The Ultimate Online Privacy Guide for Journalists

Journalist Guide

Journalism has never been a tougher profession to work in. The challenges and threats faced by journalists all over the world are significant and getting worse all the time.

The way journalists respond to these challenges is a testament to how professional they are. For some, a career of safety writing listicles, opinion columns, and celebrity gossip is their chosen path.

But for those still dedicated to the vital role that journalism can play in holding governments and the powerful to account and exposing corruption and malpractice wherever they encounter it, their only option is to find the right methods and tools to counter the threats they face and enable them to work safely.

This is not easy. Modern journalists need to be secure yet open, private yet accessible, and prominent yet discreet.

The question is, how can a journalist strike this very delicate balance?

The answer is very much an individual one for each journalist and depends on a number of factors such as where you are working, what subjects you are working on, and how you go about your job.

What you do need is the right knowledge and tools to make informed decisions about how to stay safe and private and do your jobs without fear of reprisals. That is what this guide is all about.

Here at VPNCompare, we are passionate about everyone’s right to free speech and freedom of expression and we know how crucial journalists are to upholding these fundamental rights.

So, our team has set out to create a comprehensive online privacy guide for journalists to help ensure you have access to the information and tools they need. We think it contains everything you need to know.

Some of it you may already know, while some may seem obvious. But it is the details that matter and if you come away with even one or two nuggets that you didn’t know or hadn’t thought of before, we will be satisfied.

After all, such is the importance of the work that you do, these details could literally be the difference between life and death.

Part One: The Threats

Journalist threats

In the opening section of this guide, we will look in a little more detail at the threats and challenges that you could face every day. Some of these you will be all too familiar with, but others may not have occurred to you.

But just because something hasn’t crossed your mind before doesn’t mean that you won’t fall victim to it.

So it is well worth reading through the following bullets to make sure that you are fully aware of the challenges you are up against.

Government Surveillance and Media freedom

Media freedom is in decline around the world and it has had a hugely detrimental impact on journalists ability to do their jobs.


19% of countries have endured a reduction in their press freedom scores over the past five years. (Source: Freedomhouse)

It might be assumed that this is a problem that is confined to authoritarian countries and dictatorships but sadly, that is not the case.

The rise of so-called right-wing populism and the election of strong political leaders has seen countries as diverse as Hungary, Israel, and India clampdown on media freedoms according to the Freedom House NGO which documents media freedom across the globe.

Even in countries that like to portray themselves as bastions of free speech, the media has found itself coming under pressure.

In the USA, President Donald Trump regularly berates the media for bias as a result of any article which is critical of him or his administration.

In the UK, the Brexit referendum has also resulted in a new wave of criticism of what is often described as the mainstream media for perceived bias.

What is particularly interesting in the UK is that these attacks are coming from both sides of the political divide, which in many ways suggests that the media is doing something right.

But while the environment is getting more challenging for journalists in these countries, there is no denying that it is authoritarian, single-party states where things are worst.

Domestic journalists in those countries come under huge pressure to toe the line of their governments. Overseas journalists operating in these countries take significant risks by publishing critical content too.

It is a sign of the current situation that there are far too many countries for us to list them all in any detail in this guide, so here is a rundown of the top 10 countries where media freedom is worst in the world right now, with a big hat-tip to the Committee to Protect Journalists (CPJ):

1. Communist China

The Communist regime in China operates the broadest and most comprehensive operation to control and censor its media of any nation on earth.

The party has complete control over every newspaper, TV, Radio, and online news outlet and dictates exactly what they can and cannot say.

Journalists who breach their rules are frequently arrested and jailed while overseas journalists are regularly deported if they cross the line.

It is impossible for any journalist to operate privately and free of state scrutiny inside Communist China and the current tension between the regime and Western Governments over their annexation of Hong Kong and the spreading of coronavirus across the globe has only made things worse.

2. North Korea

North Korea is essentially a Chinese vassal state and it will come as no surprise to learn that media freedom here is on a par with its neighbour.

The state controls all media outlets which churn out a grim diet of fawning coverage of the ‘Dear Leader’ and his latest visit to a factory or farm somewhere.

Most overseas journalists covering North Korea operate from the free and democratic South Korea. The few that are allowed into the country are accompanied everywhere by military minders and their output closely scrutinised.

3. Eritrea

In 2001, all independent media outlets in Eritrea were closed by the regime of President Isaias Afewerki, who has been in power since 1993.

A 1996 law requires all media in Eritrea to promote “national objectives” and the state now controls all media outlets. According to the CPJ, Eritrea is the worst country in sub-Saharan Africa for jailing journalists, with reports of more than half a dozen having died in custody.

Very few overseas journalists get to visit Eritrea and despite improvements in relations between the country and its main neighbour Ethiopia, the situation has not improved.

4. Turkmenistan

This former Soviet state has been controlled by the horse-obsessed and wonderfully-named President Gurbanguly Berdymukhamedov since 2006.

His absolute dictatorship includes complete control of the media which he uses to promote his bizarre personality cult.

Many critical journalists have been arrested or killed while others have been forced to flee the country and now operate in exile. Independent media outlets are banned and blocked online while VPN use is illegal.

The use of surveillance technology is advanced and few foreign journalists are permitted to enter the country.

5. Saudi Arabia

Traditionally an ally of the west, the recent murder of journalist Jamal Khashoggi by Saudi state personnel inside the Saudi consulate in Turkey has shone a light on the rapid deterioration in media freedom in Saudi under the regime of Crown Prince Mohammed bin Salman.

Recent anti-terror and cybercrime laws have been used to arrest and jail scores of journalists with many reporting abuse and torture behind bars.

Surveillance and censorship are widespread across the country. While some foreign reporters do operate inside Saudi, visas are hard to come by and many face restrictions on movement and close surveillance.

6. Vietnam

With all the recent focus on China, it is easy to forget that Vietnam is also a single-party Communist state.

The regime here holds control of all media outlets in the country and the country’s 2016 Press Law requires all journalists to serve as the voice of the party, party organisations, and state agencies.

The government issues edicts to media outlets about which stories to cover and which to ignore. Foreign journalists are allowed into Vietnam but are required to have a government minder and are also closely surveilled.

The 2019 cybersecurity law also placed sweeping restrictions on online reporting. It led to the creation of a 10,000 strong military-run unit known as Force 47, which deals with anyone who expresses the wrong view.

Journalists are regularly arrested and jailed, with at least two reported having been abducted from neighbouring Thailand.

7. Iran

Iran’s theocratic regime has placed sweeping restrictions on the way of life of all Iranians since seizing power in 1989 and the media has been no exception.

The regimes climate of fear has seen hundreds of journalists jailed and their families harassed. The regime tightly controls all domestic journalism and while some foreign journalists are permitted, they are routinely spied on.

Internet content is heavily censored and circumvention tools like VPNs are banned, although some do still work.

8. Belarus

Belarus is commonly known as Europe’s last dictatorship and the recent stolen election which has seen long-time ruler Alexander Lukashenko cling on to power again has thrust it firmly back into the spotlight.

