[liberationtech] Forbes recommends tools for journalists

[Nick M. Daly]

frank at journalistsecurity.net writes:

> If anyone here has any thoughts about the tools recommended in this
> Forbes piece, please speak up. The piece gets specific with
> recommendations form Ashkan Soltani, a technologist who I do not think
> is on this list, about half way down. Again, any thoughts would be
> welcome. Thank you! Frank
>
> http://www.forbes.com/sites/kashmirhill/2012/12/07/dear-journalists-at-vice-and-elsewhere-here-are-some-simple-ways-not-to-get-your-source-arrested/

After the article came out, I mailed the author the following questions,
because it seems like Skype isn't appropriate for anyone worried about
surveillance by state actors or, after I found article [2], private
actors.

    In a recent Forbes article, "Dear Journalists at Vice and Elsewhere,
    Here Are Some Simple Ways Not To Get Your Source Arrested" [0], you
    mentioned that Skype's security depends on your threat model.  Under
    what threat models is Skype an appropriate choice?

    The best description I could find suggests that Skype manages
    connection information and encryption keys, centrally [1].
    Centrally managing both types of data makes they system particularly
    vulnerable to MITM-based attacks (most worryingly: impersonation,
    which allows eavesdropping).  That hardly seems appropriate for
    journalists, who need to keep their sources and conversations secret
    even from state- or law-enforcement-based actors, on occasion.

    Thanks for your time,
    Nick

    0: http://www.forbes.com/sites/kashmirhill/2012/12/07/dear-journalists-at-vice-and-elsewhere-here-are-some-simple-ways-not-to-get-your-source-arrested/

    1: http://paranoia.dubfire.net/2012/07/the-known-unknows-of-skype-interception.html

2: https://www.techdirt.com/articles/20121106/02133820945/skype-accused-handing-out-private-info-to-private-company.shtml