Want to whistleblow?

Back to Contact page

Leave no trace

Our duty and determination is that people who help journalists to help protect the public interest require the best protection that we can provide, professionally and technically.

 

Making contact and establishing trust is essential.  We explain below the best ways to do this that avoid leaving traces for others to discover later.

 

Getting in touch does not need 007 stuff or high-tech cleverness, just care, commonsense and caution before you act.

 

By email

You will need an email address that has never been associated with you and which never will be associated with you.   You need to set it up from a computer that has no link to you.  Do not use a computer, house or office network that you normally use.

 

Generally, it is best to sign up for a Hotmail, Gmail or Hushmail account.   Only use this to make contact with one of our team and so that we respond.   Ideally you will have a phone that we can call back (using a computer service to conceal records of the communication).    A message such as “call me Jake/Jane, you can call me securely on this mobile number, I have information/a story/ documents”) will do.

 

Do not use your real name or any other identifiable information when registering the email account.

 

Never access the special email from home or work - use an internet café or library.  

 

Normally, unless you work in an area of high security and government interest, using public wifi may be safe.

 

You cannot reliably hide your electronic location, or IP address, from the network, although you can hide it from us and anyone who may be monitoring us.  You can do this by using the Tor service, or another anonymiser service. owever, HHdasoknsHowever, these tools could attract attention if you do so from places which may be monitored.   

 

By phone

Do not use a mobile phone instrument that you have used before, even if you only put in a Pay As You Go SIM card.   The less smart the phone you use, the better.  Buying an ancient phone from a car boot sale or the like is the best advice we can give.   

 

If you need to contact us by phone, never to use your own landline, mobile phone or any work phone - even mobile phones issued to you by your employer.

 

Using ‘141’ “conceal my number” isn’t enough.  The number is recorded anyway.

 

Pay-as-you-go sim cards and phones can be purchased from local shops for a few pounds; do not register the sim, never give out the number and use it only for contacting ‘Whistleblowers UK.’ Alternatively, you can use public phones.

 

 

After you make first contact: 

Myself or a trusted member of my team can then discuss with you appropriate arrangements for meeting in person, or for sending documents electronically (or even as paper!)  We would normally select and recommend an appropriate medium and method – which might be Tor, Hushmail, Skype, PGP, an anonymised cloud service, an encrypted private network, or whatever would best fit your case and needs.

 

  • To encrypt larger files and drives, there are a number of free open-source programmes available. Truecrypt, available free on the Internet is well established and robust. We strongly suggest using Truecrypt <http://www.truecrypt.org/>

 

  • The programme is free to download and is simple to use, so long as you follow the instructions. It allows you to create ‘encrypted volumes’ on hard drives, external storage devices and even USB pen sticks.  Again, any encrypted devices with require a key, or passphrase, which will have to be communicated afterwards.

 

  • Hushmail provides free email accounts that allow the user to send encrypted emails and attachments up to 30MB.

 

  • A system of encryption PGP has many advantages.  You may have heard of it.  However it is complex to use, even for government officials or police who are trained to manage things;

 

  • Except for PGP encrypting email or documents to drop will require sharing secrets which have to be communicated separately.   If your material is especially sensitive, we would advised dropping it first, then establishing direct communications to discuss how securely to pass the key

 

Always ensure that any passwords/phrases are memorable, but not personal. And remember: if you forget the key/password, there is no way to decrypt the files!

 

You will need to communicate this secret password/phrase to us separately, again without using your own email or phone.

 

It is important to remember that you should never tell anyone that you intend to, or have communicated information to a journalist or unauthorised person.  Especially if your particular situation involves increased sensitivity or risk. We would recommend that you call or email us using the advice above and we can accommodate and guide you from the beginning.

 

twitter
facebook