journalistic insecurity and facilitating whistleblower privacy

Damian Gerow dgerow at afflictions.org
Sat Mar 11 13:56:06 PST 2006


Thus spake coderman (coderman at gmail.com) [11/03/06 05:27]:
: are the vast majority of journalists really this brain dead?  here is
: what i'd like to know  from a reporter to whom i was about to divulge
: sensitive information:
: 
: - do i _really_ trust you?  even if they turn the screws?
: 
: - do you know what physical security is (and implement it)?
:   [ oops, is anyone left standing? ]
: 
: - do you use network security best practices when communicating
: privately online?
:   [ os up to date with security patches, unnecessary services
: disabled, firewall, etc ]
: 
: - can i communicate via a secure channel?
:   [ examples: whispered conversations in a noisy parking garage ;)
:     off the record with mutually verified keys http://www.cypherpunks.ca/otr/
:     other SSL mechanism with mutual authentication like http://openvpn.net/
:     pgp/gpg encrypted email (though this seems not so popular?) ]
: 
: - do you protect your stored data appropriately?
:   [ loop-aes encrypted volumes, FileVault, gpg encrypted files, etc ]
: 
: - do you use good passwords/phrases for authentication?
: 
: what other questions would you ask?

- How do you store your passwords?  I'd hope you're not using the same
  password for everything; how do you remember all of them?

- What is your past history with confidential sources?

- Which paper, etc. do you work for?  What is /their/ history with
  confidential sources?

- Does your workplace protect stored data appropriately (think backups of
  data pulled out of mounted, thus unencrypted, encrypted volumes)?

- Do you use a cellphone/beeper/etc.?  How?  When?  With whom is the account
  associated?  Can you leave it on and at your office/home when we meet?





More information about the cypherpunks-legacy mailing list