Skip to content

Category: Tech

Testing Wi-Fi Routers for Fun and Profit

I’ve written here before about “empirical journalism” and the idea that reporters don’t have to wait for experts to conduct studies that might help readers. Continuing with that idea, recently I worked with a computer researcher to evaluate the security of popular Wi-Fi routers for a story.

The novel survey showed that half the devices arrived with known, previously documented security weaknesses. Only two required users to change from the default password–something that computer security pros have been demanding for many years. Half didn’t let users easily check for new software during the standard setup process. Instead, users had to search on the Web themselves or run optional programs. Two actually told users that updated software wasn’t available, when in fact it was, and one directed users to download new software that itself had a severe, documented security flaw.

Security of Wi-Fi routers might not sound too sexy. But routers already have been used in attacks to disrupt networks or siphon people’s data. And they’re one of many types of devices that are being connected to the Internet but that don’t receive the security attention of PCs. Trust me, these devices are poised to become more important to hackers in the future; almost every security pro I talk with sees things like this as a weak link.

Computer Security for Journalists

Over the past year, I’ve been increasingly asked to speak about computer security for journalists–specifically, how reporters can avoid surveillance by governments and help protect their sources.

Unfortunately, many people seem to think there’s some kind of magic bullet that will protect reporter-source conversations, and that all our problems would be solved if reporters could simply learn to use encryption. But encryption isn’t as magic bullet; there’s much more to source protection than encrypted email.

If you’re here thinking you’re going to find an easy solution–or any particular solution at all, really–I’m sorry. I don’t have one.

But I’ve been speaking about this subject enough now that I have a few tips and tools I’d like to put together in one place.


Continue reading Computer Security for Journalists

The WSJ Data Transparency Weekend: Not a Hackathon

Ed Felten at the WSJ Data Transparency Weekend
Take Your Daughter to Hack Day at the WSJ Data Transparency Weekend

The Wall Street Journal had its first hackathon this year. Sort of.

The Data Transparency Weekend, as it was officially called, was actually billed as a “codeathon,” a word that might be meaningless but that, unlike the more commonly accepted word “hackathon,” is guaranteed not to alarm anyone who is worried about masked geeks bent on cyberdestruction.

Over that weekend in April, the Journal brought about 100 programmers together to work on tools to help people see and control their personal data. The projects, which surpassed even my high expectations, ranged from a tool for monitoring data that escapes your cellphone to software that lets Web surfers see what their browsing habits indicate about their demographic profile.

Generally, like any good journalist, I’m a bit cynical. I’m not prone to using phrases like “community-building” or “honoring the process.” But this weekend left me optimistic. Among the highlights: Princeton professor and Chief Federal Trade Commission Technologist Ed Felten hacking with his daughter, a high-school computer science student; cat-shaped emoticons in the Cryptocat chat room; and a censorship-detection tool modeled on “Minesweeper.”

My husband and I also had the pleasure of hosting a couple Data Transparency Weekend hackers at our home in Brooklyn. To decide who slept in the guest room and who slept on the couch, they used a random number generator. Awww.

How to Use PGP for More Secure Email

If you want to communicate more securely, encryption can be a good solution. For email, I use a tool called PGP, which stands for “pretty good privacy” and which relies on a system of “keys” to lock and unlock data. PGP does a good job of protecting the content of your messages, but using it isn’t exactly simple, especially for the average person.

I’ve gotten a few questions in the past several months from journalists and others who want to email in a more secure way but don’t yet know how to use PGP, so I figured I’d provide some basic instructions. If you have any further questions, please feel free to let me know.

Before you get started, a word of caution: Using encrypted email can protect the contents of your messages, but it doesn’t hide the fact that you were sending the message in the first place.


Continue reading How to Use PGP for More Secure Email

The Surveillance Catalog: Made Possible by DocumentCloud

Image from Surveillance Catalog

This fall, The Wall Street Journal obtained a set of documents from a secretive trade show for surveillance and intelligence tech. The marketing materials reveal an industry that has grown rapidly in the past 10 years to supply the increasing demand from governments.

In addition to the usual articles in print and online, we wanted to give readers a chance to see the documents themselves. To do this, my fellow online journalists Zach Seward and Jeremy Singer-Vine suggested a service called DocumentCloud — part of Investigative Reporters and Editors, a nonprofit organization dedicated to investigative journalism. DocumentCloud lets journalists upload documents, annotate and categorize them and then use them in interactive graphics and the like. Documents are automatically run through an “optical character recognition” system, so they’re easily searched. Readers can view the journalists’ notes or download the original document as well.

As a new user of the system, I found DocumentCloud to be slick and incredibly easy to use. We couldn’t have completed our project so quickly without this tool. There are, however, a few things I’d love to see, including the ability to categorize annotations. This sort of finer control would allow readers to see only annotations related to glossary definitions of words, for example, or notes that correspond to certain stories. The folks at DocumentCloud are regularly updating the features. If you’re a journalist who regularly uses original source material, you should check it out.

A Week on Foursquare

Note: Several years after I published this post, the Journal’s graphics server was hacked, and the graphic itself was lost.

The graphic above is part of a project Albert Sun, Zach Seward and I did for The Wall Street Journal that looks at a week’s worth of data from Foursquare — which is a mobile app that lets people “check in” to different locations. This was one of those projects that was done in our “spare time” — of which we have very little — so it took us a few months. Foursquare is still kind of a niche technology, used by only a small percentage of people, but it’s fascinating to see just what information you can get even from people who are willing to freely give up their data.

We looked specifically at New York and San Francisco, two cities with many early Foursquare users. Much of the data showed us what we already knew, for example that people in New York have weekday lunch in Midtown and go out in the Lower East Side on Friday nights. But there were some interesting tidbits as well. Among my favorites: The most disproportionately male locations were gay bars and … tech start-ups. And San Franciscans love coffee shops, while New Yorkers love bars. For more, see our graphic and blog post.

What Is ‘Big Data’?

I spent three glorious days at the Strata conference on “big data” earlier this month — in sunny Santa Clara, surrounded by statistics nerds. The confab, put on by the folks at O’Reilly, proved to be fertile ground for potential stories, as well as for new ways to convey them based on data.

But one question still nags me about this field: What is “big data” in the first place? After all, large data sets have been around for years — although it’s true that we’re now talking petabytes instead of lowly terabytes. Something else that isn’t so new: “data mining,” or the parsing of said data to find patterns, often using artificial intelligence. Furthermore, it’s not always the size of the data that matters; the visualization techniques being discussed at Strata, for example, could very well be used with smaller data sets.

What’s new isn’t just the size of the data involved, or even the fact that it’s being analyzed, but how important and accessible it now is. The point is that data are now everywhere, being scattered like so many breadcrumbs. Tyler Bell at O’Reilly Radar has a good post on the many metaphors being used to describe the concept — like “the new oil,” “data deluge” and my personal favorite, “data exhaust.”

Several folks at the conference posed “data science” as an alternative term to “big data,” and I think that works. It certainly broadens the subject and seems more understandable.