Before You Submit
What NOT to Do
DO NOT access SecureDrop on your employer’s network.
DO NOT access SecureDrop using your employer’s hardware.
DO NOT access SecureDrop on your home internet network.
Suggested Devices for Using SecureDrop
When sensitive disclosures such as government improprieties are involved, we suggest you buy a new computer and at least one new USB flash drive. You should only use cash to make those purchases.
Many time-saving features of computers and phones can easily compromise your anonymity: bookmarks, recommendations, synchronization features, shortcuts to frequently opened files, etc. Those reasons and more are why using a dedicated computer for whistleblowing activities can be safer.
To build an even stronger buffer for yourself, we recommend booting the computer into the Tails operating system (typically from a USB stick). Tails is specifically designed to run on your computer without leaving traces of your activity. This may take some additional technical steps, but it is safer and fairly simple to get started. Even if you choose to use a dedicated computer for SecureDrop that will never be used for anything else, Tails will help to avoid leaving traces of your activity on the computer’s hard disk, in your ISP’s logs, or on cloud services.
Choose the Right Location
Find a busy cafe you don’t regularly go to and sit at a place with your back to a wall to avoid cameras capturing information on your screen or keystrokes. Be sure to also make any purchases while there (WiFi, tea, snacks) or on your way to the cafe (bus, train, gas) with cash.
Use Tor Browser
Each SecureDrop may only be reached through the Tor Browser. SecureDrop pages are only available as onion services—encrypted web pages that end in “.onion,” and only the Tor browser is able to open these pages.
Tor is an anonymizing network that makes it difficult for anybody observing the network to associate a user’s identity (e.g., the computer’s IP address) with their activity. Tor Browser can be downloaded from the Tor Project’s website. Tor Browser is a modified version of the Firefox web browser that also includes features protect your security and anonymity. If there is a chance that visiting the Tor Project’s website to download Tor Browser might raise suspicion, you have a couple of alternatives:
If your mail provider is less likely to be monitored, you can send a mail to gettor@torproject.org with the text “linux”, “windows” or “osx” in the body (for your preferred operating system) and a bot will answer with instructions.
You can request to receive the Tor Browser bundle via the @GetTor_bot on Telegram.
While using Tor Browser on your personal computer helps hide your activity on the network, it will leave traces of its own installation on your local machine. Most operating systems keep logs, for example, any time an application is used. The sensitivity of the information you share and the capabilities of those who may not want you to share that information, should be considered when making these decisions.
Important
Tor protects your anonymity, but third parties who can monitor your network traffic can detect that you are using Tor. They may even be able to do so long after your browser session, using network activity logs. This is why we recommend using Tor Browser from a cafe you do not visit regularly.
Choose Who to Submit To
We recommend conducting all research related to your submission in Tor Browser. If you are unsure whether you are using Tor, you can visit the address https://check.torproject.org.
All organizations operating SecureDrop have a landing page that provides their own organization-specific recommendations for using SecureDrop. We encourage you to consider an organization’s landing page before submitting to them.
Note
Each SecureDrop instance is operated and administered independently by the organization you are submitting to. Only the journalists associated with that organization can see your submissions.
Most organizations make their SecureDrop prominently accessible from their main website’s homepage (for news organizations, typically under sections called “Tips” or “Contact us”). You can also find an incomplete list of organizations accepting submissions through SecureDrop in the SecureDrop Directory maintained by Freedom of the Press Foundation.
Using Tor Browser, find the “.onion” address for the SecureDrop for the organization that you wish to submit to.
Tip
If the organization does have an entry in the SecureDrop Directory, we recommend comparing the address of the entry with the one on the organization’s own SecureDrop landing page.
If the two addresses don’t match, please do not submit to this organization yet. Instead, please contact us through the SecureDrop website, using Tor Browser. For additional security, you can use our .onion service address in Tor:
sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion/report-an-error
We will update the directory entry if the information in it is incorrect.
Once you have located the “.onion” address, copy it into the address bar in Tor Browser to visit the organization’s SecureDrop.