I'm sure there's a few journalists out there that take cybersecurity seriously, but I'd wager the vast majority are pretty trivially monitored.
I think being responsive to their needs and building trust will go much further. Also, designing a one-size fits all model will just mean that your reporters will either ignore the guidance or find a way to work around it.
For instance, the most recent credible threat we have had against one of our reporters wasn't a state-level actor, but rather folks on the internet (trivially) finding their address and doxing/harassing them and their family. No amount of technology hygiene will change the fact that voter registrations are public records.
I don't envy your challenge. Security must make it more expensive to the attacker than it's worth. Even the housing reporter's data could be highly valuable; with inside knowledge, someone could make a killing on real estate. The value of the national security beat information is astronomical.
I don't grasp why, with all the news about breaches, reporters still don't care.
Was she getting leaks from NSA staffers? No. But it does feel kinda silly to me that journalists, generally speaking, have insecure setups by default. But I get it, it's a hard industry to squeeze a living out of these days.
However, it adds enough friction (especially with remote work) that it's hard to get it right 100% of the time.
If you want to share really sensitive documents, one way to ensure proper handling of your documents is to use a service like SecureDrop [0] which for e.g. only accepts submissions over Tor and requires the use of a secure viewing station [1] (air-gapped machine live-booting Tails w coreboot rom + webcam/networking card physically removed) to decrypt/access leaks.
That being said, I don't think there's a perfect tech-only solution because nothing is stopping folks handling it carelessly after they access the file.
[0] https://securedrop.org/directory/center-public-integrity/
Sounds like she dodged a potential honeypot and surveillance attempt.
iOS is the least worst mobile option and it’s ridiculous to say Apple is lying about security if any exploits are found, ever.
If you look at e.g. how messaging works in iOS 14 [0] you’ll see that they do in fact work on making secure systems. But parsing and memory safety are hard. Like, really hard. The fact that NSO found exploits doesn’t mean Apple is doing anything, but Apple is clearly making it more and more difficult to find and abuse such exploits.
For the average person that isn’t being specifically targeted by sophisticated malware from companies funded by -governments-, iOS is pretty damn secure. Dealing with being attacked is a different threat model.
[0]: https://googleprojectzero.blogspot.com/2021/01/a-look-at-ime...
I don't see how it's lying. If you are going to consider that iOS is not secure because they got owned by a couple 0 days, then by that definition there isn't a secure piece of software on the planet.
It doesn’t mean it’s good enough but I’d be curious to hear your ideas for what could work as easily for the masses.
Attacks against the freedom of others and critics of government are a much larger threat to ordinary people than if they were surveilled themselves.
I go one step further and leave the SIM card out, which means the SMS vulnerability path is closed too.
So in either case... turn off native messaging and use Signal or something if you are paranoid. You aren't really using the "phone" part anymore, so buy an iPod touch or something.
Also, iMessage is fully E2E if you disable iCloud Backup. Which can easily do in Settings.
I know this because I used to carry an iPad Mini in my pants pocket.
The most shocking experience to me in trying to evaluate the Mac ecosystem when they released the M1 and I bought a Macbook Air is being in meetings where I'm using bluetooth headphones, take the headphones off and put them back on, and music.app automatically opens and comes to the foreground of my desktop. There is no supported way of disabling this user-hostile anti-feature. I look on Google and StackOverflow and all of the suggestions for how to disable it dating back to 2014 or whenever no longer work. Apparently, the likely answer is turn off System Integrity Projection, reboot, rename or remove the file containing the application launcher, turn SIP back on, and hope that doesn't break anything else and hope Apple doesn't revert your changes on the next system update.
That did not seem worth it. The fact that Apple Music can and has been used as an attack vector makes it even worse that it is so tightly integrated with the audio subsystem of the hardware as to take over your device thanks to movements you are making in the physical real world even when you may not be touching the device at all.
I just can't understand what the thought process was in making this a default behavior, let alone one that cannot be disabled.
I think your bluetooth headphones are sending a play command to your device when it's connected. I'm sure it's annoying, but I think your macbook is doing the right thing here.
Yep this is what's happening. I have a car bluetooth addon that I purchased that does the same thing -- it sends Play commands to the phone on-connect repeatedly until something starts playing.
By default the phone will open Apple Music but if I already had been playing music on the Spotify app, it'll just start playing that instead.
