Mar 19 2025 Personal security tips

Here's a new digital security tip sheet I co-wrote, and the freshly launched website it's on. If you're a journalist, civil servant or just feel like you should tighten up defenses on your devices and accounts, the guide has 5 basic things you can do to make it harder to attack you and to continue working safely, plus links to tools, services and really good people working in the security space who should be on your radar. It also includes a few user profiles and examples of how their threat models differ, and things that they can do. One of the profiles is for journalists, and the kernel of the guide actually came from a talk I gave last year to the Nieman Foundation journalism fellows at Harvard.

I cherry-picked a few things about the guide in this Bluesky thread, but the one thing I'd like to highlight here addresses the resurgence of "burner phone" talk. It's really hard to pull off a true burner phone. If you want to minimize risks in general, it is absolutely worthwhile to run a separate device stripped down to essentials. But you'll still leak information -- what you do on the phone, where the phone goes, other phone accounts that seem to be wherever that phone is -- and some service that can receive a subpoena will have that. If you truly need or want to go cloak and dagger, get an idea of what that looks like first by watching the three-part series from Black Hills Information Security titled "How to Live Like a Criminal: Privacy Tips for the Non-Criminal". It's also a great overview of how much data is available on all of us.

The guide was co-authored with Joan Donovan, aka @bostonjoan in places, founder of the Critical Internet Studies Institute. And also a co-creator of the beaver emoji 🦫