Authorities in the country have complete control over the media while there are some independent journalists, they are routinely harassed, arrested, and jailed or otherwise forced into exile.

Censorship and surveillance are routine and those foreign journalists that are permitted operate in a climate of fear.

9. Russia

Since Russia’s brief flirtation with democracy under Boris Yeltsin, the regime of Vladimir Putin has turned the country into an effective dictatorship that puts their smaller neighbours Belarus firmly in the shade.

Any opposition to Putin is brutally put down and this extends to the media and the internet too. Journalists that oppose Putin are routinely arrested and harassed with many jailed or forced to leave the country.

While foreign journalists are permitted, they are closely surveilled. Online content is also routinely censored and the recent cybersecurity laws have led to many sites being censored and VPNs banned.

10. Equatorial Guinea

Teodoro Obiang Nguema Mbasogo has ruled this tiny West African state since 1979. All broadcast media outlets are controlled by the government apart from one which is owned by Mbasogo’s son.

Any content deemed damaging to the country’s reputation is banned. While there are some private newspapers, their journalists operate under threat of prosecution if they write anything critical of the regime.

Foreign news outlets are routinely censored and internet blackouts are common. Few foreign journalists are permitted to operate in the country.

Fake News

Journalist Fake News

Fake news is a term that has moved into common lexicon astonishingly fast. The publication of false information or ‘alternative facts’ as they are commonly described is a popular tactic of authoritarian regimes around the world.

It is also a useful tool for these regimes to use to disrupt democratic countries as well. The impact of fake news on the US is well documented while some suspect that it played a role in the UK’s decision to leave the European Union too.

From the perspective of an individual journalist, the issue of fake news presents several challenges.

It means you have to scrutinise sources far more than was previously the case to ensure they are revealing facts rather than alternative ones.

If you are publishing articles that challenge fake news, you will likely face far more hostility and vitriol online as those who created and back the fake news seek to discredit you and your story.

Fake news can also influence your employers. Most free media outlets are in private hands and need to make money.

That means they need to run stories that people want to read and whether that story is factually accurate or not doesn’t matter too much to a lot of them.

For most journalists, fake news is the antithesis of everything they believe in. Yet it can affect their professional lives every single day and most need to develop strategies to deal with both fake news and the various consequences of it.

Phishing Attacks

Journalists are an attractive target for state-sponsored hackers in countries where there is limited media freedom.

These hackers will move heaven and earth to access journalist’s data, notes, and sources either to identify and prevent stories from getting out or to find evidence to arrest, jail, or deport the journalist.

One of the most common methods for compromising a journalist’s devices and data is a phishing attack.

These are fake emails made to look like real ones from legitimate sources but when opened, they will either have corrupted attachments of links to fake websites that will download malware, spyware or other malicious software.

Everyone needs to be aware of the risks of phishing attacks, but the nature of their work means journalists are far more likely to be targeted than the rest of us.

DOI Attacks

Journalist Doi Attacks

Denial of Information attacks occur when a malicious hacker uses bots to flood an information channel with requests to take it offline and prevent access to a legitimate news story that goes against their agenda.

It is a method frequently used by regimes such as those in China and Russia around the world.

While DOI attacks are usually aimed at the websites of publications, if journalists are publishing content on their own sites, these can also be targeted and social media accounts have fallen victim too.


Trolling is a common issue across the internet but for journalists writing about matters that challenge vested interest groups, it can get far more severe.

As well as critiquing the story and insulting the person who wrote it, trolls can make death threats, accuse journalists of revolting offences, and threaten family members and children.

Often, this trolling comes from anonymous accounts and journalists have few means to respond.

The risk of this trolling going too far is a big reason why journalists have to be so careful with your personal information to ensure these anonymous trolls cannot find out information such as where you live or where your kids go to school.


Journalist Deep Fakes

Deepfakes are AI-generated videos which can realistically superimpose a person’s face onto another person to make it appear they are saying or doing something they aren’t.

These videos are an issue for journalists in two main ways.

They can either be used to fool a journalist into publishing a story about someone which is not true and based on false information. Or they can be used as a tool to troll journalists but putting their face onto a video to try and incriminate or embarrass them.


Doxxing is the term used for making private information about an individual public with the intent of causing that person harm or inconvenience.

This can be a major threat to journalists, particularly in countries where regimes or religions routinely brainwash people. If a journalist writes something that challenges the status quo and their address is made public, mob rule can ensue.

Even in western countries, journalists have faced hate mobs and protests as a result of writing something that other people disagree with.

Similarly, mobile phone numbers leaking can cause huge inconvenience as you are swamped with hostile calls and messages. This often results in having to change numbers which is a massive inconvenience for any journalist.


Journalist Double Switch

DoubleSwitching is a type of social media cyber-attack in which a hacker takes over a legitimate account on Facebook or Twitter and uses it to either defame and embarrass the original user or spread misinformation.

Many public figures have had their social media accounts hijacked in this way but journalists appear to be an especially popular target.

Email Bombing

This is one of the most puerile forms of cyberattack which involves signing up a person’s email account to a large number of sites to inundate their account with junk mail and spam.

It is another tactic that appears to be used commonly against journalists whose official accounts are often in the public domain.

Mass Reporting to get social media accounts closed down

Journalist social closure

Most social media sites have tools that allow users to report other accounts that they deem to be offensive or breaking the rules in some way.

If enough people make a report, it can be possible to get legitimate accounts taken down and this is a technique commonly used against journalists.

There are plenty of other threats to their security and privacy that journalists can face online no matter where in the world they operate. We would be here all day if we tried to list them all.

So, lets now move on to the crux of this guide and address some of the best ways that journalists can stay safe, secure, and private online.

Part Two: How Journalists can stay safe online

Journalist Safety

If you want to ensure you can do your job to the very best of your ability without having to worry too much about the risks we have outlined in part one of this guide, you can.

We cannot guarantee to eliminate all of the potential risks, but with the right tools, precautions, and habits, you can give yourself peace of mind and the best possible chance of staying safe and secure online.

At this point, you might be expecting us to go off on a long-winded, detailed, and technical explanation of various online security and privacy practices. But in actual fact, all you need is a few simple and readily available bits of software and to follow some common-sense rules:

Encryption is everything

Journalist encryption

The first and arguably most important act a journalist can take to keep themselves safe, secure, and private online is to encrypt everything; devices, emails, communications, internet connections, everything.

If you are not sure what encryption is, it is really quite simple.

Encryption is a form of encoding that scrambles all of your data and sends it in a format that is impossible for anyone to read or unscramble. When the data reaches its intended destination, the device or account you can send it to can use a key to unscramble your data and make sure the intended recipients can see it.

The best type of encryption to use is end-to-end encryption. This means that the intended recipient is the only person who can open and read your data. Even the service provider is unable to see the contents of your data.

In the next section, we will look at encrypted communications in more detail, but we will begin here by looking at how you can encrypt all internet connections with a VPN.

What is a VPN?

