Tag Archives: security

Why every journalist should have a threat model (with cats)

Just because you're paranoid doesn't mean they aren't after you

If you’re a journalist in the 21st century you have two choices: you can choose to be paranoid, or you can choose to be delusional.

The paranoid journalist assumes that someone is out to get them. The delusional journalist assumes that no one is.

In this post I will explain why and how every journalist – whether you’re a music reporter or a political correspondent – can take a serious and informed look at their security and arrive at a reasonable evaluation of risks and safeguards.

Don’t panic. I promise that by the end of this piece you will be less anxious about security, and no longer paranoid. I also promise to use lots of lolcats. Continue reading

Interview: president of IRPI Cecilia Anesi talks about secure leaks platform IRPILeaks

IRPI leaks

Last year the Investigative Reporting Italian Project (IRPI) introduced a platform for Italian and international whistleblowers, the first of its kind in the country.

The project has been called IRPILeaks and, like the Dutch PubLeaks and WikiLeaks, is a tool for those want to leak staying anonymous and safe.

IRPI aims to use this anonymity to encourage leaks from people who want to expose misconducts of companies and public authorities. A list of risks they could face in the process is published on IRPI‘s site. Continue reading

Web security for journalists – takeaway tips and review

Web security for journalists - book cover

Early in Alan Pearce‘s book on web security, Deep Web for Journalists, a series of statistics appears that tell a striking story about the spread of surveillance in just one country.

199 is the first: the number of data mining programs in the US in 2004 when 16 Federal agencies were “on the look-out for suspicious activity”.

Just six years later there were 1,200 government agencies working on domestic intelligence programs, and 1,900 private companies working on domestic intelligence programs in the same year.

As a result of this spread there are, notes Pearce, 4.8m people with security clearance “that allows them to access all kinds of personal information”. 1.4m have Top Secret clearance.

But the most sobering figure comes at the end: 1,600 – the number of names added to the FBI’s terrorism watchlist each day.

Predictive policing

This is the world of predictive policing that a modern journalist must operate in: where browsing protesters’ websites, making particular searches, or mentioning certain keywords in your emails or tweets can put you on a watchlist, or even a no-fly list. An environment where it is increasingly difficult to protect your sources – or indeed for sources to trust you.

Alan Pearce’s book attempts to map this world – and outline the myriad techniques to avoid compromising your sources. Continue reading

Online security for journalists: never assume you’re secure

image from xkcd

image from xkcd

With news last week of the New York Times and Washington Post being hacked recently, The Muckraker‘s Lyra McKee looks at internet security.

“They were able to hack into the computer and remotely access my Facebook account, printing out a transcript of a private conversation. Then they told me who I’d been talking to over the past week and who was on my contacts list. They’d hacked into my phone. When they first told me they could hack into computers and phones, I didn’t believe them. So they showed me.”

I was sitting at the kitchen table of one of Northern Ireland’s few investigative journalists. He was shaken.

In thirty years of reporting, Colin (not his real name) has seen things that would leave the average person traumatized. A confidante of IRA terrorists, he has shaken hands with assassins and invited them into his home for a chat over a cup of tea – as he had done with me that night.

A few weeks previous, during one visit from a source, the subject of hacking had come up. Continue reading

The future of open journalism: how journalists need to step up their game

Wolf blowing down the pig's house

Illustration by Leonard Leslie Brooke, from Wikimedia Commons

Cross-posted from XCity Magazine

The future of journalism, according to The Guardian’s ‘3 Little Pigs’ film, is “open journalism”. Users are becoming part of every element of news production. The newsroom no longer has walls.

If that is going to happen then journalists need to huff, and puff, and blow down three particular houses of our own: our preconceptions around the sources that we use online; around why people contribute to the news process; and about how we protect our sources. Continue reading

20 free ebooks on journalism (for your Xmas Kindle)

For some reason there are two versions of this post on the site – please check the more up to date version here.

20 free ebooks on journalism (for your Xmas Kindle) {updated to 64}

Journalism 2.0 cover

As many readers of this blog will have received a Kindle for Christmas I thought I should share my list of the free ebooks that I recommend stocking up on.

Online journalism and multimedia ebooks

Starting with more general books, Mark Briggs‘s book Journalism 2.0 (PDF*) is a few years old but still provides a good overview of online journalism to have by your side. Mindy McAdams‘s 42-page Reporter’s Guide to Multimedia Proficiency (PDF) adds some more on that front, and Adam Westbrook‘s Ideas on Digital Storytelling and Publishing (PDF) provides a larger focus on narrative, editing and other elements.

