One of the founding principles of The Intercept is that whistleblowing is vital to holding powerful institutions accountable; in fact, we were launched in part as a platform for journalism arising from unauthorized disclosures by NSA contractor Edward Snowden. We are strongly committed to publishing stories based on leaked material when that material is newsworthy and serves the public interest.
So whether you are in government or the private sector, if you become aware of behavior that you believe is unethical, illegal, or damaging to the public interest, consider sharing your information securely with us.
We’ve taken steps to make sure that people can leak to us as safely as possible. Our newsroom is staffed by reporters who have extensive experience working with whistleblowers, as well as some of the world’s foremost internet security specialists. Our pioneering use of the SecureDrop platform enables you to communicate with our reporters and send documents to us anonymously.
Access journalism — where reporters treat business and government officials as arbiters of truth — is a discredited model. Whistleblower-based journalism is far better suited to the challenges facing the press and the public today.
How to proceed
If you choose to share your information with us, there are key steps you can take to increase your safety.
The best option is to use our SecureDrop server, which has the advantage of allowing us to send messages back to you, while allowing you to remain totally anonymous — even to us, if that is what you prefer.
Begin by bringing your personal computer to a Wi-Fi network that isn’t associated with you or your employer, like one at a coffee shop. Download the Tor Browser. (Tor allows you to go online while concealing your IP address from the websites you visit.)
You can access our SecureDrop server by going to https://y6xjgkgwj47us5ca.onion/ in the Tor Browser. This is a special kind of URL that only works in Tor. Do NOT type this URL into a non-Tor Browser. It won’t work — and it will leave a record.
If that is too complicated, or you don’t wish to engage in back-and-forth communication with us, a perfectly good alternative is to simply send mail to:
P.O. Box 65679
Washington, D.C., 20035
114 Fifth Avenue, 18th Floor
New York, New York, 10011
Drop it in a mailbox (do not send it from home, work or a post office) with no return address.
You can also reach us using Signal, a secure voice and messaging app, at 202-802-0482. You can download Signal for Android or iPhone. After installing it on your mobile device and registering your phone number, you can also choose to install the desktop version on your computer.
Here’s how to contact us securely using Signal:
On your Android phone, open the Signal app, tap the pen icon in the bottom right to start a new message, type our phone number, 202-802-0482. From there, you can send us an encrypted Signal message.
On your iPhone, you first have to add our phone number to your contacts. Open the phone’s Settings app, scroll down to iCloud, and make sure syncing Contacts is turned off (feel free to turn it back on later). Then open the Phone app, switch to the Contacts tab, and add a new contact with the phone number 202-802-0482. Open the Signal app, tap the pen icon in the top right to start a new message, and select the contact you just added. From there, you can send us an encrypted Signal message. Once you’ve sent it, go back into your Phone app and delete the contact you created for us.
You can also follow this guide to help lock down your phone and make sure your what happens in your Signal app is more private.
If you’d like to submit tips to us and your anonymity isn’t important, you can email firstname.lastname@example.org.
If you’d like to email us and you use PGP encryption, you can find every journalist’s PGP public key on their staff profile page.
What not to do if you want to remain anonymous
Don’t contact us from work. Most corporate and government networks log traffic. Even if you’re using Tor, being the only Tor user at work could make you stand out.
Don’t email us, call us, or contact us on social media. From the standpoint of someone investigating a leak, who you communicate with, and when, is all it takes to make you a prime suspect.
Don’t tell anyone that you’re a source.
Other things to think about
Before deciding to bring your story to a journalist, you might want to consult an attorney to better understand the risks. If you do, be careful not to write any details in emails, and try to discuss everything face to face.
If you are thinking about leaking particularly sensitive documents, consider these additional tips:
Be aware of your habits. If you have access to secret information that has been published, your activities on the internet are likely to come under scrutiny, including what sites (such as The Intercept) you have visited or shared to social media. Make sure you’re aware of this before leaking to us, and adjust your habits as needed well before you decide to become our source. Tools like Tor (see above) can help protect the anonymity of your surfing.
Compartmentalize. Keep your whistleblowing activity as separate as possible from the rest of what you do. Don’t use your normal accounts that are connected to you. Instead, make new accounts for this purpose, and don’t log in to them from networks you normally connect to.
Sanitize. Make sure to clean up after yourself as best as you can. Make sure you don’t leave traces related to whistleblowing lying around your personal or work computer (in your Documents folder, in your web browser history, etc.). If you realize you did a Google search related to whistleblowing while logged into your Google account, delete your search history. Consider keeping all related files on an encrypted USB stick rather than on your computer, and only plug it in when you need to work with them.
Consider using a completely separate computer or operating system for all of your whistleblowing activity so that a forensics search of your normal computer won’t reveal anything. Even if you’re using the Tor browser, for instance, if someone has hacked into your computer, they’ll be able to spy on everything you do. Tails is a separate operating system that you can install on a USB stick and boot your computer to. Tails is engineered to leave no traces behind. It’s not intuitive to use, but if you’re risking a lot, it’s probably worth the effort. You can find instructions for downloading and installing Tails here.
At The Intercept, our editors and reporters are committed to high-impact reporting based on newsworthy material. If we decide to go forward with a story, we will have a discussion with you about what risks of retaliation you might face and whether you want to remain anonymous. We will be explicit with you about the parameters of our agreement to protect your anonymity, and we will honor our commitments.
Becoming a whistleblower carries risks, but they can be minimized if you’re careful. And sometimes it’s the right thing to do.