How to shop for a journalist: A security gift-giving guide

Martin Shelton

Principal Researcher

A series of gadgets laid out on a wooden tabletop, including an iPad opened to ProPublica, two "data blocking" USB devices, a Yubikey authentication device, external hard drive for local backups, USB type-C adapter, and webcam stickers.

Sometimes I need gifts for my journalist friends. Most people don’t get into this line of work for the overwhelming paycheck, so journalists don’t always treat themselves to gadgets and services that will make their jobs safer and easier. But maybe you can treat them instead.

Journalists are sometimes missing some important tools that will help them do their job more safely. Plenty of gadgets (e.g., computer hardware) can help protect journalists' security and privacy. We’d also like to highlight a few subscription-based services that can help protect journalists as they work on the web.

Gadgets

USB condoms

USB data blocker, blocking connection between charging cable and laptop

Normally, when you connect your phone to a charger through a USB cable it can transfer both power and data. This is why you can either charge your phone when plugged into an outlet, or keep the phone charged while transferring data between your phone and computer. The problem is that every USB port you plug in may also transfer data to or from your devices.

How does this work? Typically the USB cords that charge your phone (and increasingly, laptops powered with USB Type-C) have multiple hardwired connectors, or “ports,” which transfer data or power. Modern smartphones tend to have onboard software that help prevent unnecessary data connections, but because they're easy to click through, you may sometimes introduce unwanted data connections when charging. The good news is that it’s easy to physically ensure the data connection is disabled.

A data port blocker (often called a USB condom) is a device that disables data ports in USB cables, typically by covering them up to prevent a connection. Some data blockers (e.g., PortaPow) also include a chip that regulates the flow of power to a device, allowing the device to charge faster.

Security keys

When you log into a website, typically access to your account only requires a password. However, a growing number of websites allow you to better secure your account with a second piece of information — a second “factor” — beyond your password. We sometimes call this two-factor authentication.

A security key, such as a YubiKey, is a small device that you can use as a second factor. Many popular services (e.g., Twitter, Google) support security keys. First, check to ensure your favorite website supports them, and follow that website’s installation flow. They’re typically easy to set up and use. When prompted during login, just tap the button on the security key. That’s it.

There are many kinds of security keys, with many form factors. The cheapest and simplest one we recommend is the $20 Yubico Security Key, which supports the USB connection you’d find in any old-fashioned USB port. Yubico also supports other connection types (e.g., the standard iPhone connector), but they’ll cost you extra.

Note: Many new devices (e.g., Macbooks from 2016 and beyond) may need a USB Type-C YubiKey, or a Type-C adapter. Here’s a list of Type-C adapters confirmed to work with YubiKeys.

Learn more about two-factor authentication here.

Webcam stickers

Webcam stickers featuring the Electronic Frontier Foundation's logo in black and red.

Get that journalist a webcam sticker. Journalists love webcam stickers.

If your device is hijacked by malware, a hacker may have all of the same permissions as you do. You own it, but so do they.

Enter some of our most unhackable anti-surveillance technology: Stickers.

If someone breaks into your device, a webcam may be the least of your problems. But it’s nice to have the peace of mind to know you’re not visible on your webcam unless you choose to be.

Our friends at the Electronic Frontier Foundation offer some of our favorite webcam stickers, which can be reapplied, and can last months at a time. Flat, sliding webcam shutters also work well for closed laptop lids and can last for years.

Backup hard drives

Computers inevitably break down, and are sometimes lost, stolen, or even remotely hijacked. Having a personal data backup can save a lot of heartache.

Unfortunately, we see a growing number of organizations and individuals hit with ransomware attacks designed to crawl through a network and encrypt its connected computers, rendering them useless. Those computers can only be unscrambled under one condition: pay the attackers a decryption fee. This is exactly what happened to a San Francisco Bay Area public radio station in 2017. Even more commonly, devices are simply lost or stolen. This is why it’s wise to make a backup to an external hard drive, which can be used to roll back to a previous snapshot of your activity on your devices.

Windows users can back up and restore devices using File History, while Mac users can make backups with Time Machine. External hard drives can also be to encrypt only specific files or to archive sensitive data for long-term storage. (Check out our guide to learn how.)

  • Wirecutter: Pick whichever is cheapest and does the job. (Note: While a 2-4 terabyte drive will be plenty of space for most reporters, filmmakers will eat up hard drives with digital video, and will appreciate more space.)

Online safety reading

During quarantine, the journalist in your life probably wants to cozy up with a security book, right? Right.

We have a tough time finding books with strong and accessible security advice for beginners, but we do have one we can recommend. While unpacking the many risks to personal information and our own well-being online, Keep Calm and Log On does an exceptional job of framing issues of media literacy in an empowering way.

  • Keep Calm and Log On by Gus Andrews, $24.95. (Price may vary)

Subscriptions

Password managers

People have a bad habit of reusing passwords, and hackers know this. Every week, it seems like there’s a story about a large-scale password breach passwords; this is why it’s so important not to re-use the same password. At the same time, using unique passwords on every account is impractical — unless you have a password manager.

A password manager simplifies the process of generating and using dozens of strong, unique passwords through a dedicated password “vault,” which can only be unlocked with one password, using authorized devices. Password managers (e.g., 1Password, LastPass) will allow users to automatically fill out all of their passwords on their devices.

Saving time, and securing accounts are both significant advantages for reporters with password management subscriptions.

Learn more about password managers.

Virtual private networks

It's very possible your journalist friends spend most of their time at home right now. When connecting to websites, those websites and intermediaries (e.g., your Internet Service Provider such as Comcast) can see the traffic, and information about where the user is connecting from, such as their IP address. This is generally not great for reporters, particularly when conducting investigations.

A screen capture of a tweet from security researcher Runa Sandvik, captioned, "This clip from the New York Times archive highlights why you might want a VPN in your toolbox for investigative projects."

Enter Virtual Private Networks (VPNs), which can help obscure the user's location to websites, and their traffic to their own internet service provider.

So how does this work? VPNs encrypt and tunnel web traffic through a remote location, obscuring the user's actual location. When using a VPN, anything a network intermediary gathers is encrypted and illegible to them. However, the websites you visit can still unscramble the traffic as normal — only the user's apparent location has changed. Free VPNs are not worthwhile, because they have a track record of logging personal data and compromising privacy.

  • Important: We are not aware of a reliable way to gift a VPN subscription directly. Instead, consider giving them a prepaid Vanilla gift card, a strongly worded suggestion of a VPN, as well as a link to your preferred sign-up page.
  • Mullvad VPN is €5 / month. Note that there are many competitive options, but this works well for most people.
  • Check out Wirecutter and our own in-depth guide to VPNs to investigate more VPNs for the journalist in your life.

Data privacy services

Many reporters — particularly those focused on politically sensitive work — are the targets of coordinated digital attacks, targeting their online accounts for hijacking. Sometimes these attacks also target physical locations, such as their homes, and their families. Much of this personally identifiable information is available through search engines, public records websites, genealogy websites, or “people search” sites (e.g., Spokeo.com) which may aggregate all of the above. Many of these websites have “opt out” pages, but because there are so many, and many will repost your data every few months, it becomes a nearly full-time job to opt out from such services.

Removing someone’s personal data from the web is an uphill battle, but data privacy services can make this kind of attack harder. DeleteMe will remove your data from over 40 websites for a year at a time, for one or more people. Another service called PrivacyDuck supports two or more people and is significantly more expensive, but will remove your data from about 90 websites.

Learn more about how reporters can prepare for, and respond to harassment.

Donate to protect press freedom.

Your support is more important than ever.