It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

Last week marked the end of our intern Kevin Pham’s summer takeover of the digital security digest newsletter. We’ve heard a lot of positive feedback from readers about his excellent work over the past few months, and we have more to come in the pipeline from Kevin, including some blog posts we’ll announce here. Keep a lookout!

In the news

The popular group chat app Discord announced its rollout of end-to-end encryption for voice and video calls in one-to-one and group direct messages, voice channels, and Go Live streams. The new protocol behind Discord's end-to-end encryption was built in collaboration with (and audited by) Trail of Bits. In Discord’s blog post, it acknowledged, “While audio and video will be end-to-end encrypted, messages on Discord will continue to follow our content moderation approach and are not end-to-end encrypted.” Read more here.

What you can do

• We always love to see end-to-end encryption in more places, but the implementation really matters. In this case, we’re happy to learn that when it’s fully rolled out, Discord’s new encryption will make it impossible for someone to decrypt your old private messages, even if they logged in with your username and password. So that’s one less thing to worry about.
• However, because Discord depends on usernames and passwords to log in, you probably still want to lock down your Discord accounts to ensure no one can log in as you. For this reason, we recommend adding two-factor authentication to your account. This just means adding a second login requirement beyond your password, such as a six-digit code sent to your phone. Learn more about how to set this up and check out our guide to two-factor authentication for beginners.
• In this fun new age of AI-assisted voice and video impersonation, it’s also helpful to know that you can confirm someone is who they say they are on Discord by comparing verification codes, similar to what you can do in other encrypted messengers like Signal. The first time you connect with someone, you and your conversational partner can compare verification codes on another communication channel you trust, and if your numbers match, this means the encryption is working as expected and you can press “Mark as Verified,” for an extra layer of privacy. Learn more here.
• As always, if you are looking for end-to-end encrypted voice, videos, and text chat, the encrypted messaging app, Signal, is your friend. If you’re just getting started with Signal, check out our guide to Signal for beginners. If you are already familiar with it, check out our guide to locking down Signal. And if you’re feeling skeptical about it, read on …

Updates from our team

• We just published our most recent advice column, which answers, why trust Signal? Read more here.
• Like I said, more to come from Kevin Pham! He just wrote a blog post on budgetary considerations when setting up secure tiplines for your media organization. As he says, they don't have to break the bank. Check it out.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Martin

–

Martin Shelton
Principal Researcher

Freedom of the Press Foundation