Tom Lowenthal/CPJ Staff Technologist

A strong believer in individual privacy and personal freedom, Staff Technologist Tom Lowenthal is CPJ’s resident expert in operational security and surveillance self-defense. He is also a freelance journalist on security and tech policy matters. The fingerprint of his GPG public key is 1ADE 9951 1A97 95FA 3557 53DC 51E7 1B75 4A09 B187. Follow him on Twitter @flamsmark.

Video: Protecting journalism (not just journalists) takes tech that’s safe for everyone

On July 23, I gave a presentation as part of the HOPE XI hacker conference at the Hotel Pennsylvania in New York City. My talk, entitled “Won’t Somebody Please Think of the Journalists?” described the challenges of protecting journalists in a world where journalism is no longer conducted only by professionals. I exhorted the technologists…

Read More ›

Status update: Facebook users now have access to PGP encryption

Today Facebook announced on its blog a new set of features adding support for the PGP email encryption system. The changes allow users to post their public email encryption key to their Facebook profile, inviting others to encrypt future emails. In a move that significantly bolsters security, it is also now possible to request that…

Read More ›

An Internet café in Beijing. Attacks that appear to have been mediated by China's censors against GitHub, a software site vital to Chinese developers, demonstrate the importance of HTTPS in protecting against censorship. (Reuters/Jason Lee)

When it comes to Great Firewall attacks, HTTPS is greatest defense

The power of HTTPS to protect has been brought into sharp focus by a series of attacks against software collaboration site GitHub. These attacks consistently failed because of the site’s universal use of HTTPS. Most recently, GitHub reported a blistering series of distributed denial of service attacks in March, which it believes were an attempt…

Read More ›

Google's landing page for China is viewed on a laptop in Hong Kong. False credentials were issued for Google and other domains by Chinese digital certificate company CNNIC. (AFP/Frederic J. Brown)

China’s CNNIC issues false certificates in serious breach of crypto trust

In a major breach of public trust and confidence, the Chinese digital certificate authority China Internet Network Information Center (CNNIC) certified false credentials for numerous domains, including several owned by Google. The deliberate breach had the potential to seriously endanger vulnerable users, such as journalists communicating with sources. The breach was discovered by Google and…

Read More ›

Yahoo! End-to-End email preview promises greater protection for journalists

Good news for journalists wanting added protection from surveillance. Yahoo! has announced a technical preview of its email security tool End-to-End, which it has been developing in collaboration with Google. This is another milestone in the tech companies’ efforts to protect users not just from outsiders, but also from the companies themselves.

Read More ›

China doubles down on counterproductive censorship

In a move unlikely to surprise those who access the Internet from mainland China, the country’s Ministry of Industry and Information Technology recently blocked several popular tools used to bypass the “Great Firewall” national Internet censorship system. Citing the need to protect “cyberspace sovereignty” and to “maintain cyber security and steady operation,” the Ministry changed…

Read More ›

How Facebook’s Tor hidden service improves safety for journalists

Facebook announced on October 31 that it has made it easier and safer for users to gain access to its social network by using a dedicated Tor hidden service at https://facebookcorewwwi.onion. A dedicated hidden service access point is a powerful move to protect journalists and anyone else who uses Tor to protect privacy or circumvent…

Read More ›

Simple steps to protect journalists and sources from eavesdroppers

Journalists are among those most likely to face technical attempts at attack and interception. Reporting is based on discussions with sources who may want to remain out of the limelight, and news sites attract extensive readership, making them a desirable target for potential attackers. But there are simple steps to protect against the most common…

Read More ›

Apple chief executive Tim Cook reveals the iPhone 6 and Apple Watch in September. Apple's latest software includes automatic encryption. (Getty Images/AFP/Justin Sullivan)

How automatic encryption ensures safety by default

The year is 1991, the month April. EMF is playing on the radio. The term “cyberspace” has existed for only half a decade. The world wide web won’t exist for another four months. The software engineer Linus Torvalds has only just started work on the Linux operating system. The fastest computer you can own has…

Read More ›