Hey everyone. Apologies for the blatant plug but seeing as we are talking about security precautions for non-profits and journalists, it's probably relevant...
We build a tool specifically to help non-profits and journalists learn about and manage their digital and physical security on the move. It's called Umbrella App. It's free, open source, on Android and contains tons of lessons on privacy related issues like digital and physical security. Umbrella has everything from how to do basic stuff like communicate with basic tools like Signal to sending a secure email with PGP. However, the unique bit is we also have stuff on the physical side, like how to plan travel, cross borders, set-up a secure physical meeting, deal with detecting surveillance, covering a protest, respond to a kidnapping etc. Basically we have tried to make it a bit of a one-stop-shop for security for regular people, activists, refugees and journalists. We also pull security feeds from places like the UN, Centres for Disease Control etc - which is obviously very important to folks in places like Syria or affected by Zika/Ebola.
There’s tons of really relevant stuff in it, especially for those now mobilising for the first time on some issues. Loads of people are writing guides that solve small parts of the puzzle but we have tried to provide the whole picture in the one place.
PGP isn't user friendly, but from the Snowden leaks we learned it is one of the few encryption standards the NSA hasn't been able to break. TLS and most configs of VPN protocols were shown to be easily compromised. PGP was basically shown to be a show stopper.
Perhaps older versions of SSL, but there is no evidence that anyone has compromised TLS.
There is evidence that encrypted traffic was stored and research was done on the metadata of these connections but that is no surprise. That may be what they were referring to.
I really think you're vastly exaggerating the difficulty of using PGP properly. With Enigmail and a small sheet of instructions, anyone slightly computer literate should do fine.
And there simply aren't any better alternatives for encrypting emails or files for transmission. I'd love to be wrong about that, but I haven't seen anything.
We build a tool specifically to help non-profits and journalists learn about and manage their digital and physical security on the move. It's called Umbrella App. It's free, open source, on Android and contains tons of lessons on privacy related issues like digital and physical security. Umbrella has everything from how to do basic stuff like communicate with basic tools like Signal to sending a secure email with PGP. However, the unique bit is we also have stuff on the physical side, like how to plan travel, cross borders, set-up a secure physical meeting, deal with detecting surveillance, covering a protest, respond to a kidnapping etc. Basically we have tried to make it a bit of a one-stop-shop for security for regular people, activists, refugees and journalists. We also pull security feeds from places like the UN, Centres for Disease Control etc - which is obviously very important to folks in places like Syria or affected by Zika/Ebola.
There’s tons of really relevant stuff in it, especially for those now mobilising for the first time on some issues. Loads of people are writing guides that solve small parts of the puzzle but we have tried to provide the whole picture in the one place.
Google Play Store: https://play.google.com/store/apps/details?id=org.secfirst.u...
Amazon App Store: https://www.amazon.com/Security-First-Umbrella-made-easy/dp/...
F-Droid Repo: https://secfirst.org/fdroid/repo
Github Repo: https://github.com/securityfirst
Code Audit: https://secfirst.org/blog.html
Hope some folks here find it useful/interesting!
Ends blatant plug