alt Hacker NewsI hope Washington Post does a better job of training their reporters than my friend’s former employer did.
They sent her off to a certain country with highly repressive speech laws and secret police to interview and survey various civil rights activist groups. They gave her little to no guidance about how to protect herself aside from “Use a VPN to send any documents to us.” They didn’t even instruct her to use an encrypted email provider or to use a VPN for any online work that didn’t get sent to the employer.
It’s very fortunate she knew me and I could at least give her some basic guidance to use an encrypted email service, avoid doing any work on anything sensitive that syncs to a cloud server, make sure she has FileVault enabled, get her using a password manager, verify that her VPN provider is trustworthy, etc.
>They sent her off to a certain country with highly repressive speech laws and secret police to interview and survey various civil rights activist groups. They gave her little to no guidance about how to protect herself aside from “Use a VPN to send any documents to us.” They didn’t even instruct her to use an encrypted email provider or to use a VPN for any online work that didn’t get sent to the employer.
How would those advice have helped?
>an encrypted email provider
Unless this was in the early 2010s the email provider was probably using TLS, which means to the domestic security service at least, is as safe as a "encrypted email provider" (protonmail?)
>FileVault enabled
That might work in a country with due process, but in a place with secret police they can just torture you until you give up the keys.
>password manager
Does the chance of credential stuffing attacks increase when you're in a repressive state?
None of the advice is bad, but they're also not really specific to traveling to a repressive country. Phishing training is also good, but I won't lambast a company for not doing phishing training prior to sending a employee to a repressive country.