As the coronavirus outbreak brings with it a surge in online misinformation and conspiracy theories, and with a number of elections just around the corner, there has never been a better time to brush up on digital investigative skills. But whether you’re looking into certain closed groups or contacting sensitive sources, it’s critical to implement privacy and security measures to stay safe online.
First Draft’s co-founder and US Director, Claire Wardle, spoke to Christopher Dufour on May 7 for a webinar about privacy and security tips when reporting on coronavirus. Dufour is a noted national security consultant, disinformation researcher, and speaker.
As the digital landscape is constantly changing, the aim is to provide best practices and good habits that can be used to make decisions about your privacy and security online. Read on for the key takeaways from the session, watch the full webinar below or on our YouTube channel.
‘Hardening’ your browser
As a primary window onto the online world, it’s crucial to think of how your browser is set up. As Dufour highlighted, “most identity security measures are invalidated by bad browser habits.” While Dufour’s session did not focus on specific tools or software, he did emphasize that Internet Explorer was an “absolute no-go.” (It’s also no longer recommended as a default browser by Microsoft.)
Taking the time to go through the privacy and security settings on your browser is the first step to increasing online security. For a guide to “hardening” a browser, Dufour went through the setup of his own installation of Firefox during the webinar, which you can follow here. Similar measures also apply to other browsers, including Chrome and Safari.
Also central to any journalistic investigation is a search engine. On this, Dufour explained:
“Not all search engines are created equal — almost all of them exist for free because they log your search habits.
“They want to understand the keywords you’re using so that they can serve relevant ads or sell that behavior someplace.”
As such, you could opt for search engines like DuckDuckGo, which bills itself as “privacy focused.” But even then, Dufour said he would not recommend a particular search engine.
“Everyone should use what they think is great, and have that baked into your browser.”
Your data is the target
The main way journalists become victims of online attacks is through data leaks, so it’s important to be aware of your digital trail.
“We’re living in an unprecedented time where the sharing of personal information and data has moved so quickly that it is really difficult for us to wrap our minds around all the places where we have leaked information,” Dufour said.
As such, the best place to start is by trying to understand the data you leave in your wake.
A pro tip from Dufour is to “map your footprint.” He encourages journalists to write down all the email addresses and phone numbers and the places they may have been used for any online activity: apps, social media, loyalty programs, etc.
From there, log into each place and perform a security audit. Is two-factor authentication switched on? Is there old data that can be deleted? Are all the settings restricted?
If you’re no longer using the service, delete the account, he said.
Defining your digital identity
Whether you’re using LinkedIn to approach expert sources for your story, Facebook to keep up with friends, or Twitter to connect with other journalists, you’re not going to necessarily be the same person on different platforms.
“As journalists, we have a responsibility to have a public-facing profile,” Dufour said. “We need to be associated with our journalism organization, we also need the public to trust us and reach out to us in a public way.”
He recommended going back to basics with this course from the Berkman Klein Center for Internet & Society at Harvard University. Although aimed at high school students, it contains a number of steps to help individuals think critically about their online presence, as well as practical tips, such as help changing privacy settings on social media accounts.
“Think about ways to rewrite your identity in a way that’s helpful for you in all the ways you want to represent yourself online,” Dufour said.
A recurrent theme was the idea of “trade-offs.” Having all the privacy and security settings activated on a browser will, for instance, mean that you might not be able to access certain websites and pages. As such, the weighing up these trade-offs is an integral part of online reporting.
Dufour offered some words of advice. First, if you work in an organization that has such a team, “work with your IT people, not against them.”
“If you work for a company that has resources, dedicated IT security managers, they probably already have policies involved,” he explained.
“Get to know what those policies are, so that they can form in some way with your personal risk tolerance for how you want to use the company’s devices, accounts that they provide and those types of things.”
A frequent trade-off is security and privacy versus convenience. A rule of thumb: “If it’s less convenient, it’s usually more secure,” he said.
“If it’s more convenient, then usually someone is making it more convenient to pull information out.”
People do, however, need some element of convenience, Dufour acknowledged. This is why best practices and good habits should be at the heart of online reporting.
Dufour offered some “dos and don’ts” on browsing habits as well as some digital security tips.
“All this takes is a little bit of time,” said Dufour.
“One of the things that I had to learn myself in doing this is: ‘Hey, if I stop looking at pictures of laughing cats all day, and just sat down and got really serious about doing this I would build better habits so that I can return to looking at laughing cats — just in a more secure way.’”