Journalist what is a VPN

VPN is an acronym which stands for virtual private network and while that sounds complicated, VPNs are actually extremely simple. They essentially do two things.

A VPN will redirect all of your internet data down an encrypted tunnel. This encodes all of your data.

The best VPNs use a minimum of 256-bit AES encryption as standard. This is often termed military-grade encryption and is widely recognised as being unbreakable.

A VPN also redirects your data through an external server before it heads off to its chosen destination. This is a crucial privacy step because it helps to hide your IP Address.

An IP Address is a unique code that your internet connection tags onto all your internet data.

It can tell the websites and services you use where you are located. If you desire strong online privacy, which most journalists do, obscuring your IP Address is vital.

A VPN does that and replaces it with the IP Address of the server you are using. As this can be located anywhere in the world, a VPN makes you partly hidden online.

It also prevents your Internet Service Provider (ISP) from logging what you are doing online too.

They can only see that you are connected to a VPN server and nothing more. With your data encrypted too, this means there is no record of what you are doing online.

Which VPN should journalists use?

The first key thing all journalists must remember is to avoid free VPNs at any cost.

No matter how tight money might be, free VPNs are simply not worth the risk. A considerable number have links to Communist China and many routinely log and sell user data to anyone willing to pay for it.

Others can install malware and spyware, inject adverts, or place such restrictive limitations on what you can do online as to make them completely pointless.

A premium VPN will only set you back a few dollars a month at the most, but they are well worth the money given the level of privacy, security, and peace of mind they can provide you.

There are no VPNs specifically targeted at journalists but this is because the majority of personal VPNs offer everything that a journalist needs to secure all of their devices. But journalists should still be extra-cautious when choosing their VPN provider to make sure they end up with a VPN that does everything they need.

How to choose the best VPN

If you are a journalist looking for a VPN for the first time, we would advise you to seek out a provider that guarantees the following things:

Strong encryption – 256-bit AES encryption is the absolute minimum you should accept.

A no user logs guarantee – This ensures that your VPN provider is not collecting and storing any data about your online usage. Most providers claim this, but only a few have had it independently verified so it is worth finding a provider that can.

Kill Switch – A kill switch is a feature that means your internet is cut off if your VPN connection goes down. This ensures your data and IP Address can never be inadvertently leaked, which could potentially place you and your sources at risk.

Unlimited data – Journalists are online a lot so any VPN which places data or bandwidth limits on its users is not worth bothering with.

Apps – Journalists use lots of different devices, so make sure your VPN works on all the devices you use.

Simultaneous connections – If you have multiple devices, make sure your VPN lets you run it on all of them at the same time. Some offer 10, 12, or even unlimited simultaneous connections which means you could even share your connection with family, colleagues, or even sources too.

Works in Communist China and other authoritarian regimes – Many countries like Communist China, where journalism is hardest, have banned VPNs.

China, in particular, has gone to great efforts to block VPNs and enjoyed a fair bit of success. But plenty of VPNs do still work there. If you are operating in a country like Communist China, make sure you choose a VPN that works there.

Top 5 VPNs for Journalists:

Based on our expert testers opinions and the criteria we have outlined above, we would suggest that journalists anywhere in the world choose one of the following 5 VPNs:

1. ExpressVPN

ExpressVPN is one of the longest established VPNs and has been our Editor’s pick of the best VPNs on the market for a long time. Their combination of excellent security and privacy protections, as well as added features, makes them a standout choice.

ExpressVPN has a no user logs guarantee that means it guarantees your privacy and hides your online identity. They have had this claim verified by PriceWaterhouseCooper (PWC) in a comprehensive independent privacy audit.

It also offers robust 256-bit AES encryption as standard in addition to a wide range of additional security features including that crucial kill switch.

Dedicated ExpressVPN apps are available for Android, Apple iOS, Windows, Mac OS, Amazon Fire TV / Stick, Linux and some select routers. There are also web-browser extensions for Chrome, Firefox and Safari and you can connect up to five devices simultaneously.

ExpressVPN is one of the few VPNs currently available that works in Communist China and all other restrictive countries without any problems.

It is not the cheapest VPN on the market, but it does offer a generous 30-day money back guarantee which allows you to try their service for a month before committing any money. And if you sign up now, you can save 49% thanks to an exclusive offer for VPNCompare readers.

Read our full review of ExpressVPN to find out more.

2. NordVPN

NordVPN is another high profile VPN that really delivers on security and privacy.

It has 256-bit AES encryption as standard in addition to one of the most comprehensive selections of security features of any VPN. This includes double-hop servers, Tor-over-VPN servers and of course, that essential kill switch.

NordVPN has a no user logs claim that like ExpressVPN, has been verified by PWC. It means you can completely trust NordVPN to keep your data and IP Address private.

The service offers a huge range of user-friendly apps including for Android, iOS, Windows, Mac OS and the Amazon Fire TV Stick devices. Their recent adoption of the new, faster, and more secure WireGuard protocol also means they can offer journalists the quickest and most secure VPN connections around.

It is another provider that works in most countries, however, we find it unsuitable for use in China. It offers six simultaneous connections with every account.

NordVPN prices are low and there is a 30-day money back guarantee which gives you plenty of time to test the service before you buy.

Read our full review of NordVPN to find out more.

3. CyberGhost VPN

CyberGhost VPN is a VPN that has made some serious improvements over the past couple of years.

It is a great user-friendly app, ideal for beginners, but which still offers all the security and privacy protection you need, including 256-bit AES encryption and a no user logs guarantee you can trust.

The CyberGhost VPN apps are available for almost every device including Android, iOS, Windows, Mac OS, Linux, Routers and the Amazon Fire TV Stick and you can connect to as many as seven devices at the same time.

Connection speeds are pretty good and CyberGhost can work in most countries around the world.

Prices are very reasonable too and there is also an unbeatable 45-day money back guarantee on offer as well.

Read our full review of CyberGhost VPN to find out more.

4. IPVanish

IPVanish used to be right up there with the very best VPNs but it has waned a little since 2018 when a historical law-enforcement case raised concerns over their no logs policy.

But this policy is now fully reaffirmed and IPVanish claims it does not store any usage data or connection information. It has always offered robust 256-bit AES encryption as standard and some tremendous additional security features.

IPVanish users can now connect as many devices as they want simultaneously, which is great for journalists. They are also renowned for their vast range of apps including for Windows, Mac OS, Android, and Apple iOS as well as the Amazon Fire TV Stick, Linux, and various other devices.

IPVanish has recently upgraded to a 30-day money back guarantee and alongside some very competitive prices.

Read our full review of IPVanish to find out more.

5. VyprVPN

VyprVPN is another big name in the VPN industry and offers a service that has been built on reliability, security, and privacy.

There was a time when privacy wasn’t VyprVPN’s strong point. But they sensed where the tide was heading and at the end of 2018 a fully-fledged and independently verified no user logs service was in place to meet user demand.

VyprVPN offers excellent encryption and security features, including their unique chameleon protocol that unblocks content anywhere and allows you to use VyprVPN in Communist China and just about any other country around the world.

