Thus spake coderman (coderman@gmail.com) [11/03/06 05:27]: : are the vast majority of journalists really this brain dead? here is : what i'd like to know from a reporter to whom i was about to divulge : sensitive information: : : - do i _really_ trust you? even if they turn the screws? : : - do you know what physical security is (and implement it)? : [ oops, is anyone left standing? ] : : - do you use network security best practices when communicating : privately online? : [ os up to date with security patches, unnecessary services : disabled, firewall, etc ] : : - can i communicate via a secure channel? : [ examples: whispered conversations in a noisy parking garage ;) : off the record with mutually verified keys http://www.cypherpunks.ca/otr/ : other SSL mechanism with mutual authentication like http://openvpn.net/ : pgp/gpg encrypted email (though this seems not so popular?) ] : : - do you protect your stored data appropriately? : [ loop-aes encrypted volumes, FileVault, gpg encrypted files, etc ] : : - do you use good passwords/phrases for authentication? : : what other questions would you ask? - How do you store your passwords? I'd hope you're not using the same password for everything; how do you remember all of them? - What is your past history with confidential sources? - Which paper, etc. do you work for? What is /their/ history with confidential sources? - Does your workplace protect stored data appropriately (think backups of data pulled out of mounted, thus unencrypted, encrypted volumes)? - Do you use a cellphone/beeper/etc.? How? When? With whom is the account associated? Can you leave it on and at your office/home when we meet?