If this is your first time using The Intercept’s SecureDrop server, read this page carefully first. For more detailed operational security advice, read the How to Leak to The Intercept blog post.
The Intercept is serious about protecting our sources. With our SecureDrop server, you can share messages and files with our journalists in a way that should help you remain secure and anonymous, even from us. Messages and files that you send to us will be encrypted.
How to Use The Intercept’s SecureDrop Server
Everything you do on the Internet leaves trails. Before following these instructions, go to a public wifi network, such as at a coffee shop that you don’t normally frequent, and follow them from there. Or connect to a VPN.
- Download and install the Tor Browser Bundle from https://www.torproject.org/.
- Open the Tor Browser and copy and paste this into the address bar: https://y6xjgkgwj47us5ca.onion/
- Follow the instructions to send us information. You will be given a codename that you can use to log back in and check for responses in the future.
Don’t access our SecureDrop server from your home or office. If you wish to ensure maximum privacy, use the Tails operating system instead of the Tor Browser.
Our SecureDrop servers are under the physical control of The Intercept‘s staff. When you interact with our SecureDrop servers, we don’t log any information about your IP address, web browser, or operating system, nor do we deliver persistent cookies to your browser. When you use Tor to connect to our SecureDrop server, your connection is encrypted. Using the Tor network helps mask your activity from anyone that is monitoring your Internet connection, and it helps mask your identity from anyone monitoring our Internet connection.
When you send messages or upload files to this server, these messages and files are stored encrypted. Journalists at The Intercept store the encryption keys on air-gapped computers that never connect to the Internet. Even if our SecureDrop server got hacked or the physical hardware got confiscated, the messages and files you have submitted previously should still be shielded from the attacker.
However, no system is 100% secure, so we cannot absolutely guarantee your security. SecureDrop is regularly audited by independent security experts, but like all software, it could have security bugs that could be exploited by attackers.
If the computer you are using to submit documents is already compromised, any activities, including communications through SecureDrop, could be compromised as well.
Ultimately, you use the service at your own risk.