Infosec for Journalists

This masterclass series is comprised of four 90-min hands-on sessions on information security for journalists. It will cover the risks associated to digital technologies and mitigation strategies that can be employed to improve our security, as citizens and as professionals.

This Masterclass is now Fully Booked – you can add your name to the waiting list below to be contacted in the event a place becomes available.

Participants will need to attend all four sessions.

Session 1: A general introduction to information security.

This first session will serve as a general introduction to the (broad!) field of information security. We will be giving some basic definitions, describing possible risks of using digital technologies, and introducing some of the available strategies and tools to improve our security. Examples and exercises will put things in context and help you understand the more abstract concepts. We will maintain a focus on those scenarios and strategies that are particularly relevant to the practice of journalism.

Session 2: Safe web browsing.

This session will focus on web browsing: main risks and mitigation strategies. A look at some of the technological elements behind the internet (eg the network of submarine cables, web cookies, etc) will help us understand how certain forms of surveillance are possible and how certain cyber-attacks are carried out. We will be adding some new items to your infosec toolbox, such as privacy-protecting browser extensions, the Tor Browser, the Tails operating system. We will save the time for examples and exercises.

Session 3: Encrypted communications.

What’s the digital journey an email or text message have to go through when travelling from sender to recipient? How are these electronic messages processed and encoded? Who are the actors (in between sender and recipient) that make this communication possible and what fraction of the information exchanged do they have access to? We will answer these questions while explaining concepts such as encryption, end-to-end encryption, metadata, and anonymity. Hands-on activity with VeraCrypt, OnionShare, and (time permitting) GnuPG/PGP.

Session 4: More advanced scenarios and an AMA session.

This fourth and last session will be for addressing slightly broader and more advanced topics such as evil maid attacks, crossing a border with digital devices, (hints of) operational security, cloud storage options (risks and benefits), free and open source collaborative platforms (eg Nextcloud, Mattermost, and Etherpad), how to preserve digital evidence. A ask-me-anything session.