I do not get the bluetooth-automatically-starts Apple Music behavior.
I haven't tried but I just checked the iMessages preferences and you can disable being contacted via your phone number or email addresses, with check boxes for each. As Macs don't have phone numbers I think this would work? I do use apple messages (which is why I didn't try disabling it), but use WhatsApp and signal more than I use the default.
I have no idea how good the mac's security might be, just pointing out my experience.
I agree that Apple could do better with eliminating their bundled apps, but I use third party calendar, address book, reminders, photo, etc with no issues. And I hear quite a few people are willing to use chrome (ugh) as their default browser and safari doesn't get in the way.
Unfortunately it's not built in, but I think it's your headphones doing something nonstandard because my Sony XM4s and AirPods do not fire this behavior when I put them in.
I guess it's worth looking into to see if there is some outside of the OS way to force the OS to route requests to the application I already have opened and foregrounded that plays sound, but I would expect that to be the default behavior. What is a "play" request to music.app even supposed to do when I have never intentionally opened the app and don't have a playlist set up? It doesn't actually play anything since there is nothing to play. It just opens the app and takes over my screen.
With Apple Configurator you can disable Music and Messages. It’s not the most user-friendly method, but it is possible.
Only allowing their own app to be associated with the default audio player is anti-competitive, at the very least
From: https://www.theguardian.com/news/2021/jul/18/huge-data-leak-...
Yeah, okay.
With windows server I used to have a target of balance in any attack footprint.. if Microsoft provided the OS, the component services that the server exists to provide should always try to be third party software (db, web server, etc) to try and minimize one type of escalation vulnerabilities… while possibly opening up to another, hopefully less worse set of holes.
A good way to disable iMessage and iTunes, though, is to simply not have an Apple ID. (This prevents the install of applications via the App Store, however.) You can of course set up the device with no Apple ID and then only add the Apple ID to the App Store (and not iTunes or iMessage/FaceTime/iCloud). This is what I do.
I think that one should probably buy an Apple (at least they control everything rather than the cobbled together android clones) and disable basically everything except exactly what is needed. At least that reduces the surface area. And keep personal stuff on a separate phone.
No non-open source "smart" phone is going to be secure enough. If you never store your data on your phone, you are safe from these hacks. Now you have to just protect from physical attacks :)
If you really care about security maybe it's better to get a really dumb 4G phone and share it's connection with a Linux small form tablet (but not running Android).
Of course, inconvenient as hell, but much more secure, especially since you are not running the iOS/Android mono-culture, so for anyone to target you it would require customized service.
Anyone who thinks they're up to the task (bulletproof?) should contact them.
I think "can't" here runs up against "choose not to". So far as we can tell opsec tends to be a pain in the ass in ways that are fundamental, not a problem with tools. Apple, like any other consumer focused company, doesn't lose focus of this.
And you don't need Apple's resources to make something better, just a more secure phone would have much worse UX. Just some examples for a much more secure phone, where you dont need Apple's budget:
- Runs some barebones Linux with minimal packages. An SMS app is an SMS app, not something that makes HTTP requests.
- app store is very heavily vetted
- forced updates, you can't dismiss update notifications.
- minimal attack interface, no smart connection features or accessories.
(1) The ability to detect espionage from China and Russia (2) The inability to access journalists' phones
If you want an intel agency to be able to thwart Chinese intelligence activities, you can't also publicly state you won't be looking closely into members of a profession who act a lot like spies.
This is called "incidental collection" and it's a touchy subject for sure.
But this subject is different than the DoJ directly surveilling journalists who leak, which is a problem, and governments surveilling their own citizens directly, not incidentally.
We can and should hold our government(s) to a standard of effective fire-walling of acceptable intelligence gathering and holding them accountable when they go beyond to surveil citizens directly, or indirectly through spying agreements.
We can make sure that the people who surveil Chinese or Russian "diplomats" are totally different than the people who execute search warrants against our citizens, and expect there to be zero crossover there.
Yes, that happens all of the time but one difference here with Tucker is he was deliberately "unmasked." Normally when an American is caught up in foreign surveillance, their identity is blocked out or masked, "incidental collection" as you said. Someone purposefully unmasked it. And someone purposefully leaked it. The same thing was done to General Flynn.
https://en.wikipedia.org/wiki/Unmasking_by_U.S._intelligence...