It offers excellent apps for Windows, Mac OS, Android and iOS, good connection speeds, and a really impressive server network.

Their once-popular free trial offer has now been retired but there is a 30-day money back guarantee on top of a very reasonable pricing structure.

Read our full review of VyprVPN to find out more.

Secure Communication

Journalist secure communication

A VPN will encrypt all of your online data and keep your internet activities private. But you do also need to take steps to ensure that your communications are encrypted and secure too.

Journalists will communicate with sources in a number of different ways.

Telephone calls and face-to-face meetings are common, but these will often need to be conducted discreetly and using phones which authorities cannot track or have access to.

Increasingly, sources and journalists will communicate electronically too. This has the advantage of not requiring physical meetings or even for journalist and sources to be in the same location. But it does come with some significant risks too.

Emails and messages can be intercepted, especially if local authorities or hackers are watching either party in the conversation.

Even if you are not being specifically watched, hackers or poor storage can lead to private communications leaking into the public domain. This can have severe consequences for both journalists and sources.

But if communications are sent using a system that offers end-to-end encryption, this means that only the sender and receiver can see the content of the message. As long as your device or that of your source hasn’t been compromised, this should ensure your communication with sources and others are secure and private.

In this section, we will look at options for encrypting the two most common types of communication used by journalists; emails and instant messaging.

Encrypted emails

Journalist encrypted emails

Billions of emails are sent and received every day but email remains one of the most insecure forms of communication there is.

If you use a regular email account like Gmail or Outlook, your emails are essentially open for anyone to see. Your email provider is likely to log much of your communication routinely and any hacker worth their salt is likely to be able to intercept and read your emails.

But some email providers have sought to make secure emailing their USP and the result is that there are several readily available and secure email services out there.

Many of these require a small subscription fee, but for a journalist, this is a small price to pay in exchange for the chance to enjoy secure and private email communication with sources and colleagues.

If you are a journalist looking for an encrypted email service, we would recommend the following five providers:

1. ProtonMail


  • Full end-to-end encryption
  • Based in Switzerland
  • No IP logs
  • Free and open-source


  • Expensive to upgrade
  • Limit of 150 messages a day with the free plan

Our team is unanimous that the best encrypted email service around is ProtonMail, from the team behind ProtonVPN.

The good news for journalists who are on a budget is that this service is available for free, although there are some limitations which can only be removed by upgrading to their premium packages.

ProtonMail is an open-source service that can be used on any computer or mobile device. It uses end-to-end encryption that cannot be cracked, which means all your data is secure and protected.

It also offers a 500 MB-large storage.

The main limitation is that the free version only allows you to send 150 messages per day. That will be enough for many people but if you find this limiting, you can upgrade to their Plus, Visionary, or Business plans.

ProtonMail is easy to use and its encryption is robust. It offers everything most journalists will need.

2. Tutanota


  • Full end-to-end encryption
  • iOS, Windows, Android, and Amazon apps
  • Affordable upgrades


  • Based in Germany, a five-eyes country
  • Only 1GB of storage and one email account allowed with the free plan

German-based encrypted email provider Tutanota is quite similar to ProtonMail in both design and security provisions. It also uses end-to-end encryption on all communication.

No one but you will have the encryption key and if you are sending an encrypted email to an account from another provider, you are able to send the decryption key to the receiver to enable them to view the message.

Our team found Tutanova easy to use and appreciated the fact that it offers several domains, custom folders, attachments, and more.

Like ProtonMail, there is a free version but it is limited to 100 emails a day and 1GB of storage. This will be sufficient for many but there is the option to upgrade for a fee to enjoy unlimited messages and 1TB of storage.

3. CounterMail


  • Login via USB security dongle
  • Use diskless data servers
  • Full security transparency
  • Feature-heavy


  • Free trial only lasts one week
  • Tired interface and design

CounterMail is based in Sweden and is serious about privacy.

As well as encrypted emails, it also only stores content on fully encrypted servers which are all located in privacy-friendly Sweden. These servers are run from CD-ROMs only, and no hard disks are involved, which prevents leaks.

CounterMail also offers plenty of additional features with options to modify many account settings, and create forms, filter emails, and more.

It also uses anonymous email headers and you can use it in a browser or an iOS app. The downside is that the interface is a bit dated and tired and CounterMail is not the most user-friendly of services, especially for beginners.

It is also not available for free, although there is a very limited, week-long free trial available. Other than that you have to pay, but if you want high-security and plenty of features, it is a good option.

4. Mailfence


  • 256-bit AES end-to-end encryption
  • Based in Belgium; strong data-protection laws
  • Affordable upgrades


  • Low storage space
  • Not open source

After ProtonMail, Mailfence is probably the best known encrypted email service.

It has a strong focus on security with end-to-end encryption as standard and no ads. You can choose your own email address and opt to use either your own domain or use the Mailfence address as an anonymous account.

Mailfence does have a free service that comes with a 200MB storage limit. If you need more, there are paid-for accounts available too.

A downside on the security front is that Mailfence is not open source which makes it less secure and private. Its servers are also located in Belgium which is part of the EU and has close relations with the five-eyes group of countries.

5. Hushmail


  • User-friendly interface
  • Encrypted with OpenPGP encryption
  • 14-day free trial


  • No macOS app
  • Based in Canada – dated privacy laws

Last but by no means least is Hushmail, which is also a long-standing fairly well-known service.

It offers a fully-encrypted email service that can send secure emails to other HushMail users and those who do not use the service too.

The design and interface of Hushmail is very user-friendly and there is a 14-day free trial available. After that, you will need to pay to use this service.

A big downside for Hushmail users is that there is currently no macOS app. It is also based in Canada, which is a five-eyes country and also has somewhat outdated privacy laws.

Encrypted Messenger Services

Journalist encrypted messenger

As well as emails, more and more journalists are communicating with colleagues and sources on instant messaging services.

As someone who keeps their finger on the pulse, you are probably well aware of the recent controversies there have been over encrypting these services.

The decision of WhatsApp to introduce end-to-end encryption provoked many objections from security services which like to snoop on people’s conversations and Facebook’s plans to encrypt their Messenger service have led to a similarly hostile response.

But for journalists and anyone who wants to keep their communications private, these encrypted messenger services are vital.

Journalists are strongly advised not to use unencrypted messenger services since these are as easy to intercept and analyse as unencrypted emails are.

The question for journalists is not whether to use an encrypted messenger service, but which one to choose. Here is our rundown of the top 5:

1. Signal

Signal is a free, secure, and encrypted messenger service that is used by millions of people all over the world.

Signal is the only messenger we are aware of that has its privacy-preserving technology always enabled by default. There means there is never a risk of data leaking or messages being sent to the wrong person.

It offers users a texting and voice-calling service that is secured by end-to-end encryption. Users can choose from different disappearing message intervals for each conversation they have saved and Signal is also open source which means the coding is robust.

