Cloud services such as Dropbox or Apple’s iCloud make it easy to access and share files from any location with internet access, but they also present risks. In this article, Reporters Without Borders (RSF) sums up the pros and cons of using the cloud for storing sensitive files and provides advice on how to safely store data on it.
Cloud computing services allow users to store data online. Clouds can be a convenient tool for journalists who work remotely or who are constantly travelling and have difficulty accessing files stored on their home or office devices, but they also present important risks. Cloud accounts may be breached by hackers or handed over to authorities by service providers, threatening the integrity of a journalist’s work and the safety of their contacts.
- It is easy to share files and work collaboratively while being remote.
- The same files can be accessed on different devices (cellphone, laptop, smartwatch).
- Files can be updated quickly and easily.
- Depending on the service used, there is usually low or no storage cost.
- Most services do not offer end-to-end encryption (E2EE) by default.
- Cloud service providers may have access to users’ files, even if they claim they cannot, and are in some countries legally required to provide authorities with access to users’ data on request.
- Hostile parties can try hacking a cloud account from anywhere in the world without needing physical access to the user’s devices.
Safety rules all journalists should follow
- Whenever possible, use a strong password and two-factor authentication (2FA) to protect the account from unwanted logins.
- Only share files with the people who need to have access to them.
- “Clean” the cloud regularly by deleting all unneeded files, so the damage is as minimal as possible if the account is breached.
- Whenever possible, use end-to-end encryption services for every upload, such as VeraCrypt, OpenPGP, or Boxcryptor.