After the first version of this post, MA Online Journalism student Franzi Baehrle suggested this free book on DSLR Cinematography, as well as Adam Westbrook on multimedia production (PDF). And Guy Degen recommends the free ebook on news and documentary filmmaking from ImageJunkies.com.

The Participatory Documentary Cookbook [PDF] is another free resource on using social media in documentaries.

A free ebook on blogging can be downloaded from Guardian Students when you register with the site, and Swedish Radio have produced this guide to Social Media for Journalists (in English).

The Traffic Factories is an ebook that explores how a number of prominent US news organisations use metrics, and Chartbeat’s role in that. You can download it in mobi, PDF or epub format here.

Continue reading

Secure technically doesn’t mean secure legally

The EFF have an interesting investigation into WSJ and Al-Jazeera ‘leaks’ sites and terms and conditions which suggest users’ anonymity is anything but protected:

“Despite promising anonymity, security and confidentiality, AJTU can “share personally identifiable information in response to a law enforcement agency’s request, or where we believe it is necessary.” SafeHouse’s terms of service reserve the right “to disclose any information about you to law enforcement authorities” without notice, then goes even further, reserving the right to disclose information to any “requesting third party,” not only to comply with the law but also to “protect the property or rights of Dow Jones or any affiliated companies” or to “safeguard the interests of others.” As one commentator put it bluntly, this is “insanely broad.” Neither SafeHouse or AJTU bother telling users how they determine when they’ll disclose information, or who’s in charge of the decision.”

85 wordpress plugins for blogging journalists

Having reached a potential plateau in my addiction to WordPress plugins* I thought I should blog about the plugins I use, those I’ve installed in preparation for potential use, and those I may install at some point in the future. Of the 85 or so plugins installed on my blog I ‘only’ have around 30-40 that are active – the rest have either been used in the past or are ready in case I need them at some point in future. Some are one-click installs; others you need to put PHP in your templates; instructions are generally given on the plugin page. I’d love to know what plugins you find useful on your own blog.

Content plugins

Add Sig allows you to add a custom signature to the bottom of posts – particularly useful if you have a multi-author blog.

Embed iFrames allows you to do just that – useful for embedding any content that uses iFrames, e.g. maps, spreadsheets, widgets etc.

Exec PHP allows you to execute PHP in blog posts. I’ve not had to yet, but you never know…

FeedWordPress is an aggregation plugin that pulls any RSS feeds you specify and publishes them on your blog. Any user clicking on a particular post will be taken to the original. This is very useful if you blog elsewhere or want to aggregate coverage of an event for an eventblog (although there are more specific packages for that now). Previously I’ve used it to pull posts from my Posterous blog so I can blog via email.

In Series is a great plugin if you’re writing a series – this creates a new box when you start writing a post that allows you to assign it to a ‘series’. Sadly the plugin site reports “There have been reports of minor breakage in WordPress 2.6, and complete failure in WordPress 2.7.” So I’m now trying out Organize Series and Series, which claim to do something similar.

Microkid’s Related Posts allows you to manually add related posts.

Postalicious will automatically publish your bookmarks (from deliciousma.gnoliaGoogle ReaderReddit, or Yahoo Pipes) to your blog. You can specify a particular tag, frequency etc.

Star Rating for Reviews allows you to give star ratings in any blog post – ideal for reviews.

Tagaroo will suggest tags based on the content of the post you’re writing, and related Flickr images you could use.

User Photo displays an image of the author next to the post (this takes some tweaking with the template code) – particularly useful for multi-author blogs.

XML Google Maps allows you to easily insert Google Map or Google Earth Plugin Maps into your blog.

Comment plugins

Spam filter plugin Akismet is an absolute must for any blog, filtering out obvious spam and holding back the dubious stuff for moderation.

BackType Connect publishes comments about your blog on other social media sites – so if someone comments on your post on Twitter, Digg, FriendFeed, Hacker News or Reddit and links to it this will pull it onto your site. This sounds like a great solution to a modern problem, but in practice it generally means lots of tweets saying the same thing – ‘here’s a blog post’, so I’ve disabled it until that is addressed.

Capture the Conversation is a similar plugin which uses your post tags to look for related tweets. This gives you more control but means the more tags you add the less likely it is to work, which obviously has implications for search engine optimisation – although you can change the settings to only look for the first tag. It appears to be particularly useful for ‘breaking news’ posts where people are talking about the issue on Twitter and you can see this from the post itself. Presentation could be better – you can customise this a little in settings too.

cForms II allows you to create multiple and customisable contact forms across your blog, including multiple forms on the same page. I’ve never had cause to use it yet, but it’s worth having just in case.

coComment simple integration (direct download) integrates your comments system with the coComment system so users can log in, tag and share comments and keep track of them via coComment.

