How to shop for a journalist: A security gift-giving guide

Martin Shelton

Principal Researcher

A series of gadgets laid out on a wooden tabletop, including an iPad opened to ProPublica, two "data blocking" USB devices, a Yubikey authentication device, external hard drive for local backups, USB type-C adapter, and webcam stickers.

Sometimes I need gifts for my journalist friends. Most people don’t get into this line of work for the overwhelming paycheck, so journalists don’t typically treat themselves to gadgets and services that will make their jobs safer and easier. But maybe you can treat them instead.

In most newsrooms, journalists are missing some important tools that will help them do their job more safely. We have no shortage of gadgets (e.g., computer hardware) that can help protect journalists’ privacy and security. We’d also like to highlight a few subscription-based services that can help protect journalists as they work on the web.

Gadgets

USB condoms

USB data blocker, blocking connection between charging cable and laptop

Normally, when you connect your phone to a charger through a USB cable it will transfer both power and data. This is why you can either charge your phone when plugged into an outlet, or keep the phone charged while transferring data between your phone and computer. The problem is that every USB port you plug into may also quietly transfer data to or from your phone.

How does this work? Typically the USB cords that charge your phone have multiple hardwired connectors, or “ports,” which transfer data or power. The good news is that it’s easy to only power a phone, without a data connection.

A data port blocker (often called a USB condom) is a device that disables data ports in USB cables, typically by covering them up to prevent a connection. Some data blockers (e.g., PortaPow) also include a chip that regulates the flow of power to a device, allowing the device to charge faster.

Security keys

When we log into a website, typically our login credentials are protected by a password. However, a growing number of websites allow you to better secure your account with a second piece of information — a second “factor” — beyond your password. We sometimes call this two-factor authentication, and it’s becoming a standard technique for better securing accounts.

A security key, such as a Yubikey, is a small device that you can use as a second factor. Many popular services (e.g., Twitter, Google) support security keys. First, check to see if your favorite website supports them, and follow that website’s installation flow. They’re typically easy to set up and use. When prompted during login, just tap the button on the security key. That’s it.

There are many kinds of security keys, with many form factors. The cheapest and simplest one we recommend is the $20 Yubico Security Key, which supports the USB connection you’d find in any old-fashioned USB port. Yubico also supports other connection types (e.g., wireless NFC for higher-end Android phones), but they’ll cost you extra.

Note: If they have a new device (e.g., Macbooks from 2016 and beyond) they may need a USB Type-C Yubikey, or a Type-C adapter. Here’s a list of Type-C adapters confirmed to work with Yubikeys.

Learn more about two-factor authentication here.

Webcam stickers

Webcam stickers featuring the Electronic Frontier Foundation's logo in black and red.

Get that journalist a webcam sticker. Journalists love webcam stickers.

If your device is hijacked by malware, a hacker may have all of the same permissions as you have. You own it, but so do they.

Enter some of our most unhackable anti-surveillance technology: Stickers. Put them over your laptop’s webcam.

If someone hijacks your device, a webcam will be the least of your problems. But it’s nice to have the peace of mind to know you’re not visible on your webcam unless you choose to be.

Our friends at the Electronic Frontier Foundation offer some of our favorite webcam stickers, which can be reapplied, and may last months at a time.

  • The Electronic Frontier Foundation offers webcam stickers for $5.00.

Backup hard drives

Unfortunately, we see a growing number of media organizations hit with ransomware attacks. Ransomware attacks are designed to crawl through an organization’s network and encrypt its connected computers. Those computers can only be unscrambled under one condition: pay the attackers a decryption fee. This is exactly what happened to a San Francisco Bay Area public radio station in 2017. While this is awful, it’s even more common for devices to be lost or stolen. This is why it’s wise to make a backup to an external hard drive, which can be used to roll back to a previous snapshot of our activity on our devices.

Windows users can back up and restore devices using File History, while Mac users can make backups with Time Machine. If you’d like to use your hard drive to back up only specific files, or archive sensitive data for long-term storage, you’ll want to encrypt it first!

  • Wirecutter: Pick whichever is cheapest and does the job. (Note: While a 2-4 terabyte drive will work great for most reporters, filmmakers will eat up hard drives with digital video, and will appreciate more space.)

Travel Chromebook

When traveling to and from the U.S., Customs and Border Protection, as well as Immigration and Customs Enforcement, may ask that travelers unlock their devices, or risk having their devices seized. Because of the sensitivity of the documents journalists may carry, this puts them in an especially difficult position.

Many news organizations work on Google Docs, Slides, Gmail, and more, accessible through G Suite. Chromebooks are essentially a gateway into these Google properties, and compared to a traditional laptop, they’re inexpensive. While you wouldn’t necessarily choose Chromebooks to protect your privacy from Google, Chromebooks have some unique security properties that make them an ideal choice for securing data while traveling.

Perhaps most importantly, you may only access your data on a Chromebook after logging into your Google account; the device is otherwise essentially blank, so you can travel while carrying no personal data. Before traveling, Chromebooks can also securely wipe all local data. These are helpful properties when moving through borders on land, entrances by sea, and airports, where our privacy rights may have fewer legal protections.

Learn more about digital privacy rights at the U.S. border.

Subscriptions

Password managers

People have a bad habit of reusing passwords, and hackers know this. Every week, it seems like there’s a story about a large-scale breach of our passwords; this is why it’s so important not to re-use the same password. At the same time, using unique passwords on every account is impractical — unless you have a password manager.

A password manager simplifies the process of generating and using dozens of strong, unique passwords through a dedicated password “vault,” which can only be unlocked with one password, using authorized devices. Password managers (e.g., 1Password, LastPass) will allow users to automatically fill out all of their passwords on their devices.

Saving time, and securing accounts are both significant advantages for reporters with password management subscriptions.

Learn more about password managers.

Virtual private networks

When we connect to websites over unsecured, open wi-fi networks — at a coffee shop or hotel — some traffic may be seen by anyone on the network. For example, when navigating an unsecured HTTP website, such has http://example.com, the connection is unencrypted, allowing anyone on the network to see the images and text from the unsecured websites we visit. A Virtual Private Network (VPN) encrypts and tunnels web traffic through a remote location. When using a VPN, anything a network eavesdropper gathers is encrypted, and illegible to them.

  • Important: We are not aware of a reliable way to gift a VPN subscription directly. Instead, consider giving them a prepaid Vanilla gift card, a strongly worded suggestion of a VPN, as well as a link to your preferred sign-up page.
  • TunnelBear VPN starts at $9.99/month, or $59.99 annually (50% off for a full year of service). Note that there are many competitive options, but this works well for most people.
  • Check out Wirecutter and our own in-depth guide to VPNs to investigate more VPNs for the journalist in your life.

Data privacy services

Many reporters — particularly those focused on politically sensitive work — are the targets of coordinated digital attacks, targeting their online accounts for hijacking. Sometimes these attacks also target physical locations, such as their homes, and their families. Much of this personally identifiable information is available through search engines, public records websites, genealogy websites, or “people search” sites (e.g., Spokeo.com) which may aggregate all of the above. Many of these websites have “opt out” pages, but because there are so many, and many will repost your data every few months, it becomes a nearly full-time job to opt out from such services.

Removing someone’s personal data from the web is an uphill battle, but data privacy services can make this kind of attack harder. DeleteMe will remove your data from over 40 websites for a year at a time, for one or more people. Another service called PrivacyDuck supports two or more people and is significantly more expensive, but will remove your data from about 90 websites.

Learn more about how reporters can prepare for, and respond to harassment.

Donate to protect press freedom.

Your support is more important than ever.