From adopting wood pulp paper to print penny-sheet newspapers in the 19th century to creating Twitter accounts to report breaking news in the 21st, journalists have long been interested in finding ways to deliver news to their readers faster and cheaper. So it’s no surprise mobile phones are seen as indispensable tools to working journalists.
But as with all technology, for every advantage it brings, you’re given an equal-sized problem to account for. A high-speed portable device with Internet access can be as dangerous as it is helpful if you’re not careful.
Below is an overview of some initial steps you can take to start protecting your Android device. My personal background and experience is working with journalists using Android, and I’m hoping this series can find someone who is more experienced with Apple’s mobile products to write a subsequent post about best practices for iOS.
Anonymize the information flowing through your phone
Your phone sends and receives lots of information: emails, chats, and all kinds of social updates and multimedia. Access to this information is why you carry your phone, but its presence can also be a risk. Luckily, we have Tor to protect us.
You might have heard the word Tor thrown around elsewhere. Let me try to briefly explain what it is. Tor is an open network that helps protect you against traffic analysis, content filtering, and network surveillance. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. If you would like to learn more about how Tor works, you can learn a lot about the project and its development on their site.
You can start protecting your information by connecting your mobile phone to the Tor network with their official app, Orbot. Orbot will only protect you when you’re using a specific group of apps.
Orweb is a Web browser built to protect your Internet browsing. ChatSecure is a chat client to protect your chats. DuckDuckGo is a search engine app. Twitter supports Orbot through its proxy support — you set Twitter’s proxy to host “localhost” and port 8118. StoryMaker is a multimedia production app that I am involved with. We rely on Orbot to publish content securely to YouTube.
If you’re interested in having Orbot protect all of your traffic, you’ll need to get root access to your device.
Rooting your Device
Android allows you to control a lot of aspects of your phone, but in the interest of preventing viruses and to keep people from breaking their phones with simple mistakes you’re not allowed to access some lower-level functions. “Rooting” your device is slang for gaining permissions to all the functions of your operating system — this is also called “superuser” access. This is not something you should do with your phone while in transit on your way home — it’s a weekend project for most people. You should be ready to take responsibility for keeping it updated and working.
If you have Android friends, ask them to see what they think about you going ahead and doing this to your phone. Otherwise, Lifehacker has a great guide to get you started with rooting your phone.
As I said earlier, I work on an app called StoryMaker. I’m co-founder of Small World News, one of the four organizations partnering to develop the app. Our other partners are the Guardian Project, Scal.io, and Free Press Unlimited. You can learn more about Small World News on our site, and you can download StoryMaker on the Google Play store.
The Guardian Project is the security advisory team for StoryMaker, and among many of their contributions is our integration with Orbot. So when you have Orbot running and you want to publish a video to YouTube with StoryMaker, it doesn’t matter if YouTube is blocked in your country, or if the network operator is looking for people accessing YouTube’s servers. StoryMaker will publish your video, and Orbot will keep your traffic anonymous.
Currently, StoryMaker only supports YouTube access on the Tor network, but I’m happy to say we recently received funding from the Open Tech Fund to add four new publishing destinations: Facebook, Flickr, SoundCloud, and private SSH servers. These new destinations will be rolling out in updates to the app in the coming months.
Capturing and Storing Securely
We’re not stopping there, though. We’re aiming to provide security from end to end for anyone using StoryMaker. In the last six months, the team at Scal.io has successfully built a prototype still camera with full end‐to‐end encryption. We’re working to bring this out of a prototype stage.
When we finish this work, StoryMaker will protect you and your information, from the moment it’s created to the point it’s posted online. This won’t solve all of the security concerns facing journalists, but it’s an important part of the problem that has a lot of room for improvement.
Want to Get Involved?
We’re building StoryMaker to work for seasoned journalists and rookies alike. Our aim is to make you and your sources feel safe about the tools you use to tell your stories. We love feedback, so please get in touch with us and let us know what you think. You can report issues and see our development process on our development site, like us on Facebook to get updates, or you can email us at [email protected] or use the #StoryMaker hashtag on Twitter to let us know.
Steve Wyshywaniuk is co-founder of Small World News, product manager of StoryMaker, and an independent filmmaker. He has been involved in producing web content, and has engaged in direct or distance training with filmmakers from Iraq, Mexico, Afghanistan, and Libya.
OpenITP improves and increases the distribution of open source anti-surveillance and anti-censorship tools by providing the communities behind these tools with many kinds of support. Follow us at @OpenITP If you would like to contribute to this column or learn more, contact Sandra Ordonez at sandraordonez AT OpenITP DOT org.