Resources for building further expertise
¶
What follows is a curated list of links to guides, curricula, how-to’s and in-depth resources suitable for those who wish to build further expertise.
COMMUNITIES, LEARNING AND GUIDES¶
Comprehensive resources addressing digital security in general, and online communities where digital security is discussed.
PEN America’s Online Harassment Field Manual
https://onlineharassmentfieldmanual.pen.org/
Pen America
A resource containing effective strategies and resources that writers, journalists, their allies, and their employers can use to defend against cyber hate and fight online abuse.
Published: April 2018
Added: May 2018
EFF’s Security Education Companion
https://sec.eff.org
Electronic Frontier Foundation
A resource for people teaching digital security to their friends and neighbors.
Published: November 2017
Added: December 2017
Tags: curriculum, train-the-trainer
Surveillance Self-Defense: Tips, Tools and How-tos for Safer Online Communication
https://ssd.eff.org/
Electronic Frontier Foundation
A guide to protection against surveillance, this guide also includes great material on personal digital security. Organized into overviews, tutorials, briefings, playlists.
Published: October, 2014, updated frequently (timestamp at the bottom of each guide.)
Added: June 2017
Tags: guides, surveillance
A First Look at Digital Security
https://www.accessnow.org/a-first-look-at-digital-security/
Access Now
A primer booklet for those beginning to think about digital security and threat modeling. Based around a series of useful personas. Open on github.
Published: last updated May 2017
Added: June 2017
Tags: guides, beginners
Security and privacy tips for journalists in a moment of turbulence
https://freedom.press/training/blog/security-and-privacy-tips-resources-journalists-moment-turbulence/
Olivia Martin, Freedom of the Press Foundation
An introduction to digital security with brief descriptions and links to resources on threat modeling, strong authentication, secure communications, device encryption, browser security. The article also includes guidance on update hygiene, VPNs, and phishing.
Published: December, 2020
Added: June 2017
Tags: intros, lists, beginners
Journalists in Distress: Securing Your Digital Life
https://www.cjfe.org/journalists_in_distress_securing_your_digital_life
Canadian Journalists for Free Expression
The guide includes background information describing how data flows online and in mobile networks, as well as information on browser privacy and security, encrypted communications, social media privacy, internet cafe concerns, strong authentication, and information about technical threats from authorities.
Published: January 2017
Added: June 2017
Tags: guides
Security Training Resources for Security Trainers (Spring 2017 edition)
https://medium.com/cryptofriends/digital-security-training-resources-for-security-trainers-spring-2017-edition-e95d9e50065e
LINKS TO GUIDES/ARTICLES
Rachel Weidinger, Cooper Quintin, Martin Shelton, Matt Mitchell
A “meta-guide” for finding information on the current state of U.S. digital security training.
Published: Spring 2017
Added: June 2017
Committee to Protect Journalists - Safety Notes
https://cpj.org/safety-notes/
LINKS TO GUIDES/ARTICLES
CPJ staff
A list of recent articles from CPJ concerning security, as part of their larger suite of journalist safety guides.
Published: various
Added: August 2021
LevelUP
https://level-up.cc/
CURRICULUM/GENERAL TRAINING GUIDANCE
A pedagogical resource for those providing digital safety and security training.
Published: June 2016
Added: June 2017
Rory Peck Trust Digital Security Resources
https://rorypecktrust.org/freelance-resources/digital-security/
GUIDE
Links to videos and other resources on secure communication and digital security. (Includes a well-developed risk assessment series for journalists.)
Published: various
Added: June 2017
How to Lead a Digital Security Workshop
https://motherboard.vice.com/en_us/article/how-to-give-a-digital-security-training
ARTICLE/101 TRAINING ADVICE
Rachel Weidinger, Cooper Quintin, Martin Shelton, Matt Mitchell via Motherboard
How to get started on digital security training for first-timers. The short guide encourages new and would-be security trainers with some considerations for effective training. These considerations include how to think about practical security advice, planning and logistics, building knowledge, focusing on teaching narrowly-scoped mastery, as well as self-presentation and audience engagement in security trainings.