There are no adverts, no users logs, no tracking, and not even Signal can see what you are sending to your contacts. Signal is quite simply the best encrypted messenger service around.

2. Telegram

If any service runs Signal a close second, it is Telegram.

Telegram has made headlines in recent times for its battle to stay available in Russia despite pressure from the Putin regime to block it.

It offers end-to-end encryption on texts, group chats, and voice calls, and has a broad range of other security options including self-destructing messages, files, photos, and videos. Telegram also has a secret chats option which forces your contacts app to delete messages if you choose to do so.

A recent addition is the ability to video call, which has been one of the most requested features for years.

Telegram is free to use and has millions of users across the globe and no advertising. It has very few limitations and users can send documents and files of any size for free.

3. Wire

Wire is less well known but is one of the other few encrypted messenger services that defaults to encrypted mode to protect your calls and messages. Wire also uses a new encryption key for every message, which means the chances of its encryption being compromised is minimal.

Wire’s security is enhanced by all of its coding being open source and it claims to be the most publicly audited collaboration and communication software on the market.

For personal users, Wire is free but if you want an organisation account, there is a charge.

While Wire only has hundreds of thousands of users at the moment, as opposed to the millions that use Signal and Telegram this arguably makes it less of a target and therefore a more secure bet for journalists who want safe and discreet communication.

4. WhatsApp

WhatsApp differs from the first three apps on this list because it was not explicitly designed as a secure messaging service, but rather is a popular service that has chosen to adopt end-to-end encryption.

This has made it very popular with journalists and the type of end-to-end encryption used means that even WhatsApp cannot see the content of your messages.

One flaw is that it does back-up content on unencrypted storage sites, so journalists need to be careful to manage this service.

Another concern is that it is owned by Facebook, which makes its gargantuan profits from user data. Quite how it makes money out of WhatsApp is unclear and this may be a worry to some journalists seeking privacy.

But on the face of it, WhatsApp’s broad usage and secure encryption makes it a good option for journalists.

5. Viber

Viber is owned by the Japanese media company Rakuten and offers encrypted voice and video calls as well as a strong voice and text message and file-sharing service.

It should be noted that encrypting these services is optional and not set by default, so if journalists are using it, you need to make sure the settings are right.

It is relatively easy to make sure things are set up correctly, though, as Viber uses a colour-coding traffic-light system to show you the level of encryption being deployed.

Viber also boasts various privacy-friendly features, including auto-deleting messages and trusted contact verification. It also claims to have more than a billion users worldwide and has an extremely user-friendly set of apps.

An honorary mention: iMessage

We haven’t included Apple’s iMessage feature in this section for the simple reason that it is not available on all devices. But if a journalist and a source are both using an iPhone, iPad, or Mac device, it is another reliable option.

iMessages are all sent with end-to-end encryption and users can also choose how long the message stays and how many times the recipient can view it. The downside to iMessages (besides the need for an Apple device to use them) is the storage.

Like WhatsApp, iMessages are backed up to the iCloud where they are encrypted using keys controlled by Apple. This means there is a risk of messages being compromised. But users can turn this back-up feature off if they so wish.

Secure Your Backups

Journalist backups

Backups are essential for journalists since your data and files are everything. A lost or broken device can mean the loss of months or even years of work if it has not been backed up properly.

But, as we touched on in the previous section, backups can also be susceptible to hackers or other prying eyes if they are not kept securely.

There are a few notes of caution that all journalists should adhere to.

The first is to be very cautious about automatic backup software such as Apple’s iCloud. This type of backup is usually not secure and encrypted and can automatically back up your sensitive documents in a way that makes them vulnerable to hackers.

Another is to check the small print about who can access files stored in online and cloud storage folders.

A lot of these storage solutions, such as Google Drive, allow the service to provide access to the content of the files you store and this is inherently insecure should hackers or even employees of the company decide to take a look at your files.

If you are going to back up your files and documents, they must be encrypted. It is possible to encrypt your files on your devices and then upload them into a standard cloud storage service as an encrypted document.

But many journalists find it easier to use a cloud storage provider that automatically encrypts everything you upload onto their servers.

This is the backup approach we would recommend and these are the top five encrypted cloud storage providers we would recommend journalists to use:

1. is a zero-knowledge cloud service that offers strong encryption, great security, and a sizeable free service provision.

It uses 256-bit AES encryption on all stored files as standard and unlike some other encrypted storage solutions, it also protects files in transit using the TLS protocol. This means your files should never be vulnerable.

If money is a factor, you can get up to 5GB of storage for free and if you refer friends to the service, you can increase this by 1GB each up to a maximum of 20GB for free. If you are happy to pay, you can go as large as 2TB for fees as low as US$8 a month. is a high-security, low-cost storage solution that ticks all the boxes.

2. pCloud

pCloud is another one of the most secure cloud storage services around at the moment.

It also uses 256-bit AES encryption as standard and has the same TLS protocol to protect moving files that uses. pCloud is also a zero-knowledge service which means they cannot access any of your files, but you do have to be a paid subscriber to benefit from this.

A free plan with pCloud gives you a fantastic 10GB of storage for free and also adds 1GB for every friend you refer. Premium plans are priced at a similar level with up to 2TB of storage available for just under US$8.

It also offers a lifetime subscription for just US$350, but we never know what the future holds, so we are always a bit wary about recommending this type of offer.

3. Tresorit

Tresorit is another secure storage option with 256-bit AES encryption and the TLS protocol for moving files securely. It also offers various additional security features such as two-factor authentication and robust encryption keys.

This service is more expensive than the first two we have recommended with the cheapest subscription offer being a shade off US$10 for 200GB of storage. A 2TB capacity will set you back close to US$24 a month. The free service offers just 3GB of storage which will be insufficient for most journalists.

But they do say you get what you pay for and there is no doubt that Tresorit offers the security and functionality that a lot of journalists are looking for.

4. OneDrive

Microsoft’s OneDrive is the most commercially well-known secure storage solution on this list.

OneDrive will encrypt all your documents with 256-bit AES encryption and also uses the TLS protocol for file transfers.

But journalists beware, OneDrive is not a zero-knowledge service which means that Microsoft holds the keys to unencrypt your data if they want to.

The OneDrive free plan offers just 5GB of storage, although if you have a subscription to Microsoft Office, you will benefit from 1TB of storage inclusive. Other storage plans are available in different price brackets.

OneDrive is a very user-friendly service but it is run by one of the big tech companies and some journalists will be inherently wary of using services provided by them.

5. SpiderOak

SpiderOak has attracted a fair bit of attention in recent years and understandably so.

It is a cloud backup service that is equipped with 256-bit AES encryption and it encrypts data even before it leaves your device. Files in transit are encrypted using SSL protocol with SpiderOak. It also doesn’t collect your file metadata, and it uses a sync folder called hive for syncing files.

SpiderOak has no free plan but it does come at a very reasonable price. 400GB of storage is available for just US$11 a month with 2TB costing only US$14 a month.

