Security keys on a cold, wet NYC sidewalk

This piece has been cross-posted from Freedom of the Press Foundation. You can read the original article here.

One of the most common questions we get in training journalists on two-factor authentication (2FA) is: How hard are these hardware security keys exactly? Our security training team has plenty of anecdotes to support their durability, but we’ve decided to methodically put them to the test.


Photo by Yubico.

This piece has been cross-posted from Freedom of the Press Foundation. You can read the original article here.

This guide is intended for readers familiar with using PGP who want to take an extra step in fortifying the security around their private key. Some of these steps also utilize a command-line interface, and it may be helpful to get comfortable with that interface before diving in.

Where do your PGP keys live?

In our previous introduction to PGP, we discussed what public and private key encryption are, and how to create a PGP key pair using Mailvelope, a web browser extension available for Chrome and Firefox…


Photo by Zero Day Initiative.

This piece has been cross-posted from Freedom of the Press Foundation. You can read the original article here.

Software updates seem like a chore, but they often contain important fixes for bugs that could otherwise compromise your security and privacy. When hackers and security researchers find these bugs, their findings are shared with affected companies, then shared publicly for the other developers to learn what not to do with their code. Sometimes, the timing of these software releases coincide with conferences and events in the cybersecurity industry.

One example of this is Pwn2Own, a hacking contest where web browser security…


Photo by Mark Burnett. CC-BY 2.0

This piece has been cross-posted from Freedom of the Press Foundation. You can read the original article here.

Data breaches, and in particular, those including personal passwords for websites or apps, are an evergreen news story which repeats itself like an advent calendar for cybersecurity failures. Although these breaches are a regular phenomena, they are trailed by a long, drawn-out window of time where other attackers use breached data to log into affected accounts.

To cut that long tail off, you should change your password with the breached service as soon as you reasonably can. While you’re at it, it…


Photo by Josephine Pedersen. CC-BY-SA 2.0

This piece has been cross-posted from Freedom of the Press Foundation. You can read the original article here.

Why you need a VPN

A Virtual Private Network (VPN) is no magic bullet for newsroom security or personal privacy, but it offers key security benefits to your workflow as a journalist, especially if any part of your day involves using Wi-Fi, visiting websites or sending emails.

Much like how every phone needs to have a unique phone number for the phone system to know where to send calls to, every device that is connected to the internet has a unique Internet Protocol (IP) address. An IP…


Photo courtesy of the Whitney Museum of American Art

The very first CryptoParty in New York City fell on a cold and windy day in December 2012, almost half a year after many other cities. I only started working on it after a month of hearing people tweet about wanting to start one in NYC, but no one picked up the torch — so I did and . Fast forward to 2016, there have been 42+ of these events between multiple organizers and numerous volunteers all across the city. It’s hard; I regret nothing. Here’s some useful takeaways for anyone thinking of doing the same.

Remember the mission

Let’s take a look…


The internet is one of the greatest things to happen to free speech since the discovery of radio waves, a platform for almost anyone with their own domain name and not much money to say just about anything. A++ would free speech again. Just as it was the case with voicing opinions before the internet though, you can attract a lot of haters, and it can be particularly dangerous if they know where you live. …


Every panel discussion on mass surveillance post-Snowden that I’ve ever been to has always brought up the concept of chilling effects where the fear of being “on the list” would prevent you from saying something that might upset someone in power, thus leaving you to chill in front of your laptop instead of posting anything. The ability to efficiently apply the same level of surveillance weaponized against peace activists in the past against anyone that could become the next Dr. …


…and why I mailed it to them as a reminder.

——-BEGIN ARTIST STATEMENT——-
In early 1990s a group of hackers on an email list called “cypherpunks” created and freely released military-grade encryption software which gave everyone the ability to conduct private communication and secure commerce online. Being unable to crack the algorithms behind this new software, the NSA slowly began working their way around that with programs eventually exposed by whistle blowers like William Binney and later proven by Edward Snowden.

This device was created using open hardware, machinery that can be trusted not to spy on you because of the disclosure of its design, schematics and bill of materials…

David Huerta

Digital Security Trainer at Freedom of the Press Foundation, CryptoParty NYC co-organizer and chill dude.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store