You Don’t Have to Be a Journalist to Want to Keep Chats Private

I’m horribly cheap, but Spotify is one of the few apps I pay for. Since I’m paying, my expectations are sky high, and yet the app is buggy and slow, and it crashes regularly. I expect it to read my mind and know exactly what I want to hear at all times, but it doesn’t, so I’m disappointed.

I also love that more and more messaging apps are adding options for ephemeral conversation. I’m increasingly convinced that the default of digitally hoarding all conversations forever was a terrible idea, and I like that I can get my conversations to disappear from most of the chat apps I use now.

You’ve written a lot about security. How do you keep your own tech setup secure?

I got interested in security out of necessity. When I was a kid using social media for the first time, I was also in the process of extricating myself from an abuser. I had to figure out how to use things like Myspace — it felt very important at the time to have a vibrant Myspace life! — in ways that would protect my anonymity, my location data and other sensitive information. I’d constantly be messaging my friends, asking them to take down certain pictures or posts that could help my abuser find me.

This isn’t a concern for me anymore, but the situation forced me to think about what kinds of personal data I was sharing online from the moment I started doing it, and I’m grateful for that. A lot of people don’t think about their online privacy until they’re dealing with a compromising situation in which their data is already out there.

Unfortunately, I think experiences like mine are quite common. Lots of people learn about the risks to their online security only when they’re affected by a widespread breach like Equifax, or another security threat. After college, I started learning more about cryptography and going to crypto parties, which helped me realize security could be something fun instead of something scary. Encryption is seen as this nerdy, niche subject, but I think there’s something almost romantic about putting in the time and effort to keep a conversation private and safe — it shows you care.

What about protecting conversations with sources?

I approach security as a journalist in much the same way that I’ve approached security as a person. The first thing I think about is limiting my exposure — what kind of data are my source and I generating? How do I minimize that footprint, or at least minimize how long my devices retain it? The second step is securing the data we do end up generating, which often means encrypting it.