Stay safe from malware, spyware, and other cyber attacks

Journalist Malware

We have so far looked at how journalists can secure their internet data with a VPN, send and receive emails and instant messages securely, and keep their backed-up files secure. Now we are going to address how to keep your devices as safe as possible.

There are lots of ways that both individual and state-sponsored hackers can seek to compromise your devices.

In Part One of this guide, we examined threats such as phishing and other cyberattacks that seek to compromise your internet-connected devices. Many of these attacks will be focused around trying to get malicious software, often referred to as malware, spyware or ransomware onto your device.

Protecting your devices from this type of attack is not easy but with the right tools in place, you can give yourself the best possible chance of success.

Most people know that a Windows PC needs anti-virus software to keep it secure. But the truth is that, despite Macs having a reputation for being virus-proof, anti-virus software is essential for all devices regardless of their operating system and manufacturer.

The question is which anti-virus software should you choose.

Like the other products we have discussed in this guide, there are lots of options out there but many do not tick all the right boxes for journalists, for whom security and privacy is their overwhelming priority.

So, here is a rundown of what our team believes are the best anti-virus programmes for journalists to use on their devices:

1. Bitdefender Antivirus

Bitdefender Antivirus is a top anti-virus programme that is regularly updated to tackle the latest online threats. This tool is simple to use but has tons of features for those journalists who are keen to be more hands-on in combating online threats.

There is a free version of Bitdefender that is fine for basic online activity such as browsing and emails. But many journalists will want to consider updating to Bitdefender Antivirus Plus which is even more secure and extremely reasonably priced.

Bitdefender Antivirus plus lets you protect up to 10 devices at the same time.

Unfortunately, only Windows and Mac devices are included in this deal, so if you want to use this software on iOS or Android mobile devices too, you will need to pay a little more for the even more comprehensive Bitdefender Total Security programme.

2. Avast Antivirus

You have probably already come across Avast, which is the best known free antivirus programme on the market at the moment. It is really lightweight, so takes up less space on your device, but still offers a powerful and effective solution for keeping your devices safe and secure.

Given how important this is to journalists, you may well want to pay a little more to upgrade to the Avast Premium Security programme.

This bundles together various other bits of Avast software including their fairly average VPN. We generally advise against using this as it is not as privacy-friendly as the best VPNs on the market, which we have recommended above.

But the increased level of anti-virus protection this offers is helpful, especially if you are doing a bit more than the usual online and privacy is your priority.

3. Norton Antivirus Plus

Norton Antivirus is probably the best-known anti-virus software provider on the market. It has been around for years and is still one of the best anti-virus tools on the market right now.

Norton Antivirus Plus offers a huge range of virus definitions which are regularly updated so you will be immediately protected from any new viruses that emerge.

The interface is a little less impressive than some others on this list. It is rather less user-friendly but still doesn’t take too much time to get used to.

Norton doesn’t offer a free version of this software but subscription fees are pretty reasonable. Unfortunately, you do need a new subscription for every device, which means the price can add up if you use several different devices.

4. Trend Micro Antivirus+

Trend Micro is another long-standing anti-virus software provider and this experience really shines through in their Antivirus+ tool.

This software comes highly rated by security experts and the levels of protection it offers are up there with the very best. It provides comprehensive protection and is also regularly updated.

The main downside to Trend Micro Antivirus + is that it can be quite resource-intensive which in turn slows down your device. This means it isn’t ideal for older devices and sometimes users can be tempted to switch it off. No journalist should do this under any circumstances.

If you want a more comprehensive anti-virus tool, Trend Micro also has a premium programme called Internet Security and Maximum Security. This is more expensive but does offer a much broader range of features.

5. Sophos Home

The Sophos Home anti-virus programme can protect up to ten devices at any one time and offers a platform that has been designed with novices in mind. The simple interface is user-friendly and for those who like to keep things simple, it is a great choice.

Its anti-virus capabilities are not quite up to the levels of some of the other tools on this list if we are honest, but it is sufficient for any journalist that only uses their devices for simple communication and research.

There is a free version of Sophos Home that will be sufficient for many, but if you want more robust protection, you can opt for Sophos Home Premium which is available at a fairly reasonable price.

Password Good Practice

Journalist password

Scams such as phishing and other attempts to download malware onto devices are just one of the ways that hackers and governments will attempt to compromise journalists’ devices and their online accounts.

Another popular and remarkably effective method is seeking to compromise passwords. Passwords are often easy to crack because people don’t put sufficient effort into making sure they are secure.

This is understandable in a way. These days we all have dozens of different online accounts and they are all secured by a password.

Remembering all of these passwords is nigh on impossible and a lot of people don’t even bother. They use simple passwords that are easy to remember or the same password for multiple accounts.

This is a gift to any hacker who is serious about compromising your accounts and for a journalist who cares about their privacy and online security, it is unforgivable.

Keeping your passwords secure and your online accounts private and protected is really not all that difficult. You just need to follow some simple best-practice guidelines and use a simple tool known as a Password Manager.

Password Best Practice:

If you want to keep your passwords secure and your online accounts private, all you have to do is follow this simple rule:

Don’t use weak passwords

In 2019, the UK’s National Cyber Security Centre published its first annual UK Cyber Survey which included a list of the 100,000 most common passwords which have been breached by hackers.

It is worth taking a look at this list to see if any of the passwords it includes are familiar to you.

The overall top 5 are fairly well-known ones:

  • 123456
  • 123456789
  • qwerty
  • password
  • 111111

However, there are lots on the list that you might think sound secure but actually are not.

The study also revealed that people tend to use things like names, the sports teams they support, their favourite band, author, movie, and so on. For a hacker, who can often generate multiple password attempts every second. These are extremely easy to crack.

Even if you try and mix these common passwords up with numbers and characters, most novice hackers will have no trouble breaking them.

They know all the common versions of these passwords to try. There are also basic hacking tools which will automatically try names and dictionary words to crack passwords.

If hackers are specifically targeting you, it is also not too hard for them to find out personal details like family names and try those as passwords too.

If you want to know how to choose a secure password, keep on reading for our short guide to choosing a secure password.

Don’t repeat passwords

As well as choosing a secure password, the other key rule is not to use that password on multiple accounts. You need to use a different secure password with every account.

If you don’t, you are making a hackers job easier because they only have to crack one password to get into multiple accounts.

It might seem like a pain but if you are serious about keeping your online accounts secure and private, you must use new passwords every time.

Change passwords regularly

Finding one secure password is unfortunately not enough these days, especially for journalists.

It is still highly advisable for you to change all your passwords on a regular basis. This is to ensure that if it has fallen into the wrong hands and your account is being watched, the hacker will not have indefinite access.

The advice given by most experts is to change passwords monthly. But as a journalist, if you have particularly sensitive information in an account, it is a good idea to make this weekly or even daily just to be on the safe side.

Rules for choosing a secure password

So, how do you go about choosing a secure password for all your accounts? There are a few simple rules you can follow:


  • Never use common words and phrases such as the ones listed above.
  • Never use personal details, such as family names, dates of birth, or your favourite things.
  • Make sure all passwords you choose are a minimum of 8 characters in length but should be longer.

