Securing your online communications - digital security for Syrian journalists

Updated:June 2015

Securing your online communications - digital security for Syrian journalists

With travel in Syria becoming increasingly dangerous, Syrian journalists are relying on the internet to connect with and interview contacts. Learn how to safeguard your online activity.

What you use to communicate online and how you use it can increase or decrease your risk of being monitored. Here we’re looking at the ability to look at your communications with others, and how easy it is to either see what you’re talking about or who you’re talking with.

 

Get Started

  1. Protect your online accounts with strong passwords
  2. Protect your internet activity
  3. Protect your internet chats
  4. Encrypt your email
  5. Send and receive files securely
  6. Use public internet access cautiously
  7. Make an agreement with your contacts
 
 

Protect your online accounts with strong passwords

There are some important aspects you need to consider when choosing a password:
 
  • It really should be more than eight characters long. Aim for at least 12 characters. Use a mix of letters, numbers and other characters.
  • It should be both memorable for you and difficult to guess for someone else. Think about phrases or sentences, not words. This will help you keep it in your head and also make it difficult to guess or hack.
  • Do not use the same password for your different accounts.

Two-Factor Authentication in Syria

You may have heard of something called “two-factor authentication”. This is a method that a web service can use to make sure you’re the one using your pass phrase. When you log in, it will send your mobile phone a special code that you also have to use. This can add quite strong security, but isn’t reliable in Syria.

The Munk School of Global Affairs reports it is difficult for users in Syria to implement two-factor authentication for Google services because American sanctions mean that the Google Play store is blocked. You could still set it up and receive your two-factor login code via SMS messages, but some people are opposed to this method as SMS is considered to be weak on security.

Use a Password Manager

If you’re practicing good digital security then you will have a lot of long, complex passwords for each of your different accounts. It’s a very bad idea to write these down, of course. But you’re not going to remember them all.

This is where a password manager can save the day. Software like KeyPass will allow you to securely save and use all your passwords using a single main password, ensuring your accounts are as secure as possible. 

GET MORE FROM CYBER ARABS
 
 

 

Protect your internet activity

As a journalist, your internet activity could be of interest to a number of different groups or individuals. You can keep sites you visit and what you do on them private by either using a VPN service or a proxy system, such as The Tor Project. These systems mask the sites you’re visiting from your internet service provider and can help keep you from being identified when you’re using these sites. When using any proxy service:
 
  • Be careful about logging into social websites. These may still share more information than you’d like.
  • Check that it’s working properly before starting your work. For Tor, check this page (https://check.torproject.org/) first.
  • Remember that these tools can make visiting web pages somewhat slower than usual. Plan for more time when using them.

GET MORE FROM CYBER ARABS
   

 

Protect your internet chats

Facebook is often used because contacts often prefer it due to how easy it is to access and use to communicate. Using Facebook securely is more demanding as a task than you might think, though. Using popular chatting applications like Skype, Viber, and WhatsApp can be an attractive alternative. Be aware that some of these tools are more secure than others. Compare the different options here.

Alternative communication tools can be both more secure, and easier to set up. For quick, encrypted and private text chatting over the internet using your web browser, CryptoCat is an easy one to start with.  For secure internet-based texting on a mobile, try ChatSecure, which works with a number of popular user accounts. Pidgin also provides encrypted communication.

For more secure voice and video calls, Jitsi is an internet application that offers strong encryption and doesn’t keep records of your calls It makes it easier to use encryption and also stay more anonymous on the internet during conversations.

GET MORE FROM CYBER ARABS
 
RESOURCES ELSEWHERE
   


Encrypt your email

Use Gnu Privacy Guard to encrypt your email messages. For this to work, both you and your recipient need to have end-to-end encryption set up and traded public encryption keys. Once this is done, the content of your email will be secure between the two of you. One popular method is to use the Thunderbird email client, and clicking ‘add ons’ add the Enigmail extension. Other methods include using GPGTools for Apple, and GPG4win is a good package to get you started in Windows or Linux.