Published: February 2017
Added: June 2017
SAFETAG
https://safetag.org/#audit
Internews, Multiple Human Rights International Training Organizations
These are resources on security support for different types of collectives (usually organizations, but also networks of varying complexities). Includes conducting pentesting audits, training, incident response processes, persuading organizations and leadership to adopt security tool, practices and policies, etc. (When groups and industries fully commit to safe practices and behaviors for staff and users, this is the next step beyond ad hoc “trainings” and peer recommendations, since doing security at a collective level is vastly more effective than doing it in a scattershot manner.)
**Published: **2016, new edition to be published late 2017
Added: June 2017
Tags: Security for Groups, Security for Networks, Organizational Security
Organizational Security Wiki
https://orgsec.community/display/OS
Internews, Multiple Human Rights International Training Organizations
These are resources on security support for different types of collectives (usually organizations, but also networks of varying complexities). Includes conducting pentesting audits, training, incident response processes, persuading organizations and leadership to adopt security tool, practices and policies, etc. (When groups and industries fully commit to safe practices and behaviors for staff and users, this is the next step beyond ad hoc “trainings” and peer recommendations, since doing security at a collective level is vastly more effective than doing it in a scattershot manner.)
Published: early 2016, intermittent additions
Added: June 2017
Tags: Security for Groups, Security for Networks, Organizational Security
WMC Speech Project - Tools and Resources
http://www.womensmediacenter.com/speech-project/tools-resources/
Women’s Media Center - multiple authors
These are resources and tools to support the The WMC Speech Project, which is dedicated to expanding women’s freedom of expression and curbing online harassment and abuse. Included are resources to assist with immediate and ongoing harassment, guides to digital security from the perspective of preventing doxxing and online harassment, and links to organizations with similar goals. Note: Some links may be out of date.
Published: late 2016, ongoing additions
Added: January 2018
Tags: Security for Groups, Online Harassment, Organizational Security, Personal Security
The Holistic Security Manual - Tactical Tech
https://holistic-security.tacticaltech.org/
Tactical Tech - multiple authors
This manual takes a holistic approach to security, treating physical, psycho-social, and digital security as part of a greater whole rather than addressing them separately. It describes a process with Prepare-Explore-Strategize-Act phases to produce security recommendations tailored to specific circumstances.
Published: September 2016
Added: January 2018
Tags: Security for Groups, Organizational Security, Personal Security
CPJ - Emergency Response Team
https://cpj.org/emergency-response/
CPJ staff
This team provides safety and security tools and information for journalists, in addition to rapid response assictance for journalists at risk.
Published: undated
Added: January 2018
Tags: Security For Groups, Personal Security, Emergency Support
Global Journalist Security
https://www.gjs-security.com/
Global Journalist Security staff
This organization provides hostile environment training for journalists and other at-risk groups. Their main focus seems to be physical security, but they also have a Digital Security For Newsrooms course.
Published: undated
Added: January 2018
Tags: Physical Security, Security for Groups, Personal Security
Global Investigative Journalism Network - Helpdesk
https://helpdesk.gijn.org/support/solutions/articles/14000036509-safety-and-security
Multiple authors
Guides covering physical and digital security for journalists, along with a helpdesk to provide support with queries related to the covered topics. Note: Many of the guides that they link to may be out of date.
Published: undated
Added: January 2018
Tags: Physical Security, Security for Groups, Personal Security
Dart Center for Journalism and Trauma
https://dartcenter.org/
Multiple authors
Guides and teaching resources to support journalists reporting on traumatic topics and events.
Published: undated
Added: January 2018
Tags: Physical Security, Security for Groups, Psychological Support
International SOS
https://www.internationalsos.com/
International SOS staff
Risk management consulting and support for organizations operating in hostile environments.
Published: undated
Added: January 2018
Tags: Physical Security, Security for Groups, Risk Management
Control Risks https://www.controlrisks.com// Control Risks staff Risk management consulting and support for organizations operating in hostile environments. Published: undated Added: January 2018 Tags: Physical Security, Security for Groups, Risk Management
On Call International
https://www.oncallinternational.com/
On Call International staff
Risk management consulting and support for travelers and organizations operating in hostile environments.
