Appreciate the feedback, guys.
We'll check out, MAT.boum.org, Oli. And we'll look at turning off geo-tagging and ObsuraCam app, too, Nathan. Brian and Michael, appreciate your input, too.
And Danny, apart from your suggestions on full disk encryption and other points which are well taken, we also very much understand the importance of stressing concepts, giving people of sense of threats and options, and underscoring the importance of staying informed about changes including vulnerabilities and updates. In fact, we are avoiding the firehouse training approach, and instead developing four-week classes, in order to make sure that everyone gets concepts instead of just learning tools. The idea is to give people a foundation so they can then take responsibility and make informed choices for their own digital safety. Or so they can trust their own instincts, as I have heard you say.
Thanks! Frank
Frank Smyth
Executive Director
Global Journalist Security
Tel. + 1 202 244 0717
Cell + 1 202 352 1736
Twitter: @JournoSecurity
Website: www.journalistsecurity.net
Please consider our Earth before printing this email.
Confidentiality Notice: This email and any files transmitted with it are confidential. If you have received this email in error, please notify the sender and delete this message and any copies. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
-------- Original Message --------
Subject: Re: [liberationtech] Forbes recommends tools for journalists
From: Michael Rogers <[email protected]>
Date: Mon, December 17, 2012 4:42 pm
To: Danny O'Brien <[email protected]>, liberationtech
<[email protected]>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17/12/12 20:12, Danny O'Brien wrote:
> I think these days you have to tie Forbes' (good) advice not to
> save everything with an encouragement to use full disk encryption.
> We're in an awkward space right now where we can't fully guarantee
> that data gets deleted off a modern flash (SSD) drive, even with
> previously strong deletion tools. And forensics software is good
> enough to pick up a lot of local clues about what you've used your
> own computer for, even if you think you've turned off all logs and
> removed the saving of sensitive data. Minimize what you record, but
> also encrypt.
Sorry to go off on a tech tangent after you've rightly pointed out
that this isn't simply a matter of choosing the right tech, but I'd
like to ask the list for a bit of advice regarding secure deletion
from SSDs.
Secure deletion is a problem we could solve in software, by encrypting
the data and then destroying the key to render the data unrecoverable,
*if* we had a few bytes of persistent, erasable storage in which to
store the key. (Storing the key on the SSD itself doesn't work,
because then we can't securely delete the key.)
I'm not aware of any suitable storage on current smartphones or
personal computers, so we may need to ask device manufacturers to add
(simple, inexpensive) hardware to their devices to support secure
deletion.
So I have two questions for the list: who should we try to persuade,
and how should we persuade them?
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQz5G1AAoJEBEET9GfxSfMFSoH/jQ0HtBhP2bDhYLGGXk7ESU1
onC5tMBFUvvQzsqmVeV/HmEciW+WPeJ942Oek7r0DEWiBseFF3tMzquG/Yc4pURn
hYaRNlEjIzPFyZ+9kXiU7cUwGozoThKw+CxwBB4LKSEOSlqn28EmPGsKG59seDrS
3PJtqPcYKCWqKXmhIu3Hzc3Zn5dsRKeWZYmv9nQm40kj3YrR4OPoz/roCT72OUDu
E/SRCmd/zgDSy556OJ8U0xu3KNU9JLebWxYV+HRfAyctbjCnDP63LD+ABjKr+lTn
lQnvXB9rJtB/yzyewiG++ZlT7bpzLZ5L5hI1UkHv8Udqyfnp463Azq88Plbi5MY=
=9K1+
-----END PGP SIGNATURE-----
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