There are two mains schools of thought about what constitutes a secure password. One method is much easier to remember than the other but both serve the key purpose of securing your accounts:

i. Random character combinations

This is the best-known approach to creating a secure password. It requires you to choose a random selection of upper and lower case letters, numbers, and keyboard symbols.

The perfect password contains all of these in random order with no apparent words or phrases included.

There is no doubt that these passwords are secure but they are also impossible for most people to remember, especially if you have dozens of different passwords for all your accounts.

ii. Random words

A more recent password theory that is statistically just as hard to crack as this is using three random words together. These words should have no apparent connection (although it is possible they could have for you) and avoid any personal details.

You can also choose to mix up upper and lower case letters, numbers, and symbols if you so wish.

Some possibilities include:

  • Te@cupCricketCa4w@sh (Teacup-Cricket-Carwash)
  • cRuc1bLe5K1ttle5T@ble (Crucible-Skittles-Table)
  • l1v3rp007f0urte3nCh1p5 (Liverpool-Fourteen-Chips)

Never write your passwords down.

When we come up with a secure password that is hard to remember, it is relatively easy to think, ‘oh I will just write it down to remember it’.

Don’t do this under any circumstances.

If you are a journalist being targeted by hackers or government spies, you are quite likely to find yourself falling victim to a burglary. If there is a physical list of passwords to steal along with your device, you are doing the hackers job for them.

If you have to write a list of passwords to remember them, be sure to do it in a code that only you can decipher or better still use a neat little online tool known as a Password Manager to encrypt all your passwords securely.

What is a Password Manager?

A password manager is a tool which secures and remembers all of your online passwords and keeps them securely on an encrypted database. To access them, you just need to remember a single master password.

Password managers are incredibly easy to use and can help anyone, including journalists, secure all of their accounts with the strongest of passwords. Despite this, a recent survey showed that only 23% of people online currently use a password manager.

And there’s more. A password manager can help you to generate randomised and secure passwords, auto-fill websites and app logins, and remind you to change your passwords regularly.

The best password managers will not be able to access any of your data themselves and will use encryption that is every bit as unbreakable as the best VPNs or messenger services. Just make sure you remember your master password.

For journalists, who we know prize security and privacy higher than most, the top 5 recommended Password Managers are:

a. LastPass

LastPass is the best-known password manager and still one of the best. It lets you store all your passwords securely and can also keep things like your credit card details and other online details safely if you so wish.

It can also let you generate robust and unique passwords and set reminders to renew these on a regular basis. You can also add notes and comments to different websites and passwords.

LastPass has a superb autofill feature that works with almost every website and app. LastPass can be used on Windows, Mac, iOS, and Android devices and its apps are really well designed and very user-friendly.

It has high-quality security and encryption too and while there is a decent free version, it does have some limitations. We would advise journalists to use the very affordable premium version.

b. DashLane

DashLane is another well-known password manager that offers everything a journalist needs. It can store all of your passwords securely and recover them fast, auto-fill passwords into any website or app, generate secure passwords for you, and remind you to make changes.

A nice bonus feature of DashLane is its ability to search the Dark Web (the part of the internet search engines don’t cover where many criminals and hackers operate) to see if your password is available. This would suggest you have been hacked and Dashlane will let you know and advise you to reset passwords.

Dashlane is also available as a free tool, but like LastPass, if you want to enjoy all the features, you will need to upgrade to their premium version.

It is available on Windows, Mac, iOS, Android and Linux devices and its apps look fantastic and are really simple to use.

c. 1Password

1Password is another excellent password manager that is able to remember all of your passwords for you and let you log into any websites or app with a single click.

1Password contains plenty of bonus features such as Two-Factor Authentication (you can read more about this in the next section) and authenticator tools. It also lets you specify certain vaults as safe for travel to provide an additional layer of protection.

These features are really more for advanced users rather than beginners.

It is a user-friendly service with modern and easy-to-use apps and there is even a free trial available. 1Password supports most major device and also you can also use their various browser extensions too if you so wish.

d. KeePassXC

KeePassXC is another great password manager but it is definitely more suited for experienced computer users.

It offers the added security of allowing you to self-host your password database. Which means you don’t have to trust your Password Manager to keep the database safe for you.

For tech-savvy users, this is a great security feature but it does make things more complicated, which is why KeyPassXC is not higher up our list.

If you are a tech-savvy journalist and not afraid of manually doing a few things, KeePassXC is a great option for you.

e. Password Boss

Password Boss is a cloud storage-based Password Manager with a popular free version. But don’t let that put you off as this is an excellent tool.

It is one of the most secure password managers on the market right now and offers all the features of the big boys in the Password Manager world.

The main USP of Password Boss is that it keeps your passwords in a secure cloud storage facility. This makes it easy for you to access them from anywhere and means your passwords are never stored on a single server or device which could leave them at a greater risk of being compromised.

Password Boss has plenty of advanced features but it is still quite simple to use and offers excellent value for money.

Two Factor Authentication

While a secure password will go a long way to keeping your online accounts secure, it is also advisable for journalists to take that extra step to be absolutely sure things are safe.

The best way to do that is to use a technique known as Two Factor Authentication (often shortened to 2FA).

2FA is a way of ensuring that even if a hacker does get hold of your password or manage to crack it, they still can’t access your accounts unless they have access to your smartphone or another device.

2FA usually takes the form of a separate code that is sent to your smartphone, a verified email address or generated via a dedicated app. You will have to enter this code along with your password before you can access your accounts.

Learn More

If you want to know more about 2FA, you can read our complete guide here.

In addition to a code being sent to a registered device, there are also two other common types of 2FA:

#1 Biometric Identification

Some websites, online accounts, and devices use different types of biometric identification processes to ensure that only the account holder is able to access their account.

This can include things like fingerprint scans, facial recognition, and voice recognition.

This technology does come with some serious privacy dilemmas and requires you to trust the service provider with some sensitive and irreplaceable biological data. But it does stop hackers and government spies from easily accessing your accounts.

#2 Physical Keys

Another common type of 2FA is the use of physical keys such as the YubiKey.

These physical keys generate a one-time code when you want to log into a site. You need to enter this code alongside your password or some devices can do it for you.

The downside to this type of security is that you always have to have the physical key in your possession to log into your account.

This can be annoying if you move around a lot with and need to access your accounts. But they are usually very portable and they do mean that if your devices fall into the wrong hands, your accounts should still be secure.

Using Public Wi-Fi

Journalist public wi-fi

The last key point we want to stress in this section revolves around using public Wi-Fi networks.

Journalists typically travel a lot and meet sources and contacts in all sorts of different places. This means a journalist is likely to spend a fair amount of time on public transport and sitting in places like cafes and hotel lobbies.

Places like this often have a free Wi-Fi network available and it is often tempting to log onto this. But journalists need to be especially careful about this because public Wi-Fi networks are inherently insecure.

