A guide for journalists that need to defend their work from governments

This is a brain dump guide that may be expanded depending on feedback. The goal is for a journalist to be able to keep all of their work “in the cloud” (on a personally controlled Tor hidden service) and not keep any sensitive data with them when they travel.

Most journalists are not able to commit to the requirements (high technical competency) of this guide. Dedicated journalists should consult with a technical expert that they trust.

Skeleton guide

1. Find some secure and stable places to host a few Tor hidden service web hosts. Choose different places that small actors (non-targeted malice, etc) and big actors (targeting by private companies, local law enforcement searches, intelligence agencies, etc) would have trouble finding. Inexpensive “netbooks” are great options because they are portable, inconspicuous, have built in batteries, surge protectors, and RAM that’s integrated into the system board (can’t be removed for evil maid attacks). Always presume adversaries will find them, so always use layered security.

1.1. The web hosts must at least be behind a basic firewall, even a residential Internet connection using NAT. The host itself must not have any externally-accessible ports, must employ LUKS disk encryption, and must be running the most current version of Tor. OwnCloud Community edition or WordPress are ideal platforms that allow remote uploading of files or note taking. Access to the web resource must be hardened and password protected in case a random adversary is able to uncover the hidden service address.

1.2. Physical access to the host, and remote access to the host, must require high-entropy passwords. You must remember them, or you must have a secure way of documenting and retrieving them like disposable SpiderOak accounts. Never carry passwords or your hidden service addresses with you. Two-factor authentication options cannot be used because you must presume said authentication devices will be taken from you.

1.3. Hosting multiple Tor hidden service web servers, for redundancy, can be configured to automatically sync with each other via Tor.

2. Carry the following:

2.1. An inexpensive laptop that has an unencrypted hard drive and operating system that has some “use” (don’t ever use it). Some passive-search actors will force you to turn on the device to demonstrate its legitimacy. Turning it on and opening apps keeps the friction low between you and your adversary. Always presume that adversaries will take it all from you. If any device is taken from you and removed from your sight, dispose of the device immediately.

2.2. Several USB drives with Tails Linux, and in different locations (on-person necklace, pockets, bags). If you’re able to maintain ownership of at least one, and you trust it was not tampered with, you won’t need to create a new one after passing through security check points.

2.2.1. Presume that the drives will be confiscated, so you must know how to recreate a Tails drive from any operating system. Don’t use pre-created drives if you think leaving them behind in “secure” places will help you. And don’t mail pre-created drives to yourself, they are trivially intercepted. Plan ahead to determine where you can create a new Tails drive, such as a retail electronics store or a local library. If you can’t assure that your Tails drive is clean, and your computer is free from any hardware or firmware compromise, do not access your Tor hidden service resources.