Start Here: 5 Tools Every Journalist Needs
Published April 2026 · Last updated April 2026
Install these 5 tools today. Everything else can wait. This is the minimum viable security setup for any journalist — freelance, staff, student, or hobbyist. Total setup time: about 30 minutes.
1. Signal — encrypted messaging
Signal Signal Foundation (nonprofit) · Free
Signal is end-to-end encrypted by default. The Signal Foundation collects only your phone number — no contacts, no message content, no metadata about who you talk to or when. It is the standard recommendation of the Committee to Protect Journalists, Reporters Without Borders, and the Freedom of the Press Foundation.
Install it on your phone and desktop. Enable disappearing messages (set to 1 week as a default). Use it for all source communication. Stop using SMS for anything work-related.
2. Password manager — 1Password or Bitwarden
1Password $3/month or Bitwarden Free (open-source)
Reused passwords are the number one way journalists get compromised. A password manager generates a unique random password for every account and stores them behind one master password. The 2023 Verizon DBIR found that 86% of web application breaches involved stolen credentials.
Pick one and import your browser's saved passwords. Then change any passwords you have reused across sites. Start with email, social media, and cloud storage.
3. uBlock Origin — browser protection
uBlock Origin Free · Open-source
uBlock Origin blocks ads, trackers, and malicious scripts in your browser. This is not about convenience — malvertising (malware delivered through ad networks) is a real attack vector. In 2024, researchers documented malvertising campaigns targeting news sites specifically.
Install it in Firefox or Chrome. The default settings are strong out of the box. No configuration needed.
4. Proton Mail — encrypted email
Proton Mail Proton AG (Switzerland) · Free tier + $4/month Plus
Proton Mail uses zero-access encryption. Proton cannot read your stored email even under a court order. Based in Switzerland, outside the Five Eyes and Fourteen Eyes surveillance alliances. The free tier includes 1 GB of storage and a proton.me address.
Create a Proton Mail account for source communication. You do not need to move your entire email life to Proton. Use it specifically for conversations where confidentiality matters.
5. Obsidian or Standard Notes — secure notes
Obsidian Free for personal use · Local-first or Standard Notes Free tier · End-to-end encrypted sync
Your notes contain source names, story leads, and unpublished information. Google Docs, Apple Notes, and Notion store that data on company servers accessible by subpoena. Obsidian stores notes as local files on your machine — nothing leaves your device unless you choose to sync. Standard Notes encrypts everything end-to-end, including on their servers.
Obsidian is better if you want local-only storage. Standard Notes is better if you need encrypted sync across devices. Both are free.
What to do next
These 5 tools cover the baseline. Once they are installed and you are using them daily, move to the next level.
- Digital security checklist — the full progression from baseline to high-risk protection.
- Security by threat level — complete toolkits organized by risk level.
- Best VPN for journalists — why you need one and which to choose.
Frequently asked questions
Do I really need all 5 of these tools?
Yes. Each one covers a distinct vulnerability — passwords, messaging, email, browser tracking, and notes. Skipping any one leaves a gap that is trivially exploitable. The whole list takes under 30 minutes to set up.
Is this enough to protect my sources?
These 5 tools cover the baseline. If you are working with confidential sources or sensitive documents, you need more — see our Security by Threat Level guide for the next steps. But this baseline stops the most common attacks: credential theft, unencrypted messaging, and browser tracking.
Should I use 1Password or Bitwarden?
Both are strong choices. 1Password costs $3/month and has a polished interface. Bitwarden is free and open-source. If budget is a factor, use Bitwarden. If you want the smoothest setup experience, use 1Password. Either one is vastly better than reusing passwords or storing them in a browser.
Why Proton Mail instead of Gmail?
Proton Mail uses zero-access encryption — Proton cannot read your email, even if compelled by a court order. Gmail scans your email for ads and can be compelled to hand over contents. For journalism, the difference matters when communicating with sources.
What should I install after these 5?
A VPN (Mullvad or Proton VPN), two-factor authentication (a hardware key like YubiKey or an app like Aegis), and encrypted file storage (Tresorit or Proton Drive). Our digital security checklist covers the full progression.