Dear journalists and activists—indeed, anyone who is concerned about security online. See this awesome, accessible security guide by @citizenlab. Try it out! I will also put some more specific suggestions for high-risk people in thread below!
https://securityplanner.org/#/
-
-
For example, I backup all my iOs photos to the cloud. I don't back up any chats. I lose a phone, I lose all my chats. I thought about this long and hard, and decided this was the best option for me. My pics are memories/places/people and nothing ever that would be a threat to me.
Show this thread -
Are you an org that does high-risk work? I mean, anything that touches politics? Threatens any organized group? Pisses of 4chan or a government? I'd GET OFF EMAIL AND SLACK (GET OFF BOTH!) and move all chater to Signal or WhatsApp on iOS devices: Ipads/phones with keyboards.
Show this thread -
Look, it's not just that you're doing nothing wrong. Your private life is private, your bad jokes make sense only to friends, and anything can be weaponized against you. (See
@samseder case). Don't chatter on email, slack or Twitter DM. Signal or WhatsApp on iOS is your best bet.Show this thread -
WhatsApp retains metadata (who talks with whom and when) but Facebook cannot access the content because it's end-to-end encrypted. Great option for people who aren't on Signal—many people are already on WhatsApp and sometimes you can't switch people.https://twitter.com/karmel80/status/943490216668614657 …
Show this thread -
There is no other option on the phone market for ordinary people. If you care about security and privacy, you have to be on an iOs device. Secure enclave plus a whole bunch of other structural and hardware settings compel this choice https://twitter.com/EvansRyan202/status/943490767154307072 …
This Tweet is unavailable.Show this thread -
Protect your phone (iPhone!) like a hawk, just like your personal email. Long, difficult passcode. For TouchID: in the US, you can be *compelled* by law to put your finger on your phone. You cannot be made to cough up your passcode. Consider your risks.https://www.theatlantic.com/technology/archive/2016/05/iphone-fingerprint-search-warrant/480861/ …
Show this thread -
After all of this: remember, any conversation is as secure as the weakest link. Most likely way something gets out is... the other end of the conversation, not some expensive hack. Always ponder the recipient/group (and the size of the group) when typing something online.
Show this thread -
I don't mean to make people paranoid! I make bad jokes on many platforms. :-D But it make sense to have a workable, reasonable security set-up hardware and software wise, and just exercise caution especially if you are a journalist/activist or anyone at risk of being targeted.
Show this thread -
If you like the convenience of TouchID (and your fingerprint is stored locally though I have concerns about normalizing biometrics as ID), at least remember this. You can quickly disable TouchID with five taps depending on your İphone make. Try it out.https://www.imore.com/how-quickly-disable-touch-id-when-you-need-extra-security …
Show this thread -
For truly high-risk work (investigating a powerful nation-state or a corporation), this is great advice. Get a second dedicated device. You can get a Chromebook for under $200. No excuse for newspaper/investigative work. Segmentation is the best security. https://twitter.com/43blah/status/943496408635764736 …
This Tweet is unavailable.Show this thread -
TouchID has it uses, for sure. Guards against shoulder-surfing. But has downsides, too. I don't tell people not to use it, but consider the issue (which is explained more upthread).https://twitter.com/bitmaker_me/status/943640165230166016 …
Show this thread -
People, take note. Phishing attempts to journalists are basically industrialized, best defense is two-factor authentication preferably with security key—if unavailable, code generators. https://twitter.com/josephfcox/status/944119363954765824?s=17 …
This Tweet is unavailable.Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
) but it will do.