A journalist’s phone security problem is not really about the journalist. It’s about the source. The content of your reporting may be destined for publication anyway, but who you talked to, when, and from where is exactly what a hostile party wants, and it’s often what your phone leaks most readily. A field security routine for reporting is built around that fact: protect the relationships, not just the notes. Here’s a practical checklist for before, during, and after an assignment.
Before you go
Most of your security is decided before you leave. Carry as little as possible on the device, because a phone that doesn’t hold your whole life is a phone that can’t surrender it. Where the assignment is sensitive, a separate, hardened work phone such as one running SovereignOS, kept apart from your personal identity, limits what a single seizure exposes. Set up encrypted messaging in advance and get your sources onto it too, since the time to teach someone to use Signal is not the moment they’re frightened. Turn on disappearing messages for sensitive threads so you’re not building an archive of your sources that can be taken later. And make a clean backup before you travel, so losing the device is a setback rather than a catastrophe.
Know the border problem
Border crossings deserve their own line, because they’re where the rules thin out and the searches concentrate. Assume a device can be inspected or taken when you cross, and prepare accordingly: the powered-off, encrypted phone holding little is your friend here, and the loaded one carrying every source you’ve ever had is the liability. Think through, in advance, what you’d do if asked to unlock it, because deciding under pressure at a checkpoint is the worst time to work it out.
In the field
On the ground, a few habits carry most of the protection. Power the phone off in any situation where it might leave your hands, since off is the one state these searches struggle against. When you’re meeting a source whose connection to you must stay private, remember that a phone merely sitting in your pocket is still broadcasting, and only powering it down or placing it in a Faraday bag truly silences it. Treat unfamiliar networks as hostile and don’t connect to them casually. Disable 2G to shrink the oldest interception paths. And keep lockscreen discipline: a strong passcode, not a face or fingerprint that can be compelled more easily in a tense encounter.
Protect the metadata, not just the message
The thread running through all of this is that encryption protects what you said, not the fact that you said it. Your call logs, your location history, the pattern of who you contacted and when, these can expose a source even when every message is unreadable. So minimize what gets created: prefer encrypted apps that limit metadata over regular calls and texts, which ride on infrastructure that records exactly this. The reporting may be the story, but the metadata is the source, and the source is what you’re there to protect.
After the assignment
When you’re out, close the loop deliberately. Move material off the device to secure storage rather than letting it accumulate on a phone you carry everywhere. If a device was exposed to a hostile environment, treat it with suspicion rather than assuming it came back clean. And when a phone reaches the end of its working life, dispose of it properly, because a discarded reporting phone is a discarded contact list if it’s not wiped correctly, a process we cover in detail elsewhere.
The short version
Travel light, encrypt early, power off when it counts, protect the metadata as fiercely as the message, and close the loop when you’re done. None of it requires you to be a technologist. It requires treating the phone as what it is in the field: the single object most likely to give up your sources, and therefore the one most worth disciplining. Get the routine into muscle memory before you need it, because the assignment where it matters is not the one where you want to be improvising.
Related reading
- What Journalists Actually Need From a Secure Phone
- Metadata: What Your Phone Leaks Even When Your Messages Are Encrypted
- Building a Faraday Setup That Actually Works
- Traveling With a Secure Phone: A Practical Checklist
SovereignOS is a hardened, de-Googled phone, set up the way we would build one we had to rely on ourselves. One-time price, no subscription, no account required.
See SovereignOSRecent Comments
Post Widget
Should You Trust Signal?
Social Media Widget
Customer service
Real people, ready to help. Reach our team anytime at hello@spicycorp.com.
Fast Free Shipping
Get free shipping on orders of $150 or more (within the US)
Returns & Exchanges
We offer free returns and exchanges within 30 days of purchase.