It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

This week, security nerds are dancing in the streets because Signal, the encrypted messaging app, is finally rolling out usernames. Signal has previously required users to provide their phone number as an identifier, but with this most recent update, users may instead use a username. Through massive reengineering, Signal is now able to store additional data, including information about usernames, in a secure format. By default, phone numbers will be hidden from new contacts, and users can also optionally remove their phone number from Signal’s “new contact” search. Read their blog post here.

What you can do

• Right now these new features are in Signal’s public beta. If you want these features now, you can sign up. The beta version can sometimes be a little buggy, so fair warning. However, it’s also rolling out to the more stable “vanilla” app in coming weeks, so stay on top of downloading your app updates.
• Signal’s default settings are already great, but if you want to dive deeper into maximizing its security benefits, read our guide to locking down Signal.

Updates from my team

• We wrote a post on why journalists should set up Signal usernames! Check it out here.
• To include the new changes to usernames we’ll also be updating our other Signal-related guides in the coming weeks. Stay tuned.

We are always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin