Tom Lowenthal/CPJ Staff Technologist
A strong believer in individual privacy and personal freedom, Staff Technologist Tom Lowenthal is CPJ’s resident expert in operational security and surveillance self-defense. He is also a freelance journalist on security and tech policy matters. The fingerprint of his GPG public key is 1ADE 9951 1A97 95FA 3557 53DC 51E7 1B75 4A09 B187. Follow him on Twitter @flamsmark.
Video: Protecting journalism (not just journalists) takes tech that’s safe for everyone
On July 23, I gave a presentation as part of the HOPE XI hacker conference at the Hotel Pennsylvania in New York City. My talk, entitled “Won’t Somebody Please Think of the Journalists?” described the challenges of protecting journalists in a world where journalism is no longer conducted only by professionals. I exhorted the technologists…
Status update: Facebook users now have access to PGP encryption
Today Facebook announced on its blog a new set of features adding support for the PGP email encryption system. The changes allow users to post their public email encryption key to their Facebook profile, inviting others to encrypt future emails. In a move that significantly bolsters security, it is also now possible to request that…
When it comes to Great Firewall attacks, HTTPS is greatest defense
The power of HTTPS to protect has been brought into sharp focus by a series of attacks against software collaboration site GitHub. These attacks consistently failed because of the site’s universal use of HTTPS. Most recently, GitHub reported a blistering series of distributed denial of service attacks in March, which it believes were an attempt…
China’s CNNIC issues false certificates in serious breach of crypto trust
In a major breach of public trust and confidence, the Chinese digital certificate authority China Internet Network Information Center (CNNIC) certified false credentials for numerous domains, including several owned by Google. The deliberate breach had the potential to seriously endanger vulnerable users, such as journalists communicating with sources. The breach was discovered by Google and…
Yahoo! End-to-End email preview promises greater protection for journalists
Good news for journalists wanting added protection from surveillance. Yahoo! has announced a technical preview of its email security tool End-to-End, which it has been developing in collaboration with Google. This is another milestone in the tech companies’ efforts to protect users not just from outsiders, but also from the companies themselves.
China doubles down on counterproductive censorship
In a move unlikely to surprise those who access the Internet from mainland China, the country’s Ministry of Industry and Information Technology recently blocked several popular tools used to bypass the “Great Firewall” national Internet censorship system. Citing the need to protect “cyberspace sovereignty” and to “maintain cyber security and steady operation,” the Ministry changed…
How Facebook’s Tor hidden service improves safety for journalists
Facebook announced on October 31 that it has made it easier and safer for users to gain access to its social network by using a dedicated Tor hidden service at https://facebookcorewwwi.onion. A dedicated hidden service access point is a powerful move to protect journalists and anyone else who uses Tor to protect privacy or circumvent…
Simple steps to protect journalists and sources from eavesdroppers
Journalists are among those most likely to face technical attempts at attack and interception. Reporting is based on discussions with sources who may want to remain out of the limelight, and news sites attract extensive readership, making them a desirable target for potential attackers. But there are simple steps to protect against the most common…
How automatic encryption ensures safety by default
The year is 1991, the month April. EMF is playing on the radio. The term “cyberspace” has existed for only half a decade. The world wide web won’t exist for another four months. The software engineer Linus Torvalds has only just started work on the Linux operating system. The fastest computer you can own has…