Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Medill online Digital Safety Guide

Tom Ritter tom at ritter.vg
Wed May 22 14:03:34 PDT 2013


Without opinion on the entirety, here are some random thoughts.

I think the password section is missing the most important piece of
advice: don't use the same password for different services.  Every one
should have it's own, and they shouldn't be algorithmic (e.g.
"myp4ssw0rdisF4C3B00K" and "myp4ssw0rdisG00GL3", etc).  This pretty
much necessitates a password manager.

I don't think mentioning "German government funded" is relevant for
GPG.  What's the point of that, to sow distrust?  Whatever your
thoughts are about Werner or the code quality of GPG, from a "Do I
trust this project to do the best it can and follow proper open source
principles and not backdoor me intentionally" I think it's well above
the level.  Whereas PGPi.org is more than 10 years out of date.

Typo: "Both PGP and GPG, however, are relatively to use."

Thunderbird: "it is designed to interact with GPG encryption software
to make it easier to encrypt email messages and files" - no it's not,
that's enigmail, an extension.  It's not built in.

truecrypt - "they can also be made to look –at least at first
glance—like large audio or video files that for some reason will not
open as if the files were for one reason or another corrupted."  I
think that's misleading.  Even with the caveat it implies something
that is not at all true.  I'd take it out.

Encrypted SMS omits TextSecure

"If you have an Android phone, download and install Tor from the
Android Marketplace" - you mean Orbot and OrWeb?  I would name them by
name, with links.

-tom

On 22 May 2013 16:41,  <frank at journalistsecurity.net> wrote:
> Hi everyone,
>
> Over a year ago Jake asked me to post any curriculum my group may come
> up with here on the list for review by anyone who may be so inclined. If
> you are so inclined, please take a look at the guide just posted here:
>
> http://nationalsecurityzone.org/site/digital-security-basics-for-journalists/
>
> I would welcome any comments at all. (I'd prefer constructive comments,
> but, most importantly, I want to know if you think something is wrong,
> misleading or off-point and/or should be redirected.)
>
> We will make changes as needed, with full attribution as appropriate to
> groups or individuals as anyone here may wish. As a non-technologist, I
> very much appreciate this community and the many truly amazing people in
> it. And that ain't smoke, it's true.
>
> This guide is posted on the Northwestern University Medill School of
> Journalism National Security Zone online, which also includes many other
> guides for reporters like, also of interest to some here, Covering
> Military Trials. In writing this digital guide, I have not tried to
> reinvent the wheel, and focus more on concepts and what journalists need
> to think about learn, rather than get into how to use tools or even
> thinking about trying to rate them. Instead the guide relies heavily on
> other resources already providing such information like
> Security-in-a-Box, along with Danny's Information Security chapter in
> CPJ's Journalist Security Guide.
>
> I have also relied on information, all with full attribution, from
> Movements.org, The Engine Room and others.
>
> Much of what is written also reflects what I have managed to glean over
> the years as a non-technologist from this group and list. If you wish to
> take issue with any one point, please do. Or the whole parts of it, or
> the entire guide for that matter, if you wish. Part of the idea behind
> putting this up at all is to advance a broader dialogue. And it is not
> mean to be exhaustive, but merely an introduction. The main goal is to
> alert journalists to how much they don't know, and need to learn, which,
> if recent news is any indication, more journalists at least in this
> nation are realizing every day.
>
> So please go ahead and dive in if you wish, and direct your comments
> back to the list or to my email also copied, as you wish. (I don't
> always check this list, so if you want to make sure I see your note in a
> timely matter, please copy me at frank at journalistsecurity.net.)
>
> And here is a nice juicy tidbit from the guide to get you started.
>
> Pretty Good Privacy or PGP along with the newer, German
> government-funded version of the same software model, GPG, is encryption
> software for emails and files. Both PGP and GPG use cryptographic
> algorithms that are stronger than what Internet Freedom activists
> believe even the U.S. National Security Agency (under most
> circumstances) is capable of decoding. Although even the best digital
> software is still subject to spyware programs on infected computers that
> allow eavesdroppers to learn the passwords to access even encrypted
> emails and files.
>
> Disagree on this or any point, please say so.
>
> Thank you, everyone!
>
> Best, Frank
>
> Frank SmythExecutive DirectorGlobal Journalist
> Securityfrank at journalistsecurity.netTel. + 1 202 244 0717Cell + 1 202
> 352 1736Twitter: @JournoSecurityWebsite: www.journalistsecurity.net
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech



More information about the liberationtech mailing list