These are free networks that are designed to be accessed easily by multiple users. If there is a password to log onto the network, it is going to be publicly available and this means anyone can access at any time. This is a gift for a hacker.

Once inside a public Wi-Fi network, it is possible for a hacker to intercept some of the data of other users on the same network and steal their information. However, things have improved in recent years with more website using the secure ’https’ protocol.

Some hackers will also set up a password-free Wi-Fi network with a similar name to the legitimate one and try and trick you into connecting to it.

For example, if you are connecting in a Hilton Hotel lobby, a hacker might set up a network called ‘Hilton-Free-Wi-Fi’. Anyone can call their Wi-Fi network anything and most people will not bother to check before connecting to it.

To give you an idea of how serious this problem is, earlier this year, the FBI issued clear and strict guidelines for all public Wi-Fi network users.

Their advice was:

  • Check the name and password of any Wi-Fi network to make sure it is the official one.
  • Don’t do anything sensitive, like online banking, when connected to a public Wi-Fi network.
  • Disable location settings on any apps to ensure that you don’t make public the fact that you are not at home.
  • Never give permission for your device to connect to free Wi-Fi networks automatically.
  • Always sit with your back to a wall so other people cannot look over your shoulder and see your screen.

The one glaring omission from the FBI guidance is something we already touched on further up this guide.

Always use a VPN when connecting to a public Wi-Fi network

When you are connected to a VPN, your internet data is all encrypted.

This means that no-one can see what you are doing on the network, whether it is a legitimate one or not. You are also ensuring that no-one can trace what you are doing online back to you.

Despite the security and privacy that a VPN can offer on public Wi-Fi networks, we would still advise caution for journalists. You would be much better to use a Wi-Fi dongle or similar secure connection as opposed to a Public Wi-Fi network if you can.

Public networks should really only be used as a last resort.

Part Three: Privacy Best Practice

Journalist privacy

Time to take a breath.

We have given you a wealth of information and recommendations in that last section and we know it is a lot of information to take in. Our advice would be to take it one step at a time and make sure you have mastered one new tool before you start downloading another.

In this final short section, we are going to offer a few journalist-specific privacy tips.

A lot of this may be common sense to you but it is amazing how often we speak with people in the trade and find that they either haven’t thought about some of these things or are so wrapped up in their assignment that they have forgotten about them.

Our advice is that it is well-worth all journalists reading through this last section on a fairly regular basis to reacquaint themselves with best-practice and make sure their privacy standards are not slipping.


All journalists have to be good researchers but while it can be easy to sink into research for a story, it may feel less intuitive to plan for your own online privacy protection. But it really can make all the difference.

Make sure you know where you are going and who you are meeting. Research your locations to find out about public Wi-Fi networks and where you can meet sources discretely.

It is always worth planning an exit route but you should also make sure you can’t be overheard and if you are going to be using a laptop or smartphone, make sure your screen can’t be seen either.

If you are going to need to access online content together with your source, make sure you can do this securely using a VPN and if you are going to record and store data, be sure you have the tools in place to do this securely and safely.

Befriend hackers

Journalist hackers

This is a tip that came to us directly from a journalist and is perhaps one of the sagest tips we have heard.

If you want to stay one step ahead of hackers, you need to know what is happening in their world. And the best way to do that is to get friendly with hackers yourself.

I’m not talking about the type that works for authoritarian regimes and evil-doers but rather the good hackers that help journalists and online security companies do their jobs.

These hackers will be able to advise you on the best ways to stay safe from the most recent threats and even help you specifically with your privacy protection software if you ask them nicely.

Journalists like to build networks and it is well worth making sure yours contains at least one or two friendly hackers.

Update software regularly

We know how busy the life of a journalist is and this can mean that routine things like software updates get put off or overlooked. Don’t let this happen.

Software developers push out the latest security updates in this way and if you don’t update your software regularly, your security protection could be below par. This can mean that you are vulnerable to hackers unnecessarily.

If you are invited to update your software, don’t put it off, do it now. Better still, set your software to update automatically so you don’t even have to think about it that often.

It is a little thing but these little things can make all the difference.

Clear memories and histories

Journalist clear history

Your devices and software will routinely store what you do with them on your device. Some will even send this data back to the manufacturer.

Such records can be a risk to your security and privacy so it is advisable to clear these records as regularly as possible.

A lot of programmes will allow you to delete your history when you close them automatically, but others will require you to do it manually. It is highly advisable to do this every time you use them. If your device were to fall into the wrong hands, this could prove to be highly sensitive information.

Beware location tracking

Journalist location

A lot of smartphone apps will have a location-tracking function that will often be set to on by default. This means your apps can track exactly where you are at all times and sometimes will even broadcast this information publicly or back to the app developer.

Check all new apps for location tracking when you download them and make sure this function is disabled before you use the app. Again, this is a little thing but it can make a big difference.

Use Blackphones or Burners

If you are contacting your sources using a mobile device, it is a good idea to do so with a blackphone (or burner as they are often called on TV cop shows).

These are disposable phones with anonymous sim cards that are untraceable and mean that even if a government agency is tracking you, they won’t be able to trace your calls to your sources.

No Notes

Journalist No Notes

The journalist’s notebook used to be a cliché that all journalists carried but today they are a security risk. A notebook with source details on it can easily fall into the wrong hand and put either yourself or your sources at risk.

The same is true of online notes too unless these are kept in a secure and encrypted location and cannot be accessed by anyone other than yourself.

Educate sources

Last, but by no means least is perhaps the most important tip of all. Educate your sources.

It is not worth you going to all these lengths to keep your online security and privacy intact only for a lax source to blow your cover for you.

Make sure your sources use all necessary services to protect their communications with you and ensure that any files or information they share with you are encrypted.

When you make contact with a source, the first thing you need to communicate with them is a standard operating procedure (SOP). This is down to your individual requirements but in an ideal world, it would involve all face-to-face meetings to leave no digital footprint whatsoever.

If this isn’t possible, you need to make sure your source is taking all the necessary precautions to keep their communications and data secure and private too.

A Visual Guide to Journalist Safety

Please consider using the code below if you want to share the image on your website:

Copy this code

<a href=""><img src="" alt="Journalist Safety Guide infographic"></a>

Infographic on Journalist Online Safety

Download here: (Right-click ’Save link as…’)


Journalist Summary

Privacy has never been more important for a journalist or harder to achieve. While the advent of the internet age has made many aspects of journalism a lot easier, it has also created many more challenges and threats to journalists.

The current political climate in many countries around the world has exacerbated this still further.

This is why we have created this guide and we are confident it contains all the information a journalist needs to keep private and safe online. We know there is a lot to take in, which is why we will be keeping it online indefinitely and updating it periodically with all the latest information.

If you are finding it a lot to take in, our advice is to pick a section, make the necessary changes to your professional habits and then dip in again once these have become second nature.

If you can manage to put all our advice and all the software we have recommended into practice, you can be as confident as it is possible to be that your online activity is safe and private.

Which bits of the guide did you find useful? Or do you have some tips we missed? I would love to know so post a comment in the section below.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.