GET MORE FROM CYBER ARABS
   


Send and receive files securely

You’re regularly sending and receiving source material. Text documents, image, video or audio files are a part of the job. They can also reveal more about you, your contacts and your work than you might want them to.

Managing the metadata

When we talk about a ‘file’ it could mean a text document, an image, a video, spreadsheet, piece of audio, software or anything on your computer. Every time you create, download or edit something, the file can record important personal information within the document. This is called metadata. Once a file is online or accessed by someone else, it can easily fall into the wrong hands and reveal potentially damaging information.
 
Having a computer that’s not full of personal details about yourself is helpful for limiting the type of data it’s including in your files. Keep things like your name and personal information off of software and computer settings. 
 
Sending the file
  • Share files using encrypted USB sticks. One way to share files securely and discretely is to hand them to the recipient directly, possibly using an encrypted, password protected USB stick.
  • Use a temporary anonymous service. FileTea provides anonymous and short-term file sharing. The file is only shareable for the amount of time you set it for and then it’s gone. You’ve got to get your contact the exact web address for them to get it.
  • Use the Tor network and Onionshare to securely send a file anonymously and encrypted. Both parties will need Tor running on their computers. This will temporary create a link between both parties until the sender disables it.

Encrypting the file

This will protect the contents of the file. Your recipient will need the software and password to open it.

If you want to secure files and folders on a hard drive or external disc, there are various methods available. GNU Privacy Guard (https://www.gnupg.org/) is one way of doing this that is open source and works on Macs, Windows and Linux computers. There are various programmes that make it easier to use as well. You can also use applications such as TrueCrypt (version 1.7a), BoxCryptor or IES Crypt to encrypt files and send them via email.

 
 

Use public internet access cautiously

Due to continuous power cuts in government controlled areas, finishing work from home is often almost impossible, and some freelancers in Syria find themselves forced into using cyber cafes. However, this is a very risky routine. Security services demand owners of public internet cafes install a spyware that reveals users’ information and passwords.
One of the solutions to this is to use a TAILS Operating System, which can be booted from a USB flash drive. When using a security practice such as this, you need to think about your physical location and who’s paying attention to you. If possible, sit somewhere with your back to a wall or where your work isn’t obvious to others. 

GET MORE FROM CYBER ARABS
  OTHER RESOURCES
   

 

Make an agreement with your contacts

Make agreements with your contacts before you start to exchange sensitive information. Together, you should work out how you should contact each another, share information, verify one another’s identity and alert each other when a problem emerges. Setting these agreements in advance will help you to know if you’re in communication with the right person and will also help you and your contact create a safer way to communicate. Some items you should include in your agreement:
 
  • What methods will you use to communicate? This may be a secure chat tool, a separate mobile number, encrypted email or so forth.
  • How will you verify one another’s identity? Come up with a question or phrase that you can say that the other person must answer correctly.
  • How will you exchange documents or files? You may decide to do this in person, using USB drives, or use a specific online account not tied to your actual name and share encrypted files.
  • What names will you go by online? Work this out with your contact in person. Show them what your account looks so they’ll know it’s you.
  • How will you alert one another if there’s a problem? This could be something ordinary, like changing your profile picture or putting out a very ordinary sounding message. As soon as they see it, they’ll know that something’s wrong. Work out in advance what to do in such a situation.

Agreeing on pseudonyms to use in your exchanges will protect both ends of the conversation. However, two things must be taken into consideration.
 
  • First, ethically: in journalism, it is important not to mislead your contacts by posing as someone else without their knowledge.
  • Secondly, security: if you set a pseudonym for your emails and chat services, never use your real name. If a third party accesses the conversation, they will be able to identify you, and figure out that you have worked on previous material that you’ve previously published with the same pseudonym.  

 
Created: December 2014

Help us be a better resource!

Give us feedback about this page. What was helpful here, or what could be included to make it more useful?

Create a comment
Create a Comment
  • Security code
News letter sign up