Image for post
Image for post
Act Project Concordia. CC BY-NC 2.0

They’re tethered to wireless networks, and we are tethered to them. We spend so much time with smartphones, yet most of us devote little of it contemplating our small computers. We often treat these valuable devices more like everyday household items, as opposed to curated archives of our lives.

If there’s one item in your possession housing the most information about you, it’s probably your phone. Keeping your information safe depends on learning a little more about how to choose your small computer, and how to care for it long term.

One-time upgrades

Shopping for phones
When shopping for a mobile device, we’re often thinking about how long the phone will last. We want a strong battery, fast hardware, and lots of storage to house our apps, photos, and other data. But there’s another thing we should consider when choosing a phone: How long will the phone receive security updates? …


Image for post
Image for post

The encrypted messaging app, Signal, is quickly becoming a newsroom staple for communicating with sources, accepting tips, talking to colleagues, and for regular old voice calls and messages. While it’s a practical tool for anyone concerned with the security and privacy of their conversations, people working in newsrooms are particularly interesting targets, and should benefit from locking down Signal.

(If you’re not yet using it, learn how to get started here.)

Signal makes it easy to have a secure conversation without thinking about it. On its face, it looks and feels identical to your default text messaging app, but security experts so often recommend it because of what it does in the background. …


Passwords are the brittle wall that keep unwanted visitors out of your accounts. When it comes to account protection, two-factor authentication is one of the most effective defenses available.

Two-factor authentication (or 2FA, for short) strengthens login security by requiring a second piece of information — a second factor beyond your password. The second piece of information is usually a temporary code delivered by a device in your possession, such as your phone. It may also be something on your body, such as a fingerprint.

You might hear it referred to by a variety of names (e.g., …


Image for post
Image for post
Opera’s private browsing mode

Most popular web browsers support two types of windows: ordinary windows and “private browsing” mode. Sometimes private browsing goes by a different name, such as InPrivate mode in Microsoft Edge, or Incognito mode in Google Chrome, but we’ll just call it private browsing. I research how people understand the web for a living. Trust me when I say, if you’re not sure what private browsing does, you’re in good company. Researchers have found widespread misconceptions about what information is visible through private browsing. So let’s talk about what it does and doesn’t do.

These windows and tabs all have one important thing in common: they don’t save your information in the browser after they’re closed. …


Image for post
Image for post
GIFs, putting in work.

We love animated GIFs because they let us communicate so much with so little. They’re visual, cyclical, and easy to share — powerful features for communicating unfamiliar concepts to an unfamiliar audience. This is why we think it’s important to learn how GIFs can be used strategically in education. We are all involved in online safety education and, following a session we co-organized on this topic at RightsCon, wanted to share what we’ve learned along the way in three posts:

  1. GIF JIF ZHAIF: Teaching an educational GIF workshop at RightsCon
  2. If you’re not using GIFs to reach & teach your community, what are you doing?


Image for post
Image for post

In the crowded world of encrypted messaging apps, few tools stand out.

Wire gives you encrypted voice calls, video calls, and messaging. It uses wireless data (through a mobile plan or wi-fi), which can help save money on phone calls and SMS charges. This is great for those of us who want to call or text our friends without eating up an expensive phone plan. It also supports most major operating systems.

On Wire, conversations are end-to-end encrypted, meaning that no one except the conversational participants can read the messages. It’s open source, meaning that its code is publicly viewable. This also means it can be examined for security holes. …


Image for post
Image for post
Paul Townsend (CC BY-ND 2.0)

We’re witnessing the growth of attacks on supply chains — trusted distribution channels for delivering software and hardware. I want to tell you a bit about these attacks, because you’re going to hear more reporting about them in the future.

Supply chain attacks typically turn trusted websites into hosts for malicious installer downloads, and infected servers into hosts for “evil software updates.”

And we have now been officially warned: “Security experts agree that it’s a growing trend.”

It’s technically true that software-based supply chain attacks are growing, and that they have real potential for damage. It’s not because these attacks are new, but instead, supply chain attacks have nowhere to go but up. …


Image for post
Image for post
Nelson Sosa (CC BY-NC-ND 2.0)

Encrypted messaging apps like Signal, as well as WhatsApp and Viber, use your phone number as your main username. This means that if I want to chat with someone on these apps, I have to give them my phone number.

But we may have many reasons — both practical and principled — not to share our number with someone. These digits are personal.

Ideally, apps like Signal would allow us to use something besides our phone number as the main identifier we share with others. …


Image for post
Image for post
Todd Barrow [CC BY-NC-ND 2.0]

Computers are fragile things. You have to take care of them. When you don’t, their powers can be borrowed or stolen.

Malware lets an unauthorized third party access or take control of your device. In practice, it’s become a catch-all term for a huge variety of malicious software. That could include software that hijacks computing resources, lets an attacker monitor your screen, keystrokes, and microphone, or effectively turns your device into an expensive brick.

Many types of malware are designed to evade detection, while others make their presence quite clear. Just as you wash your hands to minimize health risks, the good news is that we can adopt some basic habits to minimize security risks before they become problems. …


Image for post
Image for post
Simply untangle. (Esfema)

A few years ago I began sending hundreds of emails to strangers — many, encrypted.

I was launching into my graduate research on the security habits of investigative reporters, and I wanted to hear from journalists with a variety of backgrounds.

If I wanted to meet technologically savvy reporters, I learned that I could more reliably catch their interest by sending a PGP-encrypted email. I also learned that this is a great way to annoy, frustrate, or otherwise upset journalists.

To understand why, let’s talk about PGP, and why it’s often at odds with journalistic work.

What is PGP?

PGP stands for Pretty Good Privacy, an encryption standard created by Phil Zimmermann in the early 1990s. Zimmermann was a peace activist. For him, PGP was a way to allow grassroots political organizations to work without worry of government eavesdropping in the U.S. …

About

Martin Shelton

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store