As per title. I’m a journalist in an EMEA/APAC country and I got arrested a couple weeks ago for publishing some recordings of politicians making deals with some shady characters.
I made a really rookie mistake because I posted it on a local reddit-like website using an old login. Even if I went to an internet cafe to send it, the login was created at my home approx. 10 years ago. They tracked me down by subpoena the website to divulge the ip addresses. I spent 48 hours in jail, in the meantime I got sued by 2 people and I need to walk over to the police station twice a week.
I published the “controversial” stuff exactly a year ago and over the year I took down the post (however it is still on web archive), and the laptop I used to post is “destroyed”.
What I’m trying to do now is to prepare for what may happen next. I do have TBs of data at home and in an undisclosed location that are paramount to my work. I write articles for foreign websites and I need the recordings, the reports, and other stuff at arm’s length. Over the last year I was able to make some changes in my OPSEC but I feel it is not enough. Could you please review the below and let me know if I’m safe?
- I use multiple gmail accounts that all feed into my main one (my country is not really able to subpoena google – so i’m not afraid to use their services. And I used them primarily because of the ease-of-use)
- 2-factor auth
- I have a couple of throwaway emails
- Paid VPN from a foreign company. I use it on the PC and on the phone.
- I never reuse my logins. Each one is unique and pretty generic.
- I don’t post pictures of my face online and I try to hide my face when in public.
- I have an old Camera detector
- Also a RF detector
- And a Voice jammer
- I don’t trust password vaults because it is holding all the eggs in one basket. I have 10 semicomplex(numbers, letters and special) 8-10 characters long passwords that I use.
- I use a windows laptop with 2 internal SSDs. It is my only PC that I use for work and for web browsing. I wonder how can I encrypt the SSDs as I need speed and easy access? Can I do it now even if they are almost full?
- I have 4 external HDD full of data that I also need to encrypt (at least some of them) Can I do it with Veracrypt?
- I have a drill next to me HDD in case of a raid
- I have plenty of SD cards – How to encrypt them without corrupting them?
- I use TOR but the internet where I am is really slow so I can’t do much with it
- I use 2 phones. One private and one for business.
- The private one has an official simcard that is registered to my name. The business one has a simcart bought in another country that doesn’t require registration
- I never use both phones in the same place or time. When I go out to film something or register I use my business phone and leave my personal at home. I turn on the business one after many km. from my home residence.
- On both phones I Use call recording with an automatic backup to the cloud (OneDrive)
- I use Signal
- I use bouncer app
- I have a burner phone in case of emergency with another sim card
- I don’t use smart unlock on my phone.
- Miclock that prevent my microphone to record
Thank you and godspeed to you all!