Merge pull request #26 from lukasz-a-krol/main

added a paragraph on browser fingerprinting + minor fixes

content/chapters/chapter-3.en.md

@@ -80,7 +80,7 @@ You can protect against malware by doing the following:
 
 * It is recommended to secure computers in order to protect the information contained on them, both by setting a good account/ login password and by encrypting the internal drive. If a computer's drive is encrypted then nobody can access the information on it without the password needed to decrypt the content. Be aware that law enforcement may, in some jurisdictions, request that the devices be decrypted, for example by forcing a user to disclose the password.
 * When setting up encryption on a computer, you will need to create a password that will be used to encrypt the drive. It is better to think of this password in advance and to ensure that it follows the best practice for creating secure passwords. Information on this is available in chapter two.
-* Backup all data on devices first before encrypting them, in case there are problems during the encryption process and you cannot access your data, you can restore it from backups.
+* Back up all data on devices first before encrypting them, in case there are problems during the encryption process and you cannot access your data, you can restore it from backups.
 * There are different ways to encrypt a computer depending on whether it is a Windows PC or a Mac. Turning on encryption for Windows Pro involves activating their encryption program called Bitlocker. You can read about how to do this [here](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838#:~:text=Or%2C%20select%20Start%20%3E%20Settings%20%3E,and%20then%20follow%20the%20instructions.). Users of Windows Home editions can use a feature called [Device Encryption](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838), though it is only supported on some devices as it requires a specific hardware configuration. Apple Silicon Macs or those which use the T2 chip are encrypted by default, with the encryption done on-the-fly through specialized hardware. Those who use older Macs can turn on FileVault, the equivalent encryption program for Macs. Read more about encrypting Mac computers [here](https://support.apple.com/en-gb/guide/mac-help/mh11785/mac). (While the hardware encryption is quite reliable, a very well resourced adversary might be able to break it. High-risk journalists who have newer Macs should nonetheless be encouraged to also turn on FileVault; for more information, [check out this piece](https://www.macworld.com/article/234494/how-filevault-and-the-t2-security-chip-work-together-in-newer-macs.html).)
 * You can also encrypt your backup drives, something that is especially important if you are concerned about home or office raids or if you travel with backups. This means that anyone who accesses your backup drive will not be able to read its contents without the password which was used to encrypt them. Time Machine, the default macOS backup program, allows for encrypted backups. It's a little more complicated in Windows. Users of Windows Pro editions can use Bitlocker to encrypt their backup drives, whereas those using Home editions should ideally use [VeraCrypt](https://www.veracrypt.fr/en/Home.html), a reputable third-party tool.
 

content/chapters/chapter-4.en.md

@@ -37,13 +37,14 @@ _General best practice_
 - Carry out a risk assessment prior to starting any online research. Ask the journalists to identify whether they may be visiting any websites that may pose a security risk for them, such as websites run by criminal organisations, or where they want to keep their identity hidden for other reasons, for example when visiting the sites of companies they might be investigating.
 - Each device connected to the internet is given a unique number known as the Internet Protocol Address (IP). This number is allocated by your internet service provider, the company that provides you with your internet. The IP address contains information about the device connected, including its location. While your internet service provider, and a government which requests this data from them, can typically tie an IP address to a single person, other services you connect with online will not be able to do so. They could, however, figure out your location, institution, or office based on your IP address.
 - Website owners are able to see what IP addresses are visiting their website. This could be a problem for journalists who might not want the website owner to know that they have been looking at information on their site. If a journalist is looking to hide their IP address from a website then they should use a Virtual Private Network (VPN). For more information on VPNs, see the section below.
+- In addition to IP addresses, website owners can also see basic data about a system, such as its screen resolution, software version, or which fonts it has loaded. This practice, called browser fingerprinting, could be used to identify machines belonging to particular organizations or even individual users. Several web browsers are now implementing anti-fingerprinting protections, with the Tor Browser (described in more detail below) offering some of the most advanced ones.
 - When you visit a website you should ensure that the site is encrypted. You can check this by looking for the padlock image in the far left of the browser bar as well as ensuring that the site address says https. When a site is encrypted ISPs and others are unable to see your activity on the page. For example, they can see you are connected to an email provider but they will not be able to read your emails.
 - Encourage journalists to install a reputable ad blocker like uBlock Origin to protect against malware. For more information on malware see chapter three. This may not be an option for them if they are working in a newsroom which does not permit ad blockers or browser extensions.
 - Suggest installing [Privacy Badger](https://privacybadger.org/) to block websites and advertisers from tracking journalists online. Once again, this only works if journalists are allowed to install browser extensions.
 - Avoid using public computers, including at press events. These computers may be infected with malware or spyware.
 - Consider using a separate computer for sensitive research. This will help compartmentalise data so that, if the device is infected, the attacker will have limited access to content.
 - Journalists carrying out research on online groups who need to sign up to forums or chat rooms should create a new email address specifically for that. The email address should contain no personal data that could identify the journalists and when registering the account, the journalist should not link it to any of their personal data, for example their phone number. It is recommended that the journalist seek the support of a digital safety professional for assistance.
-- Journalists carrying out highly sensitive research may want to use the [Tor browser](https://www.torproject.org/download/). It is recommended that they seek the guidance of a digital security expert before doing so. They should also be aware of the law in their country regarding the use of Tor.
+- Journalists carrying out highly sensitive research may want to use the [Tor Browser](https://www.torproject.org/download/). It is recommended that they seek the guidance of a digital security expert before doing so. They should also be aware of the law in their country regarding the use of Tor.
 
 _Data and companies_
 

content/license/license-and-credits.md

@@ -26,4 +26,4 @@ There exists a beautiful world in which thoughts about dinners, meadows, and mou
 
 Ashley Fowler, Senior Manager of Internet Freedom & Resilience, Internews
 
-Łukasz Król, Journalist Security Specialist, Internews
+Łukasz Król, Senior Journalist Security Specialist, Internews