Published: undated
Added: January 2018
Tags: Physical Security, Security for Groups, Risk Management
PERSONAL DIGITAL SECURITY¶
Resources for securing accounts and personal digital integrity.
Security Planner
https://securityplanner.org/
Consumer Reports
A resource that provides digital security recommendations based on responses to a few simple questions. It’s a good starting-point for basic digital security policies for journalists in low-risk situations.
Published: December 2017
Added: January 2018
Tags: Personal Digital Security
Security for Journalists: Part 1: the Basics
https://source.opennews.org/articles/security-journalists-part-one-basics/
Jonathan Stray
A beginner-friendly introduction to threat modeling, strengthening authentication, identifying phishing attacks, as well as device encryption. While this resource came out in 2014, its lessons are still applicable today.
Published: 2014
Added: June 2017
Securing Your Digital Life Like a Normal Person
https://medium.com/@mshelton/securing-your-digital-life-like-a-normal-person-a-hasty-and-incomplete-guide-56437f127425
GUIDE (101)
Martin Shelton
A very approachable guide to better security practices for the average user of the internet.
Published: December 2015, regularly updated
Added: June 2017
Umbrella from Security First
https://secfirst.org/index.html
MULTIPLE GUIDES (ANDROID, TEXT FILES) Umbrella is a huge conglomeration of numerous other guides, including EFF’s SSD, Security-in-a-Box, humanitarian physical safety guides, and many more – complete list of guides here.
Security First
An open source (github) app with checklists and details about online and physical security.
Published: 2015, actively updated
Added: June 2017
Digital Privacy at the U.S. Border
https://www.eff.org/wp/digital-privacy-us-border-2017
GUIDE
Sophia Cope, Amul Kalia, Seth Schoen, Adam Schwartz, Electronic Frontier Foundation
In light of the looming U.S. travel ban targeted at individuals traveling to and from primarily Muslim countries, the Electronic Frontier Foundation Part released this whitepaper to examine travelers’ security options at the U.S. border. The paper examines the basics of risk assessment, as well as legal, technical, and practical concerns when you are preparing to leave, arriving at the border, and what to do afterwards. The guide also examines your rights, U.S. border policy, a wide range tools you can use to protect yourself, and their constraints.
Published: March 2017
Added: June 2017
Anti-phishing and Email Hygiene
https://freedom.press/training/email-security-tips/
TOOL-SPECIFIC GUIDE
Harlo Holmes, Freedom of the Press Foundation
This guide covers threat modeling, authentication practices, as well as common phishing tactics and how to avoid them.
Published: December 2016
Added: June 2017
Password Managers for Beginners
https://medium.com/@mshelton/password-managers-for-beginners-d1f49866f80f
TOOL-SPECIFIC GUIDE
Martin Shelton
A beginner-friendly guide describing why password managers are useful, branching into three step-by-step guides for getting started with 1Password, Bitwarden, and KeePassXC.
Published: November 2016
Added: June 2017
2FA Directory
https://2fa.directory/
TOOL-SPECIFIC GUIDE
Josh Davis, et. al.
Two Factor Auth is a list of popular websites, and information on whether they support two-factor authentication. It offers links with instructions for setting up two-factor authentication on each web service. On github here.
Published: ?
Added: August 2021
Two-Factor Authentication for Beginners
https://freedom.press/training/2fa-beginners/
TOOL-SPECIFIC GUIDE
Martin Shelton, Freedom of the Press Foundation
This guide examines how to use two-factor authentication by breaking it down into multiple methods, and walking through how to set it up, using Gmail as one example. It also describes some considerations for its use in a team setting.
Updated: February 2020
Added: August 2021
The Best VPN Service
https://www.nytimes.com/wirecutter/reviews/best-vpn-service/
TOOL-SPECIFIC GUIDE
Yael Grauer via Wirecutter
Well-researched suggestions on strong VPNs, and the basics of choosing a VPN.
Published: May 2021
Added: August 2021
Encrypting your laptop like you mean it
https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/
TOOL-SPECIFIC GUIDE
Micah Lee
A detailed resource on disk encryption for Mac devices with FileVault, Windows PCs with BitLocker, and Linux machines at the time of installation. The guide covers several attacks for stealing data from an unencrypted device.
