Protecting sources is a fundament of responsible journalism. And that means I take cybersecurity VERY seriously. The odds in this world are stacked in favor of the rich and repressive. So journalists MUST think first of protecting sources. Lives and livelihoods are at stake.
Any relationship with a serious journalist begins with a conversation that is privileged and people with sensitive news should know that they can reach out to me and comfortably discuss anything on background — meaning NOT for publication.
Email me at – fbajak (at) ap (dot) org – or fbajak (at) protonmail (dot) com. I am on Twitter at @fbajak. (Me pueden contactar por correo electronico juntando la primera letra de mi nombre con mi apellido arroba ap (punto) org – para comunicacion más segura vea abajo)
If you have a tip or sensitive information best to call or message using Signal, the gold standard in end-to-end encrypted comms.
“Off The Record” messaging, is the way to contact me for keyboard chats. This guide will help you get set up. You’ll need a Jabber instant-messaging account and the OTR plug-in. For anonymity, create an account through the Tor browser.
A great option for Internet audio/video chat and conferencing is https://meet.jit.si – You set up a private chatroom via a web browser. (Insist that the websites you visit use HTTPS, which prohibits spies from knowing where you browse). You’ll need to reach me securely in advance to set up a chat.
PGP is tried and trustworthy for sending encrypted email and has a steep learning curve. And it only encrypts the content of your email. It does not make you anonymous. If you choose PGP, my fingerprint is 0D43 7B90 EBD9 8585 A536 7945 06CF F147 00F4 CAA4 – My public key is here. For full key block click through to here. (I have other, older PGP keys, that I no longer use. They can’t be deleted. Ignore them).
How do you know my PGP key is really me? Check keybase, where people vouch for me.
Instructions here for installing GPG40, the Outlook PGP manager.
ULTRA TOP SECRET
The Tor browser is great for anonymity, but isn’t foolproof. Other precautions should be taken if you are at risk of surveillance by a nation-state, a criminal syndicate or a powerful company. Do NOT use your home or work computer to make contact. Best to go somewhere that can’t be associated with you and use a device you don’t commonly use.
The AP also has securedrop.ap.org at which you can send me tips or information.
And there’s the U.S. Postal Service:
129 South Street, Boston, Mass. 02111
For further reading on Digital Security (much of it geared toward journalists):
The Motherboard Guide to Not Getting Hacked is excellent overall on security. Also see Citizen Lab’s online security planner
Surveillance Self Defense by the Electronic Frontier Foundation is a good primer. My somewhat outdated anti-surveillance toolkit recommendations are here. – Also well worthwhile is the Freedom of the Press Foundation guide. The Society of Professional Journalists has this guide.
Everyone should also think about using a Virtual Private Network for online activity that doesn’t involve a trusted provider (such as your bank) needing to identify your device. Here’s a very good VPN guide by Yael Grauer- The Best VPN Service.