A few weeks ago a bunch of us on Slack tried to put together a brief for journalists on why they should prefer iPhones. It's still a work in progress, as you'll see, but here's a draft:<p><a href="https://gist.github.com/anonymous/9f789aabd7e8681dec0cf5781aecf664" rel="nofollow">https://gist.github.com/anonymous/9f789aabd7e8681dec0cf5781a...</a>
I have a security review for a news room coming up, and I plan on sharing this blog post with them. Thanks for writing it Matt! I'm definitely behind all of the points you made.<p>If anything, I worry that non-technical users will <i>still</i> not understand that desktop programs can do anything you can do with your computer even after reading your post. I'm not sure the description is "in your face" enough to translate for the intended audience. In their minds, "reading files" may be better expressed as "copy of every email I've ever sent" or "operate my webcam and grab nudes of me."
I've been trying to secure investigative journalists for about a year and a half, and this article kind of covers two of the points that I make on all of the security trainings. They usually go like this:<p>* Do not have work-related emails on your Android (unless it's Google-made). iOS (9+) is okay.
* Do not open random attachments on a Windows machine. (We always do our best to convince them to switch to a Ubuntu station with an AppArmor profile for LibreOffice set.)<p>This is a good start. I think this article would be even better if it included some phishing tips (like HTTPS doesn't automatically mean "secure", and if you're suddenly logged out of Google for no apparent reason, don't just log into the webpage displayed to you, but instead, open Google by typing the address bar manually and log in there).<p>Interesting side-note: Asshats spend days crafting phishing emails specifically targeted to our journalists, and they <i>never</i> get Google's postal address right in the footer.
This advice makes sense given the threat model. However, it might not make sense for someone in Edward Snowden's role. If I were a military agency with a big budget, I would backdoor the shit out of every phone, enforce cultures of secrecy inside companies like google, apple, facebook, intel, qualcomm, at&t, and off any executive that interfered with the mission. Then I would pay experts to spend their lives on internet forums asserting that devices with two cameras, two microphones, wifi that can function as radar, an unremovable battery, a closed-source operating system and root access only available to a major US corporation via ssh, are the most secure computing platforms in the universe. That's just me though, if I had a lot of money and lust for world domination, neither of which I possess :)<p>Edit: removed sentence "Most mobile devices have baseband chips with DMA"
But if a journalist is going to use a secure desktop Operating System, he/she/they should investigate the current trio of recommendations which are as follows, and have different threat models baked into each:<p>Subgraph. Currently in Alpha version, so be careful using this. Still has to be vetted by the wider infosec community, but worth downloading and playing around with.<p>TailsOS. Very useful for journalists, but since it heavily relies on Tor it can be tricky dealing with mixed-anonymity workflows where sometimes you just need a Windows environment (preferably an airgapped Windows sandbox you can use to code / play around with files using Windows freeware).<p>Qubes. Heavily reliant on compartmentalization, and this can sometimes prove too cumbersome if you typically do one type of activity on the web like chat / email / hang out on slack. Typically for when you need to insulate different activities from each other and to avoid contaminating different contextual environments / tasks.
This is a great article but only really covers half the issue. The other half is why journalists should use secure messaging applications, and not email.<p>Sometimes the most succesful attacks are phishing attacks that no device will protect against. As an example, it is rumored that John Podesta used an iPad.
Use iOS with a privacy proxy they said...<p><a href="http://www.falseconnect.com/" rel="nofollow">http://www.falseconnect.com/</a><p>The first point being, software flaws and particularly those in low level networking libraries can expose secrets and the key I suppose as covered in the article is to ensure your OS is always up to date. The second point, and Dan covers it elsewhere in this thread, be very cautious about insecure hosted VPNs & you should really never trust proxies which some VPN providers are offering.
I wonder how helpful these sort of posts are for actual journalists or whistle blowers. It's one thing to tell a casual user to get an iphone as a reasonably secure choice compared to Android's fragmented mess, but for someone whose job and/or life is on the line, you need a more thorough coverage. You may even need like a mini course of sorts that covers basics of CS and infosec. Short of that, such cavalier advice can be misleading.