journalistic insecurity and facilitating whistleblower privacy
Damian Gerow
dgerow at afflictions.org
Sat Mar 11 13:56:06 PST 2006
Thus spake coderman (coderman at gmail.com) [11/03/06 05:27]:
: are the vast majority of journalists really this brain dead? here is
: what i'd like to know from a reporter to whom i was about to divulge
: sensitive information:
:
: - do i _really_ trust you? even if they turn the screws?
:
: - do you know what physical security is (and implement it)?
: [ oops, is anyone left standing? ]
:
: - do you use network security best practices when communicating
: privately online?
: [ os up to date with security patches, unnecessary services
: disabled, firewall, etc ]
:
: - can i communicate via a secure channel?
: [ examples: whispered conversations in a noisy parking garage ;)
: off the record with mutually verified keys http://www.cypherpunks.ca/otr/
: other SSL mechanism with mutual authentication like http://openvpn.net/
: pgp/gpg encrypted email (though this seems not so popular?) ]
:
: - do you protect your stored data appropriately?
: [ loop-aes encrypted volumes, FileVault, gpg encrypted files, etc ]
:
: - do you use good passwords/phrases for authentication?
:
: what other questions would you ask?
- How do you store your passwords? I'd hope you're not using the same
password for everything; how do you remember all of them?
- What is your past history with confidential sources?
- Which paper, etc. do you work for? What is /their/ history with
confidential sources?
- Does your workplace protect stored data appropriately (think backups of
data pulled out of mounted, thus unencrypted, encrypted volumes)?
- Do you use a cellphone/beeper/etc.? How? When? With whom is the account
associated? Can you leave it on and at your office/home when we meet?
More information about the cypherpunks-legacy
mailing list