Steal this Digital Security Toolbox


Protecting your digital data – especially communication with sources and other source material – is an essential part of being a journalist in the digital age. Legal protections around digital documents are vastly different from those relating to hard copy materials, and governments and service providers have access to more than you think. This session will give you the background, basic skills and some best practices for keeping you, your sources, and your stories safe online.


  • Notes
  • Daniel Petty Sep 21, 20124:40 pm

    Some final tweets on this session from audience members:

    Daniel Petty Sep 21, 20124:28 pm

    With “Incognito Mode” or “Stealth Mode” or “Private Browsing” — that’s only related to browser history, not at all a secure way to browse the web.

    That ends the session from Susan McGregor, assistant professor at the Columbia School of Journalism.

    Daniel Petty Sep 21, 20124:23 pm

    Question from an audience member about Adium, the chat client, is pretty safe because it’s a chat protocol (if I’m hearing this correctly). It’s WAY different from saying you’re “Off the Record” on Gchat.

    Daniel Petty Sep 21, 20124:19 pm

    Question from an audience member: Does Evernote do encryption? Susan McGregor doesn’t know about that (you can encrypt individual notes on Evernote), but generally third party tools get tricky.

    Daniel Petty Sep 21, 20124:18 pm

    Realize that most of the steps to set up security are set-and-forget. FileVault, if you use a Mac, is in your System Preferences. That’s an easy way to encrypt your hard drive data.

    Daniel Petty Sep 21, 20124:13 pm

    Daniel Petty Sep 21, 20124:11 pm

    Some additional tools for web browsing security: Tor (the onion router) can be used to obfuscate your browsing behavior and location. However, there ca be legal risks that users should consider.

    Encrypted communication tools for desktop and mobile that integrate with your existing hardware and services, such as Gibberbot, CryptoCat, and OSTel. Check out and

    Daniel Petty Sep 21, 20124:07 pm

    Virtual Private Networks make your traffic appear as if it’s coming from somewhere else.

    Daniel Petty Sep 21, 20124:03 pm

    Ussing https? That’s a good start. Encrypted networks are worth paying for (WPA2 is the preferred one for wireless). Also: Use a virtual private network to protect you from traffic snooping, which can be used to monitor your location and activities.

    The standard wireless router is pretty easy to hack to find your location, based on IP addresses you are using.

    Daniel Petty Sep 21, 20123:59 pm

    There’s actually a pretty simple fix. FileVault and TrueCrypt to encrypt your hard drive.

    Daniel Petty Sep 21, 20123:54 pm

    As an aside, I did this a few weeks ago when copy my old hard drive over to a new hard drive.

    Susan McGregor says it’s sometimes easier to crack into PCs because they’ve been around longer — and are more widely available — so more people do it.

    Now she’s holding down the POWER button, APPLE key and S. She’s in single user mode. She’s essentially operating from a command line prompt now and navigating through everything. She’s found a file called .applesetup and deleted it, which means she can eventually set up a new profile that sets up an admin account — go to the original user name, unlock permissions. And off you go.

    Daniel Petty Sep 21, 20123:47 pm

    We’re actually going to watch a computer get hacked right now — in real-time. She’s holding down the T-key on a mac computer — showing a firewire signal. She’s mounted the mac in “target” mode. If you were able to plug a firewire cable from his computer to her computer — that simple.

    Daniel Petty Sep 21, 20123:44 pm

    You should encrypt your devices: TrueCrypt is an open-source and cross-platform software. A password is not enough to encrypt your device.

    It can take seconds to break into an unecrypted computer, and you may never know it happened. Someone can steal data or track the location of your computer.

    Daniel Petty Sep 21, 20123:43 pm

    Here live blogging Information Security:

    Shield laws only work if you have the opportunity to invoke them, which doesn’t happen if your data provider turns over your information voluntarily.

    Do we have rights to privacy in the digital arean? Not so much. The Electronic Communications Privacy Act (ECPA) was written in 1986, and was designed to protect financial information and network owners. Email, location data and other sensitive information can fairly easily acquired by law enforcement.