How to shop for a journalist: A security gift-giving guide
Dr. Martin Shelton
June 28, 2023
Sometimes I need gifts for my journalist friends. Most people don’t get into this line of work for the overwhelming paycheck, so journalists don’t always treat themselves to gadgets and services that will make their jobs safer and easier. But maybe you can treat them instead.
Journalists are sometimes missing some important tools that will help them do their job more safely. Plenty of gadgets (e.g., computer hardware) can help protect journalists' security and privacy. We’d also like to highlight a few subscription-based services that can help protect journalists as they work on the web.
Threats to press freedom around the world are at an all-time high. Sign up to stay up to date and take action to protect journalists and whistleblowers everywhere.
Thanks for signing up for our newsletter. You are not yet subscribed! Please check your email for a message asking you to confirm your subscription.
Normally, when you connect your phone to a charger through a USB cable it can transfer both power and data. This is why you can either charge your phone when plugged into an outlet, or keep the phone charged while transferring data between your phone and computer. The problem is that every USB port you plug in may also transfer data to or from your devices.
How does this work? Typically the USB cords that charge your phone (and increasingly, laptops powered with USB Type-C) have multiple hardwired connectors, or “ports,” which transfer data or power. Modern smartphones tend to have onboard software that help prevent unnecessary data connections, but because they're easy to click through, you may sometimes introduce unwanted data connections when charging. The good news is that it’s easy to physically ensure the data connection is disabled.
A data port blocker (often called a USB condom) is a device that disables data ports in USB cables, typically by covering them up to prevent a connection. Some data blockers (e.g., PortaPow) also include a chip that regulates the flow of power to a device, allowing the device to charge faster.
When you log into a website, typically access to your account only requires a password. However, a growing number of websites allow you to better secure your account with a second piece of information — a second “factor” — beyond your password. We sometimes call this two-factor authentication.
A security key, such as a YubiKey, is a small device that you can use as a second factor. Many popular services (e.g., Twitter, Google) support security keys. First, check to ensure your favorite website supports them, and follow that website’s installation flow. They’re typically easy to set up and use. When prompted during login, just tap the button on the security key. That’s it.
There are many kinds of security keys, with many form factors. The cheapest and simplest one we recommend is the $25 Yubico Security Key, which supports the USB connection you’d find in any old-fashioned USB port, as well as a wireless NFC connection on mobile devices. Yubico also supports other connection types (e.g., the standard iPhone connector), but they’ll cost you extra.
Note: Many new devices (e.g., Macbooks from 2016 and beyond) may need a USB Type-C YubiKey, or a Type-C adapter. Here’s a list of Type-C adapters confirmed to work with YubiKeys.
Learn more about two-factor authentication here.
Get that journalist a webcam sticker. Journalists love webcam stickers.
If your device is hijacked by malware, a hacker may have all of the same permissions as you do. You own it, but so do they.
Enter some of our most unhackable anti-surveillance technology: Stickers.
If someone breaks into your device, a webcam may be the least of your problems. But it’s nice to have the peace of mind to know you’re not visible on your webcam unless you choose to be.
Our friends at the Electronic Frontier Foundation offer some of our favorite webcam stickers, which can be reapplied, and can last months at a time. Flat, sliding webcam shutters also work well for closed laptop lids and can last for years.
Computers inevitably break down, and are sometimes lost, stolen, or even remotely hijacked. Having a personal data backup can save a lot of heartache.
Unfortunately, we see a growing number of organizations and individuals hit with ransomware attacks designed to crawl through a network and encrypt its connected computers, rendering them useless. Those computers can only be unscrambled under one condition: pay the attackers a decryption fee. This is exactly what happened to a San Francisco Bay Area public radio station in 2017. Even more commonly, devices are simply lost or stolen. This is why it’s wise to make a backup to an external hard drive, which can be used to roll back to a previous snapshot of your activity on your devices.
Windows users can back up and restore devices using File History, while Mac users can make backups with Time Machine. External hard drives can also be configured to encrypt only specific files or to archive sensitive data for long-term storage. (Check out our guide to learn how.)
During quarantine, the journalist in your life probably wants to cozy up with a security book, right? Right.
We have a tough time finding books with strong and accessible security advice for beginners, but there are a few out there. While unpacking the many risks to personal information and our own well-being online, Keep Calm and Log On does an exceptional job of framing issues of media literacy in an empowering way. In 2021, scholar Susan E. McGregor published Information Security Essentials, a textbook based on extensive scholarship and experience examining digital security for newsrooms. This will be an invaluable resource to journalists for years to come. Finally, to learn about the visibility of our information online, we also suggest How the Internet Really Works, by Article 19. With clear explanations accompanied by friendly illustrations, we can imagine this being a useful gift to both journalists and their kids.
People have a bad habit of reusing passwords, and hackers know this. Every week, it seems like there’s a story about a large-scale password breach; this is why it’s so important not to re-use the same password. At the same time, using unique passwords on every account is impractical — unless you have a password manager.
A password manager simplifies the process of generating and using dozens of strong, unique passwords through a dedicated password “vault,” which can only be unlocked with one password, using authorized devices. Password managers (e.g., 1Password) will allow users to automatically fill out all of their passwords on their devices.
Saving time, and securing accounts are both significant advantages for reporters with password management subscriptions.
Learn more about password managers.
It's very possible your journalist friends spend most of their time at home right now. When connecting to websites, those websites and intermediaries (e.g., your Internet Service Provider such as Comcast) can see the traffic, and information about where the user is connecting from, such as their IP address. This is generally not great for reporters, particularly when conducting investigations.
Enter Virtual Private Networks (VPNs), which can help obscure the user's location to websites, and their traffic to their own internet service provider.
So how does this work? VPNs encrypt and tunnel web traffic through a remote location, obscuring the user's actual location. When using a VPN, anything a network intermediary gathers is encrypted and illegible to them. However, the websites you visit can still unscramble the traffic as normal — only the user's apparent location has changed. Free VPNs are not worthwhile, because they have a track record of logging personal data and compromising privacy.
Many reporters — particularly those focused on politically sensitive work — are the targets of coordinated digital attacks, targeting their online accounts for hijacking. Sometimes these attacks also target physical locations, such as their homes, and their families. Much of this personally identifiable information is available through search engines, public records websites, genealogy websites, or “people search” sites (e.g., Spokeo.com) which may aggregate all of the above. Many of these websites have “opt out” pages, but because there are so many, and many will repost your data every few months, it becomes a nearly full-time job to opt out from such services.
Removing someone’s personal data from the web is an uphill battle, but data privacy services can make this kind of attack harder. DeleteMe will remove your data from dozens of websites for a year at a time, for one or more people.
Learn more about how reporters can prepare for, and respond to harassment.