Rakers,

It has been too long, I've been hard at work pushing buttons and begging J school grads to update their browsers.

Life in a newsroom certainly hasn't gotten any less interesting since we last spoke. I have to hand it to the feds, they certainly pirouetted through that double heel turn and had quite the follow through.

https://freedom.press/training/blog/advice-column-announcement/

This is a really cool idea, and an amazing way to get answers to your scariest questions from the folks who know!

The externally facing communications systems used by newsrooms and freelancers get the bulk of the attention, justifiably. 

The internal systems teams use to communicate are often defaulted to, and at best they've got a data retention policy that eases the concerns regarding subpoenas and ignores surreptitious interception. I'm always up to rant about hygiene being ten times more important than a quick deletion policy, but I think we'll save that for a day when folks can see the fear in my eyes for themselves.
 

I recently managed to christen our car with by rear ending another car at exceptionally low speeds (3mph), in the process I finally took a look at the data our dash-cam contained. I quickly found the footage of the accident, complete with the audio of me talking about the burger place that I was distracted by (and now will never get to try). What I found on the dash cam was a trove of data far beyond what you'd expect.

https://www.wired.com/story/jd-vance-venmo/

The most ignored benefit of using a password manager is having an inventory of all your accounts.

https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/

Bleeping Computer once again doing the absolute best job of compiling information about an issue.

There has been a long standing argument about Signal Desktop in my circles. Ranging from vague "don't use it" to a more nuanced "the desktop OS is weaker than the mobile device and therefore using it for secure comms is bad practice".

https://www.att.com/support/article/my-account/000102979 - this (finally) has the timeline (May 2022 - November 2022) for the data and guides as to how get copies of the data that was breached

https://freedom.press/training/blog/att-breach/ - Article covering the breach by FPF's principle researcher Dr. Martin Shelton

...or Travel Leaves Marks on You - A. Bourdain

“Hello, this is microsoft calling regarding your pc…” you might assume that this sentence is nearing the point where everyone has heard it. The regionality of scams and the nature of just how many different ways there are to separate someone from their money isn’t particularly intuitive. Banking trojans, tech support fakes, investment fraud, impersonation of loved ones, and good old fashioned romance scams are all finding their niche somewhere in the world.

On Saturday morning I got a follow up reply to an email I hadn’t seen. The text of the original email was requesting an interview with me for a job I’d apparently applied for at a company whose name I kind of remembered (they’ll remain nameless since they’re entirely blameless in this circus). I replied in a curt but excited manner before going to sift through spam for the original email. My paranoid nature was doing its very best to tamp down the actual excitement I was feeling as they’d done a good job of baiting the hook.

I saw an acquaintance today on Facebook post  a plea to her people that if they cared about privacy or security to reach out for help.

I sent her a message complimenting the tone used, and said how much of an uphill battle I feel like the process is even for higher risk folks.