Whistleblowing is vital to holding powerful institutions accountable; whether you are in the government or the private sector, if you become aware of behavior that you believe is unethical, illegal, or damaging to the public interest, it’s important to consider sharing your information securely so as to minimize your risk of exposure.
Below are guidelines for whistleblowers seeking to communicate with me. What method you should use depends on your personal circumstances, the type of information you are sharing and the level of risk it entails.
SIGNAL
Another good option for sharing information is to contact us on Signal, a secure voice and messaging app. You can download Signal for Android or iPhone.
Using Signal to reach us is pretty easy. Here’s how:
Open the Signal app and tap the pen icon (in the top-right on an iPhone, in the bottom-right on Android) to start a new message. Type my phone number in the search box, 561-779-3985. From there, you can send us an encrypted Signal message.
Follow this guide to help lock down your phone and make sure what happens in your Signal app is more private.
If you use your phone to send me a message or call me on Signal, I will learn your phone number. It is always better for our reporting process to know a source’s identity, but we can agree to keep it confidential. The Signal service will also know that you contacted us, but they promise to never log this metadata.
If you have no reason to be concerned about anyone knowing that you are a source, you can reach our journalists by email, either by contacting a reporter individually or submitting tips at a.sheen@arielsheen.com.
If you want to, you can send your email using PGP encryption but keep in mind that there will still be metadata created by your communication with us, because your email server will record the exchange.
What Not To Do If You Want to Remain Anonymous
Don’t contact me from work.
Most corporate and government networks log traffic. Even if you’re using Tor, being the only Tor user at work could make you stand out.
Don’t email me, call me, or contact me on social media.
From the standpoint of someone investigating a leak, who you communicate with, and when, is all it takes to make you a prime suspect.
Don’t tell anyone that you’re a source.
Other Things To Think About
Before deciding to share your story with me, you might want to consider consulting an attorney to better understand your options and risks. If you do decide to contact an attorney, try to discuss everything face to face and be careful not to write any details in emails.
If you are thinking about providing me with particularly sensitive documents, consider these additional tips:
If you have had access to secret information that has been published, your activities on the external internet are likely to come under scrutiny, including what websites you have visited or shared to social media.
Make sure you consider that investigators may also examine logs of your activity on internal networks at your workplace.Be aware of this before sending information to me, and adjust your habits as needed well before you decide to become a source. Tools like Tor can help protect the anonymity of your surfing.
Keep your whistleblowing activity as separate as possible from the rest of what you do. Do not tell anyone and compartmentalize as much as possible. Don’t use accounts that are already connected to you. Instead, make new accounts for this purpose, and don’t log in to them from networks you normally connect to.
Make sure to clean up after yourself as best as you can. Avoid leaving traces related to whistleblowing lying around your personal or work computer (in your Documents folder, in your web browser history, etc.). If you realize you did a Google search related to whistleblowing while logged into your Google account, delete your search history. Consider keeping all related files on an encrypted USB stick rather than on your computer, and only plug it in when you need to work with them.
Consider using a completely separate computer or operating system for all of your whistleblowing activity so that a forensics search of your normal computer won’t reveal anything. Even if you’re using the Tor browser, for instance, if someone has hacked into your computer, they’ll be able to spy on everything you do. Tails is a separate operating system that you can install on a USB stick and boot your computer to. Tails is engineered to leave no traces behind. It’s not intuitive to use, but if you’re risking a lot, it’s probably worth the effort. You can find instructions for downloading and installing Tails here.
It is important to understand that no communication method is guaranteed to be completely secure. Becoming a whistleblower carries risks, but they can be minimized if you’re careful, and sometimes it’s the right thing to do.