A guide to help potential contributors develop their skills.
If you are considering contributing to Exeter Observer please see our contributors guide.
Introduction
If you want to reduce the likelihood of anyone accessing your digital information or monitoring or intercepting your communications, there are steps you can take to increase your security.
These notes introduce some techniques and tools for those using common operating systems. Others are available, some of which are listed in the advanced section.
A basic approach
- No such thing as perfect security
- Understand your situation cf. threat model
- Think weakest link cf. end to end encryption
- Keep it simple
- Keep it free? cf. open source software
- Know who to trust
- Update!
Guides
- Electronic Frontier Foundation Surveillance Self-Defense
- Freedom of the Press Foundation
- Data Journalism
- Centre for Investigative Journalism handbook
- Centre for Investigative Journalism handbook videos
- Crytoparty
- Security in a Box
- Security planner
- Digital Defenders
- Rise Up
- PRISM Break
- Restore Privacy
- Securing Your Digital Life Like a Normal Person
- Cybersecurity for lawyers
- The Tin Hat
- Privacy and security conscious browsing
- Browserleaks
- MacOS security and privacy guide
- How DNS works
- Greycoder
- Access Now
Device security
- Cover microphones and cameras with electrical tape … whenever possible
- Encrypt startup and storage drives: Mac, Windows
- Delete data securely
Use strong passwords
- Verify signatures
Communications security
Mozilla Thunderbird is a free and open source email client that supports OpenPGP encryption by default.
K-9 Mail is a free and open source email client for Android that supports PGP encryption via the OpenKeychain add-on. Both are available via F-Droid, an open source software repository.
It is important to note that PGP encryption doesn’t secure the sender and receiver information that are necessary for email to work, or the subject line. Using a generic subject line helps address this latter issue.
Several webmail providers are also available which offer more privacy-focussed services.
Windows/Mac/Linux
- Thunderbird
- OpenPGP in Thunderbird
- Enigmail - PGP add-on for Thunderbird version 68 and earlier
- GnuPG
- Using PGP on Windows
- Using PGP on Mac
- Using PGP on Linux
Android
cf. key verification
Webmail+
- Protonmail - Switzerland, Android/iOS apps, automagical encryption to other Protonmail accounts, freemium
- Tutanota - Germany, green data centres, automagical encryption to other Tutanota accounts, freemium
- Runbox - Norway, hydro data centre, workers co-operative, multiple domains/aliases
- Autistici - Italy, autonomous anti-capitalist collective, account on request
- Riseup - US, autonomous anti-capitalist collective, IMAP/XMPP/VPN services, account by invitation
- Fastmail - Austrian company with US data centres, see security info, free trail only
Instant messaging inc. audio/video
Signal is end-to-end encrypted, available for Android, iOS, Windows, Mac and Linux and is open source software, which means its code can be audited by privacy experts to confirm its authenticity, among other things. It can be also be used to make secure voice (and video) calls, as can Jitsi.
Signal (Windows/Mac/Linux + Android/iOS)
Jitsi (Windows/Mac/Linux + Android/iOS)
Element (Windows/Mac/Linux + Android/iOS)
Pidgin (Windows/Linux + Mac)
Teams
Network security
Windows/Mac browsers
Firefox extensions
cf. Panopticlick
cf. 2FA, Fido alliance
- Firewalls (incoming & outgoing)
Using a Virtual Private Network (VPN) is an effective way of preventing websites you visit and email systems you use recording your IP address (akin to an internet postcode) and using it to identify your physical location. It can also help prevent your internet service provider monitoring your online activity.
VPNs (DNS & proxies)
Using Tor Browser is another effective way of defending yourself against tracking and surveillance. Using TAILS (see advanced secion below) is a another way of routing your internet connection via the Tor network from almost any computer and Orbot supports using Tor on Android.
TOR
Android
cf. Guardian Project
cf. LineageOS
More advanced security
- Hosts file generator
- SpoofMAC
- 1984 hosting
- Nextcloud
Testing
Security-oriented Linux distros
- TAILS - amnesiac, incognito, portable
- Whonix via VirtualBox
- Qubes - preconfigured for high security levels
cf. EU Google Personal Information Removal Request Form
More guides
- News writing
- News brief
- What is news?
- Objectivity, neutrality, impartiality & balance
- Information sources
- Perspective sources
- Multimedia collateral & copyright
- Style
- Subediting
- Feature writing
- Research resources
- Data protection & media law
- Local government transparency & information access rights
- Exeter regional democracy & governance
- Exeter regional planning & place
- Exeter regional transport & mobility
Guides covering other Exeter regional policy and practice areas are also being prepared.