![]() As it requires no account to use it, you don’t have to share your encryption keys with any company. This is a free and open source tool with encryption by default to conduct video and audio conferences, text messages and exchange documents. You can encrypt your Facebook messenger communications. You can organize chat groups and send encrypted files and photos. Everything is encrypted before the data leaves the device. You can use it on your browser or your mobile phone. Shared files remain encrypted until authorized users open them.Īlthough this free open source tool has been on the market for some time, it was still unknown to most journalists I have trained over the last two years. Data is not only encrypted when it travels from one server to another. Users get a miniLock ID and a cryptographically generated avatar, so they can verify contacts’ identity at a glance. This new tool provides end-to-end encrypted text communication. Remember that those tools don’t protect you against key-loggers or untrusted contacts: Jitsi Meet and Peerio are great free open source tools to encrypt your communication. ![]() You can use other encrypting applications to secure your data. Unfortunately, those tools don’t support Skype chat yet. If you use Facebook or Google Hangout, use encrypting tools such as Adium (OS) or Pidgin (Windows) to add a second layer of encryption to your communication. ![]() ![]() It is also convenient to enroll in a two-step authentication system so you reduce the chances of intrusion in your accounts. Remember that your username and password are the public and private keys that those companies use to encrypt and decrypt peer-to-peer communication. Remember that Facebook, Skype and Google Hangout messages are permanently stored in their servers, and repressive government can access them through judicial orders. If your work is under threat from repressive regimes or non-state actors such as private intelligence corporations or criminal organizations, make sure you use all security features of Facebook, Skype or Google Hangout, and do not exchange sensitive information through them. There are important steps journalists should take to ensure a safer environment and improve communications security: After Edward Snowden leaked thousands of NSA communications, using technology companies as back doors to the federal agency, Facebook, Google and Microsoft put a stronger focus on security and offer new services like https per default, two-step verification and end-to-end encryption. Encryption has become an important part of both open source and proprietary communications technology. Media adversaries, whether governments, criminal organizations, corrupt officials or companies, can now easily hack journalists’ communications, learn sources’ identities, obstruct sensitive investigations and even destroy or alter electronic documents.Īside from particular threats they face, journalists should adopt encryption to fight surveillance and make it harder for their adversaries: if all journalists use encryption, it will be much more expensive for adversaries to spy on all of them than to spy on the few who are currently using these technologies.įortunately, technology is on the side of journalists and bloggers. Make the NSA's life hard.Īll journalists, whether they work in conflict zones, investigate corruption or cover local politics, need to learn how to encrypt their digital voice and text communications. Don't wait a month to thank people who report vulnerabilities in your code.Use PGP whenever you can. It looks (from the pull request) like much of this was reported over a month ago. But you should also err on the side of quickly adding people's names to it when they report things. I bring this up because it's a valuable lesson for startups. I'm also a little confused: if the team put Steve Thomas on their thank-you page, why did Steve Thomas write a blog post linking directly to that page saying he wasn't on it? Vulnerabilities that devastate the security of Cryptocat earn a blog post. Vulnerabilities in TLS that are far less critical than this one are career-making. But there's a key difference between TLS and Cryptocat: the whole world is working on TLS security. Vulnerabilities are found semi-routinely in TLS, which was designed by several of the smartest crypto people in the world. When was the last cryptographic vulnerability discovered in any mainstream implementation of PGP? I feel bad for the team that worked on this (although I stand by my belief that they shouldn't be working on it), but this is an extremely aggravating statement. Cryptocat is not any different from any of the other notable privacy, encryption and security projects, in which vulnerabilities get pointed out on a regular basis and are fixed.
0 Comments
Leave a Reply. |