Martin

@mshelton
2.3K Followers
495 Following
334 Posts

Security therapist. Deputy Director of Digital Security @freedomofpress. Journalism, digital security, research.

If you want to get security news and updates from our team somewhere that's not Twitter, subscribe to the newsletter: https://freedom.press/newsletters/

Websitehttps://mshelt.onl/
freedom.presshttps://freedom.press/people/martin-shelton/
Digital security newsletterhttps://freedom.press/newsletters/
PronounsHe/him
Martin8h ago
I'm a bit late to the game on this one. But I work with a lot of journalists who use CapCut for video editing and their terms of service says you are giving them an "unconditional, irrevocable, non-exclusive, royalty-free, fully transferable (including sub-licensable), perpetual, worldwide license" to use your content and… I have to imagine most journalists are not aware of that. https://www.capcut.com/clause/terms-of-service
CapCut Terms of Service

Martin4d ago

Just a reminder, when federal actors want cell site location information, they usually need a warrant. On the other hand, they simply purchase the data from commercially available services that don't require a warrant.

Come on. What are we doing here? https://www.politico.com/news/2026/03/18/fbi-buying-data-track-people-patel-00834080

FBI is buying data that can be used to track people, Patel says

This is the first confirmation that the FBI has resumed actively buying people's data for investigations.

Politico
MartinMar 14
It takes engineering hours to remove a feature. Even if few people use it, why go out of your way to remove it? Meta’s hurting its users. And for what? https://www.theverge.com/tech/894752/instagram-end-to-end-encryption
Instagram is getting rid of end-to-end encrypted DMs that ‘very few’ people used

Starting on May 8th, Instagram will no longer offer end-to-end encrypted messages.

The Verge
MartinMar 13
MartinMar 12
Well I got all bent out of shape about Proton Mail. There are valid use cases for these tools but users should know what the service can and can't protect. https://freedom.press/digisec/blog/proton-mail-is-not-for-anonymity/
Proton Mail is not for anonymity

A recent story of a Proton Mail user unmasked for Swiss authorities highlights what the company can and can’t protect

Freedom of the Press
MartinMar 13
Show threadMartinMar 12
Signal's recent disclosure of how little it could share in response to a grand jury subpoena is pretty telling. Its defaults are very strong. But if you want to go further, we have a guide on really how to really maximize its privacy settings. https://freedom.press/digisec/blog/locking-down-signal/
Locking down Signal

Also available in Spanish.

Freedom of the Press
MartinMar 12
Well I got all bent out of shape about Proton Mail. There are valid use cases for these tools but users should know what the service can and can't protect. https://freedom.press/digisec/blog/proton-mail-is-not-for-anonymity/
Proton Mail is not for anonymity

A recent story of a Proton Mail user unmasked for Swiss authorities highlights what the company can and can’t protect

Freedom of the Press
Show threadMartinMar 12
Signal's recent disclosure of how little it could share in response to a grand jury subpoena is pretty telling. Its defaults are very strong. But if you want to go further, we have a guide on really how to really maximize its privacy settings. https://freedom.press/digisec/blog/locking-down-signal/
Locking down Signal

Also available in Spanish.

Freedom of the Press
MartinMar 12
LAURENMar 12

RE: https://mastodon.social/@mshelton/116214301513839946

This is the way

MartinMar 12
Signal recently released another grand jury subpoena which, as always, basically had nothing interesting to turn over in response. For the requested phone numbers they could only provide the account creation timestamp. https://signal.org/bigbrother/district-of-columbia/
Grand jury subpoena for Signal user data in the United States District Court for the District of Columbia

Signal end-to-end encrypts both content and metadata by default far beyond most of our peers. Our aim is to have access to as close to no data as possible, meaning that we have a fraction of the personal information compared to the average communications service. We simply don’t have access to th...

Signal Messenger
Show threadMartinMar 5

About five years ago we learned that Proton shared the IP address associated with a French climate activist with Swiss police, who passed it along to French police.

Again, Proton is not for anonymity. https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

ProtonMail logged IP address of French activist after order by Swiss authorities | TechCrunch

ProtonMail, a hosted email service with a focus on end-to-end encrypted communications, has been facing criticism after a police report showed that French

TechCrunch