Data Security And Safe Phone Calls
This section of the Investigative Manual by the Konrad Adenauer Foundation provides you with detailed instructions on data security, secure phone calls and cyberbullying. You can also read up on how to spot possible surveillance attacks. The following text on this website deals with more basic aspects of online security and data encryption.
Online Safety for Journalists
For journalists, safety is crucial. Not only offline, but also when you are doing online research and in your private use of the internet. This article will provide you with an overview of basic digital safety measures for journalists:
Fake Profiles and False E-Mail Addresses
Depending on the work that you are doing, think about what kind of information is available about you on social media. You might want to keep your personal profiles private. If your social media accounts are supposed to be available to possible employers, set up professional accounts. They can serve as digital business cards without revealing sensitive information about you, your friends or your family. Think carefully about who you are mentioning and tagging with these accounts, since people can learn through such actions who your friends and family are.
When you are using social media for investigative research, set up anonymous fake accounts and create extra email addresses to register them. You should also use false profile pictures. Don’t use random pictures from the web or stock photos. They can expose your profile as fake. Rather use This Person Does Not Exist to create unique, high resolution fake pictures of people that don’t exist.
What is a VPN and Why Do I Need It?
VPN stands for Virtual Private Network. A VPN facilitates your internet activity through an encrypted VPN-server. It hides your IP address as well as your identity from corporations, government agencies or possible hackers. If the country you are living in is blocking portions of the internet, a VPN can also serve as a means to bypass such blocks. Depending on the location of the VPN-server, you can just pretend to access websites from a different country entirely. If people are able to track you despite using a VPN, that might be due to the quality of the programme you are using. If you are concerned for your safety and fear that people might seriously try to track you, investing in a higher quality VPN can be worth it.
Why Should You Use a Password Manager
To keep your different online accounts safe you should use long, complicated and unique passwords. Password Managers like this will save you the trouble of remembering every single one of them, while storing your passwords safely in one place.
What is a Browser Container?
Firefox Browser Containers compartmentalize your web activity. Imagine different kinds of boxes, where information about your web activity (tracking, ads, cookies, search history) is stored. Contrary to regular browser tabs or windows, these boxes cannot communicate with each other and exchange information about you. Websites from one container won’t know what you are doing in the other container. This way, you prevent companies or tracking programs from creating a complete profile of your web activity.
Why are Browser Containers Useful?
Containers also allow you to log into one website from several accounts (as long as you do it from different containers). You can use different containers for different social media accounts, research, or even online banking. If you are using a VPN, you can also virtually be in two places at once. Simply access a restricted website from another country while still accessing other websites from your current location by simply using another container.
Browser Add-Ons For More Safety And Privacy
Browser add-ons are a simple and effective way to increase your privacy on the internet. There are hundreds of them around, but you don’t need more than a handful to increase your privacy substantially. The following list provides you with the most important add-ons for safety and privacy on the internet:
- HTTPS Everywhere
Available for Firefox, Chrome, Opera and Edge. It encrypts all information that is shared between you as the user and the website you are visiting. It enforces the more secure web-protocol HTTPS instead of standard HTTP. Compared to HTTP, HTTPS uses TLS (Transport Layer Security) to encrypt normal HTTP requests towards a website. The downside: It only works on websites that allow and support HTTPS communication. If they don’t do that, the add-on can’t enforce it.
- Privacy Badger
An add-on that automatically blocks any ad or tracker that violates user consent. It thus keeps websites and companies from secretly tracking which pages you visit on the internet.
- Cookie Auto Delete
This add-on automatically deletes unused cookies as soon as you close a tab. You can also whitelist a site if you want to permanently keep their cookies (for example if you want a website’s algorithm to tailor your user experience to your habits). Additionally, it supports container tabs and shows you the number of cookies that a site is using.
- uBlock Origin
Add-on that filters ads, webtracking and malvertising and is supported by a lot of browsers from Chrome to Safari.
- User Agent Switcher
This add-on allows you to pose as another browser and thus cloud your identity. You can use it to view a website as an iPhone-User, thus accessing the mobile version of a website through your laptop. You can also pose as a Google bot which can come in handy for websites with paywalls: Normal users cannot access the content behind the paywall but most websites will grant unlimited access to search engine bots in order to be ranked higher in search results. User Agent Switcher is available for several of the most common browsers.
The mining of cryptocurrencies takes up a lot of calculation capacity on computers. Shady miners might try to use your computer’s resources through coin mining domains in your browser. This add-on will stop these kinds of mining domains and prevent them from accessing your computer’s resources.
Advanced Safety Tips
This article only contains the most important tips. There is a lot more you can do, depending on the devices, programs and apps that you are using. Datadetoxkit and the Surveillance Self Defense kit by the Electronic Frontier Foundation provide detailed and extensive tips on keeping your data safe.
How to Keep Data Safe and Hidden
The following programs and tools are a little bit more advanced and suited for those, who want to apply more extensive safety measures.
- BleachBit: A program for Windows and Linux that deletes files, cache and hidden data junk from a lot of programmes. It also contains additional special features to delete files in a way that makes it very hard for cyber forensics to restore them.
- Kleopatra: A system for key management to encode and decode files with GNU Privacy Guard. It stores OpenPGP (encoding programme) keys and certificates.
- mat2: A python-library to delete metadata from all kinds of files. It requires you to be able to code, but if you master it, it is a powerful tool to protect your privacy. Another reason why journalists should learn to code!
- MetaClean: A less sophisticated, but also far less complicated tool. Here you simply upload files to the website. The site then deletes the metadata and allows you to download the clean files. But be careful, sites like these do not always work perfectly and are not as reliable as specialized software.
- OpenStego: A program to hide information in the metadata of JPGs or GIFs. Hide sensitive information in an inconspicuous picture and use that picture to send the information without giving the impression that you are sending anything important. You can also use it to add invisible watermarks to documents. This can be useful for tracking purposes.
- VeraCrypt: A programme that can encrypt files on your computer, as well as whole storage devices such as USBs or portable flash drives. It also comes with a very approachable beginner’s guide.