our teammate David Huerta will be giving a talk with the National Association of Hispanic Journalists: “Don’t get hacked: Essential digital security for journalists.” It will cover practices for locking down your accounts, securing your smartphone, communications, and more. NAHJ members, please be sure to drop by on April 8 at 5 p.m. EST.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Martin
–
Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation