IN INVESTIGATIVE JOURNALIST and sex columnist Violet Blue’s new book, The Smart Girl’s Guide to Privacy, released this month, she writes that the term “online while female” needs to be added to the lexicon of phrases connoting prejudice and harassment, such as “driving while black” and “flying while Muslim.”
Women and LGBTQ people are specifically targeted online, says Blue. “As targeted people we go through a certain set of risks,” she adds. These are heightened for journalists—whose work, and often personal information, is readily accessible.
From malicious hackers to trolls, surveillance to physical stalking and impersonation, it’s a dangerous time to be reporting online, especially while female. But there are things we can do to mitigate the risk. The Columbia Journalism Review recently spoke with Blue about the steps to take to protect yourself—and your sources—from those who use the World Wide Web to harass and intimidate. This conversation has been edited for clarity.
As journalists, often it is in our best interest career-wise to have our private information, such as email addresses and phone numbers, publically accessible. What can we do to still protect ourselves while having this information online?
There are a number of things we can do to basically put double information out there; it’s like building your own firewall.
For the phone number you would have public, get an additional number, which would be a VOIP [Voice Over Internet Protocol]number or something along those lines, that would not be connected to your regular number in any way.
Get a mailing address, like a PO box, for people to send you books for review and things like that. Set up different email addresses, which can be forwarded to your regular address. That way you’ll have email addresses just for dealing with the public, and you can start to pull your more private email address out of the public line of fire.
Screencap images before you turn them in. Depending on what you’re using for photos and photo processing, there can be EXIF data, which basically puts your location settings into the file information. And talk to your editor and colleagues about your sharing boundaries and let them know to check in with you before sharing your email address or phone number.
There’s a lot you can do to set up an outer firewall so that you’re more in control of what’s being shared and what people have access to.
In your book, you talk about your experience with two trolls who harassed you and left threatening and hateful comments on all your online work. This is obviously an extreme example, but something that happens regularly to journalists who are constantly putting themselves—and their work—out there. What can we do to deal with this?
It’s tricky, because [trolls] make new accounts all the time, and it depends on what outlet you’re writing for and how proactive they are about comments. People can really make a career out of harassing another person and get away with quite a lot!
When you’re working for an outlet, have a conversation about the way comments are handled. If you have a known stalker or troll, tell the outlet when you start writing for them, “Like many female journalists, I have a couple cling-ons, and you’re going to want to keep your eyes open for … .” Let people know the situation.
In pretty much every instance, editors have been completely understanding and sympathetic and have said they’ll keep an eye out for it and help deal with it.
There’s also the judicious use of the block button. It’s amazing how ignoring someone will make them go away. It’s pretty awesome, actually!
Social media is a great tool for contacting sources, reporting, dealing with breaking news, and self-publicizing. What should we be doing to safeguard accounts while still using them for journalistic purposes?
There are a couple of things you’re going to want to do in terms of a privacy checkup. Log out of your accounts and view them through a different browser entirely. Take a look at them as an outsider, and don’t panic if you see anything you didn’t intend to share, but make a list of things you want to change.
Look at your icon photos and do a Google reverse image search of those to see where they come up and what information is linked to them online. That way you can control what’s being linked to those images, because that’s something stalkers are going to do.
In terms of sharing settings, you’re going to need to take a look. Particularly mobile apps; those are a huge problem right now. It’s like doing laundry—it’s a total pain, but you’re going to want to go through all the privacy settings in all the apps you’re using for sharing and messaging and double check your privacy and security settings.
Quite a few apps are really problematic when it comes to scanning your phone’s address book and harvesting that information. Facebook is probably the worst and the highest risk for journalists. It takes an inordinate amount of permissions.
For instance, if you’re a journalist and you have Facebook on your phone, you’ve given it permission to scan your address book and your phone numbers. I’ve had other investigative reporters confidentially say to me, “I went on Facebook and it recommended one of my protected sources to me!” If you have him/her as a contact in your phone, what it’s doing is sending that information back to its database and trying to find matches. It’s really terrifying.
I don’t keep Facebook on my regular phone. It’s too risky.
In that vein, what are the best steps for protecting online interactions with anonymous sources? Are there specific tools we should be using?
Definitely use secure instant messaging, something like Wickr or Silent Circle. That way you have end-to-end encryption on your messages. What that means is they can’t be intercepted in transit, and it would be very difficult for people to decode and read in plain text.
Make sure you have notifications shut off for private messages. For instance, if you’re on Twitter and you have it set up to text you every time you get a direct message, it’s sending that message over plain text through the air. Anyone interested in intercepting your messages is going to be able to read those, so all that security is just out the window.
Use a VPN, and find a good one that you like. There’s a website called Torrent Freak, and it has a once-a-year review of VPN services. A VPN is a virtual private network. You turn it on before you go online, especially when you’re in a café or mobile or out and about in the world, and it basically makes a secure tunnel to visit all your websites.
And then the usual—don’t sign in on a device that’s not your own and activate all your password locks on all your mobile devices.
Oh, and always use secure empty trash. Always.
What should media outlets be doing to protect their journalists?
I would love to see all outlets have a base level of digital security training for their writers—not just their in-house journalists, but also their freelancers—a set of protocols for communication. That way, if something does go wrong or gets compromised, part of the forensics is already done. You can start to figure out where the problems are and get the breach contained a little bit faster.