How to lick under the Trump management

President Donald Trump Has no nice feelings for whistleblower.

During his first term in office, Trump's Ministry of Justice carried out a secret espionage process to try to catch leaks. On the campaign path, Trump threatened to arrest journalists several times who do not reveal their sources – and suggested that they should be raped in prison until they give up names.

For those who want to speak against misconduct within the US government, it has never been more critical to take steps to protect themselves. That is why we have put together these best practices to develop information in the public interest under the Trump administration.

Do not call or text

Telephone calls and text messages are practical, but are not safe for whistleblower. As explained in a December report by the General Inspector's office, the Ministry of Justice repeatedly used “mandatory processes” in Trump, which contain prime charges, search commands and court commands-to apply for “non-in-intensive communication documents” of telephone providers, the journalists at CNN, the New York Times and the Washington Post. The inquiries were both the work numbers of the reporters and their personal figures.

Communication does not contain any data records. Instead, the government's investigators wanted to collect metadata in connection with communication: for example, who sent a message or to the phone of a journalist and at what time was made.

Even if the content of the conversation is not recorded, the metadata establishes clear connections between parties.

If a search for a metadata provides evidence of communication with journalists or legal groups, this could show who is behind a leak.

E -mail not

Never use a work or a personal e -mail address if you communicate with journalists.

In his attempt, while Trump's first term of office, Leck's first term, the Ministry of Justice also applied for information about the content of the e-mail communication of reporters from her email service provider. They wanted details such as the time when an e -mail was sent and received, as well as the e -mail address of the sender.

While the E -Mail encryption technology can encrypt the body of the E -Mail message and in some cases also specifies subject lines, the e -mail address itself and data and times are sent and do not receive encrypted.

This means that it is not difficult for investigators to use e -mail records to draw a clear line between a journalist and his source -even if they cannot determine which information has been specifically exchanged.

The establishment of a separate e -mail account for communication with journalists or right groups is an option, but there are a number of potential Gotchas. For example, care should be taken to ensure that no identifying information is displayed when setting up a Burner email account: Do not use your telephone number for the two-factor authentication, select a disposable user name that is in no way linked to you, and select a checked VPN or the Tor network to mask your IP address. In view of all of these obstacles, it is often best to avoid e -mails as a whole.

The owners of the largest social media platforms from Tech have different loyalty to the Trump administration. These genuflections include Mark Zuckerberg programs at Meta, Andy Yen, CEO of the e-mail provider of “Privacy-First”, which is considered how the Republican party today stands for “The Little Guys” and Elon Musk, the owner of X, as “special government agency”.

The fact that Trump's richest fan also has a popular social media platform should provide a break via the use of X to exchange confidential information. It does not require an overactive imagination to see a scenario in which the companies that own communication channels are willing to provide user information with a government that they want to satisfy.

Although social media direct messages are generally unencrypted by default, some social media platforms now offer optional encrypted messages, although this function has to be activated manually. For example, X -Direct messages can be encrypted if both parties are verified users and Facebook Messenger can also be used for sending encrypted DMS. However, the metadata or the non -content information would also show that their account was in contact with the account of a reporter.

Similar metadata risks apply to messaging platforms such as telegram and WhatsApp. Telegram offers encryption, but is not activated by default and has a number of restrictions. WhatsApp encrypted messages by default, but reveals a variety of metadata about communication itself.

In view of the way in which state investigators generally do not demand content-related communication documents, end-to-end encryption does not mask whether or not someone speaks to journalists or other companies.

Safe communication tools such as signal and session minimize the amount of metadata and user information to which platform operators can access.

Signal can identify the date that was created a certain account, as well as if the account has recently accessed the service. It can also identify a telephone number connected to an active user name that is far fewer metadata than other messaging platforms.

If you are worried that your username will be linked to your phone number, change your user name at regular intervals, which would prevent previous user names from being bound to your telephone number.

Signal routinely posts copies of inquiries about user information that it receives from the government. This information shows that signal tends to only share if a certain account was last accessed and created for the first time. Government inquiries for information from service providers can, however, be equipped with non -folding orders that could legally prevent the operators from informing these requirements on their transparency pages and possibly preventing them from notifying the affected users themselves.

The session, a messenger, whose slogan “Send messages, does not read metadata”, reduces the amount of information that he stores via the users, for example by not using central servers to pass on messages.

Nothing is a replacement for Opsec

However, you will not protect the best end-to-end encryption and metadata minimization without fundamental operational security.

Digital access protocols can indicate who has a copy of the file displayed, printed or downloaded, and when. The more files you access, the more likely it is that you are the only person who has accessed all of these files.

Avoid the communication of whistleblower while you are physically present at work. Apart from someone who sees your screen, your employer may also find that you have accessed a certain communication service in a company network.

Under no circumstances also use tools if you are communicated or transmitted with data with reporters or legal groups.

Personal devices with all installed work-based device management apps are equally risky. It may seem old-fashioned, but instead of taking up a screenshot of a certain document or chat data set on a work equipment, take a photo of the screen with a separate unique user phone or at least a personal device.

Make it clear to someone that you could draw the misconduct that through that seepers of photos or documents in general should not be fully published. This is because source material may be connected to the specific device with which it has been recorded.

A photo that shows a file on your computer monitor, for example, can contain a flaw or dirt on the screen. More demanding forensic techniques such as watermarks can be used to track the origins of a leaked E -Mail or video conference.

Even e -mails that apparently be sent to a large number of recipients can be shipped individually with watermarks, whereby each message contains a clear change that is due to a single recipient. For this reason, it is the safest way for journalists not to reproduce e -mails literally and instead rely on selective quotes or summaries.

After communication with external parties, make sure that there are no records of sensitive communication. Make sure that you not only delete certain messages, but also the entire chat history of all linked devices on which your messaging app is installed. Ask that everyone with whom you share sensitive information does the same. Also remember to save each other in your contact lists.

The inflation of the pipe can have a real influence on the world, but it is also associated with risks – the threat from prosecution or the loss of your job among you. Although leak examinations in the Trump administration can become a priority again, these DOS and DONGEN can help reduce the likelihood of reducing themselves when they illuminate the misconduct.