Intense Debate Comments does the same for the comment management service Intense Debate. I seem to remember this was created for me by Intense Debate so I don’t have a download link, but I disabled the plugin when I realised it had accessibility issues, and made comments invisible from search engines.

DoFollow is a plugin which disables the default ‘nofollow’ setting on WordPress blogs (which tells search engines to disregard any links in comments). This means that links posted in comments benefit from ‘Google juice’. You can set the plugin to only remove ‘nofollow’ after a certain period of time so you can delete spam comments before then. I found that announcing the plugin attracted too many spammers, so I disabled it.

WP-FacebookConnect allows users to login and comment with their Facebook account and publish comments into their Facebook newsfeed. There’s some fiddling required.

outbrain allows users to rank blog posts – WP-postratings did something similar, as did WP-StarRateBox.

Seesmic WordPress plugin allows people to record video comments. I seem to remember this was the plugin that forced me to move to self-hosted WordPress and, amusingly, I’ve only ever had one video comment since.

Subscribe To Comments allows users to receive email updates when an individual post receives a new comment. Simple but extremely useful, and so far used by hundreds of visitors to the blog.

Top Commentators Widget shows which users comment the most on your blog. Sadly it only starts counting once installed, and the presentation needs some attention, so I disabled it, but it’s a nice plugin which showcases the biggest contributors.

WP-Forum creates a forum on your blog – instructions on the plugin page.

Blog management plugins

BackUpWordpress allows you to easily backup your WordPress database – a useful habit to get into in case something goes wrong with your blog hosting or you want to move your blog to another host. The plugin also allows you to schedule regular backups.

Cronless Postie allows you to publish blog posts via email. There are other ways to do this – for example, emailing your post to Posterous and then pulling the RSS feed from there using a syndication plugin like FeedWordPress (see above).

mobileadmin makes it easier to manage your blog via mobile phone as it “gives a mobile-friendly admin UI to browsers by user agent. Includes support for iPhone/iPod-Touch”. However, this is currently disabled as activating it triggers a fatal error (who died?)

Ozh’ Admin Drop Down Menu changes the admin view on WordPress so that it uses drop-down menus, making it easier to manage.

Plugin Manager “lets you to view, download and install plugins from wordpress.org from an AJAX’ed interface, instead of manually downloading, extracting and uploading each plugin.” It’s really very very good.

podPress is a plugin to use WordPress for Podcasting. I’ve never particularly used this, but useful to have if I ever need it.

Post Template allows you to create templates for posts with the same structure – perfect for reviews and series, and also useful to keep a multi-author blog consistent.

Role Manager allows you to assign different levels of access to different contributors to your blog – for example, only allowing a user to contribute to a particular category.

Textplace is “a plugin to include commonly used text across multiple posts, pages and templates”.

WordPress Automatic Upgrade allows you to upgrade to the latest version of WordPress with a few clicks. Essential.

WP Security scans for security vulnerabilities in your WordPress installation.

Presentation and widgets

Bunny’s Print CSS creates a stylesheet for printing so users printing pages from your blog can avoid endless pages of widgets, comments or other page furniture (including design elements).

Easy Popular Posts shows you your most popular posts – useful to install in a sidebar (you’ll need to put a line of PHP in the sidebar template for this).

Get Recent Comments provides extra customisation of the comments widget.

Global Translator “translates a blog in 34 different languages (English, French, Italian, German, Portuguese, Spanish, Japanese, Korean, Chinese, Arabic, Russian, Greek, Dutch, Norwegian,…) by wrapping four different online translation engines (Google Translation Engine, Babelfish Translation Engine, FreeTranslations.com, Promt).” The results are as patchy as you’d imagine, but take a stage out for users who may use Google Translate to read your blog.

Hot Friends creates a blogroll/friends widget based on the number of comments a blog owner makes. I’ve never had the time to set this up properly and it may not suit the nature of the OJB, but it sounds interesting.

KB Advanced RSS Widget gives you additional control over the RSS widget, e.g. which fields of the feed to display and how to format them.

KB Countdown Widget counts “the years/months/days since, until, or between events. Optional bar graph for tracking progress between two dates.” Useful if you’re blogging up to an event, or setting yourself a challenge, or launching something.

Random Redirect allows users to be taken to a random post from your blog.