Published: May 2015
Added: June 2017
SECURE COMMUNICATION¶
Resources and tools for secure digital communication.
Surveillance Self-Defence Against the Trump Administration
https://theintercept.com/2016/11/12/surveillance-self-defense-against-the-trump-administration/
INTRO ARTICLE/SHORT LIST OF STEPS
Micah Lee, The Intercept
Framed for “activists and other concerned citizens.” Some steps are basic (encrypt your phone), some are more advanced (use Qubes).
Published: November 2016
Added: June 2017
Surveillance Self-Defence for Journalists
https://medium.com/the-intercept/surveillance-self-defense-for-journalists-ce627e332db6
INTRO ARTICLE/SHORT 101 CHECKLIST OF STEPS
The Intercept
Checklists for secure digital communications.
Published: January 2017
Added: June 2017
Edward Snowden on how to Reclaim your Privacy
https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/
INTRO ARTICLE/SHORT 101 LIST OF STEPS
Micah Lee, The Intercept
Snowden himself on how to regain as much of that sweet sweet privacy as possible.
Published: November, 2015
Added: June 2017
Signal, the secure messaging app: A guide for beginners
https://freedom.press/news/signal-beginners/
TOOL GUIDE
Martin Shelton, Freedom of the Press Foundation
A primer for using Signal for newcomers. Covers setup, using the app, and potential risks.
Published: February 2017
Added: August 2021
How to Keep Your Chats Truly Private with Signal
https://theintercept.com/2017/05/01/cybersecurity-for-the-people-how-to-keep-your-chats-truly-private-with-signal/
Micah Lee, The Intercept
A thorough, step-by-step guide on using Signal as securely as possible. The guide includes a short video overview, and information on securing your mobile device, hiding lock screen messages, deleting old messages, exchanging video and photos, group chat, voice and video, adding contacts, verification, and using the desktop app.
Published: May 2017
Added: June 2017
Signals, Intelligence
https://medium.com/@thegrugq/signal-intelligence-free-for-all-5993c2f72f90
Thegrugq
A useful resource for understanding how Signal’s encryption works and the various forms of metadata it exposes in routine use.
Published: November 2015
Added: June 2017
Upgrading WhatsApp Security
https://freedom.press/training/upgrading-whatsapp-security/
Martin Shelton, Freedom of the Press Foundation
A short guide that walks through improving WhatsApp’s security by turning off and removing cloud backups, adjusting privacy settings, encryption key change notifications, and using session verification, as well as information on securing the device itself (e.g., with device encryption).
Published: February 2021
Added: August 2021
Security Considerations for Confidential Tip Pages
https://freedom.press/training/blog/security-confidential-tip-pages/
Martin Shelton, Freedom of the Press Foundation
An overview of the strategy behind creating a secure tip page, and some considerations for the communication channels news organizations offer.
Published: September 2020
Added: August 2021
SecureDrop
https://docs.securedrop.org/en/stable/index.html
Various
SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.
Published: updated regularly
Added: June 2017
EVENTS
¶
RightsCon
https://www.rightscon.org/
Yearly conference focused on human rights and digital technology.
Published: n/a
Added: January 2018
Global Investigative Journalism Conference
https://gijn.org/global-conference-2/
Yearly conference hosted by the GIJN and various other institutions. Focuses on issues related to investigative journalism, with some digital security content.
Published: n/a
Added: January 2018
Contributing
¶
To contribute a link, please open a pull request. This is a community-curated list, so we welcome additions, edits, deletions (in the case of content that no longer exists) and other helpful changes. We attempt to maintain a standard format to make this list more readable by both robots and humans, so please follow the format below when submitting or editing links.
To add a link please follow this format:
**<title>**<br />
<url><br />
*<authors> (csv)*<br />
<description> (single paragraph, or sentence)<br />
**Published:** <date> (date known to be published or updated) format: [month] [yyyy]
**Added:** <added> (date added to this list) [month] [yyyy]
**Tags:** <tags> (keywords, csv)