Journalists are typically on the frontline when crises hit, bearing witness to historical events, be it the collapse of a regime or the unfolding of a once-a-century pandemic. And recent events have taught us that journalists who cover online misinformation can be exposed to real-life security risks. At this unpredictable moment, diligent security practices are essential. Here are 10 privacy and security tips, along with links from the best online security organizations. This should help to ensure you and your colleagues’ physical and digital safety.
Immediate measures
1. Assess personal safety
Before grabbing your devices, take a moment and check your surroundings — are you being watched? Can anyone other than you read your screen or its reflection? Cover your webcam and microphone and if available, apply a privacy screen protector. Keep your organization updated with your whereabouts and contact methods — sometimes old-school methods like a satellite phone are the safest.
In case of emergency, contact Access Now’s free 24/7 Digital Security Helpline (available in nine languages) or Reporters Without Borders’ emergency assistance service.
2. Stay connected with external contacts
Contact your families, friends and colleagues outside the country, keep them updated about your situation and provide them with your online and offline contact methods. Maintain ongoing communication and let them know when to be concerned if you don’t get in touch. Only report and call for help online if you are certain it won’t endanger you — when in doubt, don’t leave any trace. (More on that below.)
3. Cover your digital tracks
Download browser extensions such as HTTPS Everywhere that automatically switch websites from insecure “HTTP” to secure “HTTPS” and protect against account hijacking and surveillance. Extensions like Privacy Badger help identify and block sites that are keeping records of your digital footprint. Manually switch off default tracking by all social platforms and search engines. Disable your search history. Finally, turn off location tracking on your phone and geotagging on all social apps; browse incognito and use a VPN at all times.
4. Secure email provider
Anyone can see what’s on your screen with relative ease if you use a free wireless network and an unsecured email provider. Make sure your email uses an encrypted HTTPS connection and double check your provider’s security settings.
5. Self-destructing messaging app with end-to-end encryption
Choose a messaging app with end-to-end encryption for your text messages, group chats, data transfers and voice calls, and ideally one that allows you to automatically erase, or “self-destruct” your messages, such as Signal.
6. Lock social media accounts
In a crisis, you may want to deactivate all your social media accounts and memorize your passwords; delete the accounts if necessary. Create a password-protected folder using apps like IObit as a second line of defense. Choose a different password for this “vault.”
7. Passwords, two-factor authentication
Generate complex passwords using password managers like LastPass and Dashlane, and store them in their encrypted database. For the one password you need to memorize to access the password managers, avoid using your birthday, phone number or any other combinations that are easy to crack.
For an extra layer of protection, turn on two-factor authentication (2FA) for all communication and social apps. For instance, Gmail and Facebook both have this function. After entering your password, you’d need to access your 2FA app for a unique, one-off code to access your account.
Long-term safety
1. Separate browsers and social accounts for work and personal use
Keep separate browsers and social media accounts for professional and personal purposes. Use unrelated, complex passwords on both browsers, and keep your work accounts strictly professional to protect your privacy.
2. Social media scrubbing
Regularly scrub your social media accounts with apps like Jumble and Scrubber that can detect and delete old posts based on various filters such as profanity or religious and political content. Conduct reverse image searches to double check whether photos of you have been indexed by search engines. A seemingly harmless photo can sometimes provide a surprising amount of information about you and pose a threat to your safety.
3. Editorial policy
Work with your organization to outline the physical and digital security protocols for your team and an information retention policy that ensures all information is retained and discarded securely. There should also be clauses in the editorial policy explaining how to gather news safely in closed online spaces; consider a team byline instead of an individual one on subjects you consider sensitive. Always have a satellite phone at the ready.
Check with your organization about guidelines to keep your sources safe. Go the extra mile to protect your local sources, keep their details private and scrutinize the information you intend to publish so you don’t give them away. Always blur the name, user ID and profile photo of a social media user before publishing screenshots of social posts — in some countries, people who share misinformation can face real-life consequences, including harassment, prosecution or even jail time regardless of their intentions.
Resources
- “Privacy and security tips for journalists & researchers,” webinar with First Draft co-founder Claire Wardle and national security consultant Christopher Dufour
- “The 5 closed messaging apps every journalist should know about — and how to use them,” First Draft
- “Digital security,” Global Investigative Journalism Network
- “Safety guide for journalists: a handbook for reporters in high-risk environments,” UNESCO & Reporters Without Borders
- “Journalist Security Guide,” Committee to Protect Journalists
To stay informed, become a First Draft subscriber and follow us on Facebook and Twitter.