[liberationtech] Forbes recommends tools for journalists

frank at journalistsecurity.net frank at journalistsecurity.net
Mon Dec 17 15:08:15 PST 2012 

And my bad for sending that HTML instead of text.


> -------- Original Message --------
> Subject: Re: [liberationtech] Forbes recommends tools for journalists
> From: <frank at journalistsecurity.net>
> Date: Mon, December 17, 2012 6:06 pm
> To: "liberationtech" <liberationtech at lists.stanford.edu>, "Danny
> O'Brien" <DObrien at cpj.org>
> 
> 
> Appreciate the feedback, guys.
> 
> 
> We'll check out, MAT.boum.org, Oli. And we'll look at turning off geo-tagging and ObsuraCam app, too, Nathan. Brian and Michael, appreciate your input, too.
> 
> 
> And Danny, apart from your suggestions on full disk encryption and other points which are well taken, we also very much understand the importance of stressing concepts, giving people of sense of threats and options, and underscoring the importance of staying informed about changes including vulnerabilities and updates. In fact, we are avoiding the firehouse training approach, and instead developing four-week classes, in order to make sure that everyone gets concepts instead of just learning tools. The idea is to give people a foundation so they can then take responsibility and make informed choices for their own digital safety. Or so they can trust their own instincts, as I have heard you say.
> 
> 
> Thanks! Frank
> 
> 
> Frank Smyth
> Executive Director
> Global Journalist Security
> frank at journalistsecurity.net
> Tel.  + 1 202 244 0717
> Cell  + 1 202 352 1736
> Twitter:  @JournoSecurity
> Website: www.journalistsecurity.net
> PGP Public Key
>  
> 
>  
> Please consider our Earth before printing this email.
> 
> 
> Confidentiality Notice: This email and any files transmitted with it are confidential. If you have received this email in error, please notify the sender and delete this message and any copies. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
> 
> 
> 
> 
> 
>   -------- Original Message --------
>  Subject: Re: [liberationtech] Forbes recommends tools for journalists
>  From: Michael Rogers <michael at briarproject.org>
>  Date: Mon, December 17, 2012 4:42 pm
>  To: Danny O'Brien <DObrien at cpj.org>, liberationtech
>  <liberationtech at lists.stanford.edu>
>  
>  
>  -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>  
>  On 17/12/12 20:12, Danny O'Brien wrote:
>  > I think these days you have to tie Forbes' (good) advice not to
>  > save everything with an encouragement to use full disk encryption.
>  > We're in an awkward space right now where we can't fully guarantee
>  > that data gets deleted off a modern flash (SSD) drive, even with
>  > previously strong deletion tools. And forensics software is good
>  > enough to pick up a lot of local clues about what you've used your
>  > own computer for, even if you think you've turned off all logs and
>  > removed the saving of sensitive data. Minimize what you record, but
>  > also encrypt.
>  
>  Sorry to go off on a tech tangent after you've rightly pointed out
>  that this isn't simply a matter of choosing the right tech, but I'd
>  like to ask the list for a bit of advice regarding secure deletion
>  from SSDs.
>  
>  Secure deletion is a problem we could solve in software, by encrypting
>  the data and then destroying the key to render the data unrecoverable,
>  *if* we had a few bytes of persistent, erasable storage in which to
>  store the key. (Storing the key on the SSD itself doesn't work,
>  because then we can't securely delete the key.)
>  
>  I'm not aware of any suitable storage on current smartphones or
>  personal computers, so we may need to ask device manufacturers to add
>  (simple, inexpensive) hardware to their devices to support secure
>  deletion.
>  
>  So I have two questions for the list: who should we try to persuade,
>  and how should we persuade them?
>  
>  Cheers,
>  Michael
>  
>  -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v1.4.10 (GNU/Linux)
>  
>  iQEcBAEBAgAGBQJQz5G1AAoJEBEET9GfxSfMFSoH/jQ0HtBhP2bDhYLGGXk7ESU1
>  onC5tMBFUvvQzsqmVeV/HmEciW+WPeJ942Oek7r0DEWiBseFF3tMzquG/Yc4pURn
>  hYaRNlEjIzPFyZ+9kXiU7cUwGozoThKw+CxwBB4LKSEOSlqn28EmPGsKG59seDrS
>  3PJtqPcYKCWqKXmhIu3Hzc3Zn5dsRKeWZYmv9nQm40kj3YrR4OPoz/roCT72OUDu
>  E/SRCmd/zgDSy556OJ8U0xu3KNU9JLebWxYV+HRfAyctbjCnDP63LD+ABjKr+lTn
>  lQnvXB9rJtB/yzyewiG++ZlT7bpzLZ5L5hI1UkHv8Udqyfnp463Azq88Plbi5MY=
>  =9K1+
>  -----END PGP SIGNATURE-----
>  --
>  Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech<hr>--
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list