Tag Archives: passwords

Got a new laptop? Here’s how to maintain your privacy from the start

When you get a new laptop – with no cookies on it! – it’s a great opportunity to start afresh and protect your privacy online by default. As I recently got a new laptop here’s what I did as I set it up…

Start from scratch – no importing of settings/applications

Many laptop setup wizards offer the option to import applications, documents or other elements from your existing laptop. I didn’t do this, partly because I didn’t want to bloat my new laptop with anything that wasn’t necessary (and if you use cloud storage then you can download from there anyway), but largely because I wanted to check the settings of each application as I went – this is much easier to do if you’re installing them.

Browsers – install them all

I use at least four different browsers: Safari, Chrome, Firefox and Opera. (You might also want to install Tor for particular use cases, although I’m not going to cover it here).

It’s useful to have different browsers partly because they offer different functionality, but also because it allows you to separate different activities. For example: Continue reading

Advertisements

4 password leaks, half a billion reasons to use different passwords

Do you run one of the 33 million Twitter accounts whose passwords were hacked recently?

Did you once have a MySpace account, and are one of the 360 million whose passwords have been hacked?

Or perhaps you had a LinkedIn or Tumblr account – 117 million and 65 million hacked passwords respectively. Continue reading

Research: regional publishers may be risking their sources and their brands

Whistle with spikes

Journalists say sources are less willing to talk because they are afraid of employers. Image by Terry Border

Local journalists don’t know how to protect their social media accounts, or the law regarding sources, and they don’t know what their employers are doing about online security.

That’s the upshot of research that I conducted with dozens of reporters around the UK – and it’s so important I’ve organised an event to tackle it.

Here are some of the key findings…

Journalists could be compromising colleagues – but they don’t think security affects them

Over the past year it’s been revealed that UK police forces have been accessing regional journalists’ communications, and at least one local authority has used its powers to spy on journalists meeting an employee: security isn’t just about GCHQ and Edward Snowden.

Social media accounts that have been hacked in the past few years include those reporting on subjects as innocuous as entertainment and the weather, while commercial organisations including Microsoft and Vodafone have hacked journalists’ communications when they wrote about them. This week a journalist was found guilty of helping hackers access a newspaper CMS, causing almost $1m in damage.

But local journalists’ and editors’ perception of the issue is that security is “another planet”, there’s no strategy for protecting branded social media accounts, and it is assumed reporters who routinely need to protect their sources are “usually pretty conversant with that kind of issue”.

Unfortunately, on the whole they are not. More than one experienced crime reporter that I spoke to operated on the basis that police requests to access their sources would come through the newspaper. “They’ve never taken action to gain that information from me,” one said.

But the key thing that I’ve discovered is that networked working practices in modern newsrooms mean that information regarding sensitive stories can still be accessed through communications with colleagues who do not consider security to affect them.

1 in 5 lack even basic password security

Despite feeling that security issues did not affect them, around half of journalists had made some changes to their behaviour online in the past year.

But a significant proportion of journalists were not even using different passwords for different accounts – one of the most basic security practices.

22% of journalists do not use different passwords for different accounts

 

16% of journalists did not do any of the following: use different passwords, clear their browser history, turn off cookies, turn off geolocation or use enhanced privacy settings on social media.

What are publishers doing about information security?

Despite hundreds of journalists and many editors signing Press Gazette’s Save Our Sources petition last year, there is no indication of leadership or communication from the top on the issue of source protection.

Journalists overwhelmingly said that they did not know what their organisation was doing about internet security. But perhaps more importantly, editors did not know either. “I should know the answer to that,” said one, “and it’s worrying that I don’t.”

88% of journalists do not know what their employers are doing regarding security

31% of journalists said their employer was doing enough to protect employees and sources

 

Strangely, even though only 4% of respondents said that their employers had taken steps in the last 12 months on the issue, almost a third of respondents made the leap of faith to say that their employers were “doing enough”.

Newsroom processes aren’t set up for modern law and technology

One thing became very clear: newsrooms and work processes are still set up for an analogue world where protecting sources is a reactive process. Discussions about sensitive sources focus on a potential legal defence if approached directly. No processes are in place to anticipate or prevent sources’ identities being accessed indirectly.

Likewise IT policies focus on protecting email – but there is little consideration to securing social media accounts.

And journalists felt unable to advise sources who were unwilling to talk because of workplace surveillance and contracts with ‘gagging’ clauses.

What I’m doing about it

I’ve organised an event to try to begin to address these issues, with people who have been directly affected, experts on law (including employment law) and people who can advise on the technical side. It’s in Salford at BBC in Media City on Friday November 6 – you can sign up here.

Web security for journalists – takeaway tips and review

Web security for journalists - book cover

Early in Alan Pearce‘s book on web security, Deep Web for Journalists, a series of statistics appears that tell a striking story about the spread of surveillance in just one country.

199 is the first: the number of data mining programs in the US in 2004 when 16 Federal agencies were “on the look-out for suspicious activity”.

Just six years later there were 1,200 government agencies working on domestic intelligence programs, and 1,900 private companies working on domestic intelligence programs in the same year.

As a result of this spread there are, notes Pearce, 4.8m people with security clearance “that allows them to access all kinds of personal information”. 1.4m have Top Secret clearance.

But the most sobering figure comes at the end: 1,600 – the number of names added to the FBI’s terrorism watchlist each day.

Predictive policing

This is the world of predictive policing that a modern journalist must operate in: where browsing protesters’ websites, making particular searches, or mentioning certain keywords in your emails or tweets can put you on a watchlist, or even a no-fly list. An environment where it is increasingly difficult to protect your sources – or indeed for sources to trust you.

Alan Pearce’s book attempts to map this world – and outline the myriad techniques to avoid compromising your sources. Continue reading