SecureDrop for Sources

Note

This guide provides an introduction to using SecureDrop as a source. It is not exhaustive, it does not address ethical or legal dimensions of whistleblowing, and it does not speak to other methods for confidentially communicating with journalists. Please proceed at your own risk. For additional background, also see the Freedom of the Press Foundation guide, How to Share Sensitive Leaks With the Press.

Warning

Freedom of the Press Foundation has no access to any other organization’s SecureDrop instance, and cannot assist directly in your communications with them. If you plan to use SecureDrop to maintain your anonymity, you should not discuss your own use of it with others via unsafe methods, including email to Freedom of the Press Foundation.

What is SecureDrop?

SecureDrop is a tool that news organizations and NGOs use that enables secure and anonymous communication between whistleblowers and journalists. No personal information is collected; information submitted to SecureDrop is encrypted, and SecureDrop is not a “cloud” service. If you don’t have sensitive information to send to a news organization, it may be okay to use a traditional methods such as phone or email when reaching out.

SecureDrop can accept both messages and individual file uploads (up to 500MB). If you have multiple files to submit, you may do that. As a source, you can also return to receive follow-up correspondence with an organization, or to send additional information. Dozens of news organizations — from ProPublica to The New York Times — use SecureDrop to accept tips securely and anonymously.

To truly protect your anonymity, it is important for you to take some extra precautions in advance. This resource will describe things you can do to help protect your anonymity when using SecureDrop. Note that your Internet Service Provider, or ISP (e.g., Comcast/Xfinity, Cox, Wave, etc), may already have a record of your visit to this website, docs.securedrop.org.

Before you begin…

  • DO NOT access SecureDrop on your employer’s network.

  • DO NOT access SecureDrop using your employer’s hardware.

  • DO NOT access SecureDrop on your home internet network.

  • DO carefully read the remaining instructions, that will carefully step-through the reasons why we advise the above, and provide guidance to minimize risk when using SecureDrop.