WhatsApp’s breach is proof that online privacy takes a little work

This week in digital tools for journalism

May 21, 2019
Category: Tech & Tools

This article originally appeared in Try This! — Tools for Journalism, our newsletter about digital tools. Want bite-sized news, tutorials and ideas about the best digital tools for journalism in your inbox every Monday? Sign up here.

Those concerned with online security (if you’re a longtime reader, this should include you!) gulped down some existential dread last week after WhatsApp revealed it had been breached.

The Facebook-owned messaging app is one of many that keeps user data safe with end-to-end encryption, a technology that (in what might be the crudest explanation possible) locks a message and requires the intended recipient’s device as a key to open it.

Many users falsely assume that messages secured with end-to-end encryption are unhackable. And indeed, as of 2017, there’s proof that the CIA can’t access data secured with the technology.

But individual devices are much easier to target and access. In this instance, the malware could open a user’s camera, microphone and messages, capture what appears on a user’s screen and log keystrokes, rendering end-to-end encryption moot, the Financial Times wrote.

WhatsApp said that the hack looked like it had come from “a government using surveillance technology developed by a private company, and it may have targeted human rights groups.” Whether you’re part of a human rights group or not, it’s a good time for anyone to update the app, which WhatsApp says will fix the breach.

This all is probably easy to ignore if you’re not Edward Snowden or one of many recipients of leaks from inside the Trump Administration. But consider all of the sensitive topics you talk about with family, friends and coworkers. Look at your last dozen texts. Would you be comfortable with the government, a private company or the rest of the internet reading them?

A private conversation should be private, whether it’s whispered in a quiet kitchen or online. Online privacy just takes a little more work.

FOR YOUR EYES ONLY: I won’t link to any of them here, but one supremely Bad Take that has arisen in the wake of the WhatsApp breach is that end-to-end encryption is just a marketing gimmick, or overall pointless. That’s a bit like saying that you should leave your kitchen stove on in perpetuity since there’s a chance it could catch fire anyway. Write this down: It is entirely possible to communicate privately in the age of digital policing. If you’re working with sensitive sources, working to ensure communication security is your duty. In a fun (yes, online security can be fun!) post, tech expert David Koff suggests sticking with iOS and giving Signal a whirl.

BEHIND THE SCENES: ThinkProgress co-founder Judd Legum spent the weekend tracking down the major corporations that donated to politicians who led Alabama’s near outright ban on abortions. No matter your view on the matter, the process behind his reporting, which he documented on Twitter, is fascinating. It required a combination of digital literacy, insight on political funding and data journalism. Doesn’t it seem like campaign finance information should be a little easier to access?

NEWS BETTER: A friend and colleague once told me that if failing made you smarter, I must be a genius. Sadly, I am not. But this post-mortem on a failed prep sports newsletter from the Greeley Tribune in Colorado certainly helped. The first of three lessons learned: Give the audience what they want. The newsletter started by covering two schools in each issue via in-depth features, mostly because that’s what the reporters behind it wanted to do. But the audience wanted shorter sections that featured all the schools. The shift in strategy worked but the newsletter ran out of time.

  • Interested in learning more about newsletters? Join us for a webinar with Kris Higginson on Thursday. Higginson is the writer and editor of The Seattle Times’ Morning Brief, which reaches about 220,000 readers every weekday. That’s just, erm, slightly bigger than this newsletter.

PRO FORMA: Between the 999 Democratic candidates and a president who doesn’t seem to enjoy the way he’s reported on, I know there’s already plenty to cover with the 2020 elections. But have you considered covering the topics the audience wants to hear about? Matt Pearce at the Los Angeles Times had the novel idea of using a simple Google Form to ask readers what they want from his politics coverage. In two days, he had 3,000 responses. Seems like a win-win to me.

NO SOCIAL: Last week, I wrote about Facebook co-founder Chris Hughes’ call for Facebook’s breakup in The New York Times. His argument is that Facebook has gotten lazy and we need more social networks to encourage innovation and consumer protection. But what if we don’t need social media at all? It’s a lurid question. I deleted Facebook and Twitter from my phone over a year ago and tend to check them only at work. I don’t miss them on nights or weekends anymore, but they are still important to my career and life. Instead of going back to the dark days of 1994, perhaps consider that the Cookie Monster approach is best: Social media is a sometimes food.

CUT RATE UPDATES: If you have an older Adobe Creative Cloud subscription and you haven’t updated your apps in a while, don’t be too alarmed if you get an email about “potential claims of infringement.” On the other hand, it’s always a good time to switch from Photoshop to GIMP.

WEIRD AI: Machine learning is coming for your writing job. Or not. I punched the first four lines of my favorite limerick into a neural network that promises to complete your text and, um, see for yourself:

Me: “A wonderful bird is the pelican.
His beak can hold more than his belly can.
He can hold in his beak
enough food for a week …”

It: “There is a bird in Minnesota whose beak is so big that it was supposed to break a child’s face. Another one can make a woman weep, but she can make a girl cry.”

Yikes.

Try This! is supported by the American Press Institute and the John S. and James L. Knight Foundation.