Related Ways to Take Action “makes it super easy to connect your readers to ways to take action based on the content of your posts. The Plugin identifies the top three keywords for each post and then searches for related campaigns from from Change.org, GlobalGiving.com, Idealist.org, DonorsChoose.org, Kiva, Care2 and over twenty other social change websites. It then automatically loads the top three campaigns for those keywords at the bottom of each of your posts.” In reality the guesses the plugin makes can be a bit hit-and-miss, but on a more campaign-based blog they may be more accurate.

Sort by Comments “Changes the order of posts so that the most recently commented posts show up first. Also displays last comment with the posts.”

Theme Switcher allows users to switch themes. You need to put a line of code in your sidebar to create the dropdown (instructions buried here) – remember you’ll have to do this in every theme you have installed so that users can switch back. You’ll also need to make sure that you’ve deleted any themes that don’t work or you don’t like, as this will pull them all up by default.

WordPress Mobile Edition shows mobile visitors a mobile version of the site. You have to install the theme as well.

WP Web Scraper is “an easy to implement web scraper for WordPress. Display realtime data from any websites directly into your posts, pages or sidebar.” I’ve not had cause to use it yet, but could be very interesting.


FeedBurner FeedSmith makes sure that users subscribing to your RSS feed are redirected to your Feedburner feed, allowing you to keep track of numbers of subscribers, etc.

RSScloud is a plugin that allows users to be more quickly updated when you post something. Only one RSS reader supports it, but the technology appears to be gathering speed.

RSS Feed Signature allows you to add a customised signature to the end of your RSS feed. Sadly, the developer link appears to be dead. This is the only alternative I can find.

SMS Text Message allows users to receive text updates from your site – presumably in the US only, where the receiver pays for texts. It creates a widget where users can enter their phone number to subscribe. I’ve just installed this so let me know if it works.

Analytics, SEO and Social Media Marketing

All In One SEO Pack is another top-of-the-list plugin that ensures your blog content is optimised for search engines. In addition to the general settings page this adds a box below your draft posts where you can customise the title, description and metatags on individual posts.

Digg This detects if the user has come from Digg and displays a Digg This badge for them to Digg the story. You’ll have to add a line of PHP in your post template.

Google Analyticator makes it easy to enable Google Analytics on your blog and measure where visitors are coming from, what terms they are searching for, etc.

Google News Sitemap creates a sitemap to help Google News better index your site.

Google XML Sitemaps does the same: generates “a sitemaps.org compatible sitemap of your WordPress blog which is supported by Ask.com, Google, MSN Search and YAHOO”

Landing Sites shows the user posts related to the search they’ve made that brought them to your site.

Permalink Redirect ensures that only one URL is used for each post and users (including search engines) arriving at others are redirected accordingly.

ShareThis creates a button at the bottom of posts for users to bookmark that post on sites like Delicious, Digg, Stumbleupon, Facebook etc. as well as email it to a friend. For me this replaced similar plugins: SociableWP-Email and wp-notable.

TweetMeme Button creates a badge at the top of each post showing how many times it has been tweeted and allowing the user to retweet it themselves.

WordPress.com Stats tells you how many people are reading, what they’re reading, and what searches brought them here.

WP Greet Box shows a different message to visitors “depending on which site they are coming from. For example, you can ask Digg visitors to Digg your post, Google visitors to subscribe to your RSS feed”

WP Super Cache makes your site faster. “If your site is struggling to cope with the daily number of visitors, or if your site appears on Digg.com, Slashdot or any other popular site then this plugin is for you.”

WP_DeliciousPost submits your posts and pages to Delicious, allowing you to include tagging and private links. WP_LinkTools does much the same.

Plugins to make money

Amazon Widgets Shortcodes adds a button to your post editor that allows you to easily insert an Amazon carousel, slideshow, or link to an Amazon product through your affiliate store – very useful if you’re reviewing products.

Buy Me A Beer places a widget at the bottom of every post and in the sidebar allowing users to donate to your PayPal account if they liked your post (there is also a ‘coffee’ option).

Paypal Widget does much the same, but without the rather more affable beer element. I’ve never had cause to enable this, but again, useful to have.

Register Plus creates an enhanced registration page for users to log on to your blog – this opens up opportunities for restricting access if that’s what you want. I never have, so I’ve never used it. The same developers have also made Donate Plus, which has similar potential. And SponsorMe is worth looking at too.

wpLicense-reloaded allows you to select a Creative Commons license for each blog post individually.

*When I started writing this post, it was 61. Some ‘plateau’. And if 85 isn’t enough for you, see my plugin bookmarks on Delicious.