One of the more useful attributes of the new commenting system Gawker is launching today is the ability to use "Burner" accounts to anonymously comment and post photos on the site. As such, Burners are a handy way to leak information to us, and to the world, in relatively low-risk manner. Here are some other tips.
As you may have noticed lately, leaking information about your employer is an inherently risky proposition, even if your aim isn't to hold on to your job but to go out with a bang. There is virtually no completely safe way to transmit sensitive information to us, or any other news outlet. But there are some standard operational security measures you can take to make it harder for employers and law enforcement investigators to a) find out who you are, and b) gather the evidence necessary to successfully bring civil or criminal sanctions against you even if they do discover your identity. Many of them were helpfully assembled by Wired two weeks ago; with the advice of internet security and privacy expert Christopher Soghoian I've collected a few more below.
An overarching thought: If you want to provide information to us, you should operate with two different perspectives in mind—the investigator trying to identify you, and the investigator who already knows who you are but is trying to prove that you are behind the leaks. Setting up a dummy email account that's not associated with you is a wise step to throw off the former. But if you retain that dummy account's login and password information in the browser on your laptop or mobile phone, it is useless against anyone who has the power to seize and inspect your belongings with a search warrant. It's wise to proceed on the assumption that your antagonists will eventually have full access to your private devices—the key is to make those devices useless to them. With that in mind:
Don't tell us who you are. We routinely grant anonymity to our sources, and we are men and women of our word. We will vigorously reject any attempt to compel us to reveal sources, and New York has a robust shield law making it very difficult for law enforcement to pry that information from us. But there is no federal shield law, and even though I like to imagine that I will go to jail on a contempt charge Judy Miller-style if it ever came to that, it's impossible to know how you would respond to such a situation until the screws are put to you. As Soghoian put it, "You shouldn't have to rely on a journalist going to jail to keep you anonymous." Of course, in order to use or verify the information you are offering and to weed out hoaxes, we will often need to know your identity. So refusing to tell us who you are might mean we don't use your information. But if we can independently verify what you're presenting, then it's safest to hide your identity from us.
Don't read Gawker. Kidding! Read Gawker. But if you've ever read Gawker on your work computer, think twice before leaking to us. "If your morning routine is to read the New York Times at work with your coffee, then leak whatever you have to the Wall Street Journal or some other paper," Soghoian says. Employers can fairly easily use browser logs and histories to zero in on all the regular Gawker readers in the office. And deleting cookies or your history won't help, because there are generally various routers and other devices between your computer and the internet that have already recorded your visits.
Don't Use Your Work Computer. For anything. At all. Never, ever use your work computer. Ever. But you're only sending us an email from a dummy Gmail account, you say? Ask LD Beghtol—a former Village Voice designer who was fired after his bosses saw him using Gmail and Gchat to look for other work and complain about his job because they were monitoring his screen—how safe that is. Don't use your work's network either—if you're using your iPhone to communicate with us from your office supply room, for example, use the 3G network and not the work WiFi.
Create a Dummy, Untraceable Email Account. Gmail is fine for this. Use it only on devices that you own, or on public computer terminals. Make sure it has its own unique password that's different from any of your other passwords. Never store any information about this account on any of your devices. Don't install it as an email account on your iPhone. Don't let your browser remember the password. Use your browser's "Private Browsing" setting before accessing the account. The idea is that if an investigator seized your computer or phone, he or she would find no connection between you and the account.
Update (August 2014): Gawker's main tip line, email@example.com, now has a PGP public key, which supplies another layer of privacy. You get our key here, and read more about protecting yourself with PGP here.
Don't Leak Any Electronic Documents. If you have a salacious memo in PDF form, don't email it to us. Print it out (but be careful—the printing can be logged) and take it to a FedEx Kinko's. Scan it in and email the scan from a public computer terminal. Be sure to pay for the scan and the computer time in cash. Alternatively, as Wired advises, you could use your phone to snap a photo of the document on your computer screen and email it to us. If you do, delete the photo and the email immediately afterward. And remember: Your service provider has a complete list of everywhere you've been and every IP address your phone has visited. In fact, turn your phone off before you get near the Kinko's and wait until you're a significant distance away before you turn it back on.
Beware Metadata. If you send us a photo, we will make sure it is scrubbed of EXIF data—which contains all manner of information that could help identify who took it, including the GPS coordinates where the picture was taken—before we post it. But it's safest to scrub it yourself. One easy way to do this is to take a screengrab of the image and delete the original. Whatever you do, don't post a photo taken with your phone directly to Gawker, Twitter, or any other web site unless you are fully prepared for everyone to know where and when it was taken. One Anonymous hacker learned that lesson the hard way earlier this month when he was arrested in part on the strength of evidence gleaned from a photo of a women he posted to his anonymous Twitter account. The EXIF data showed that it was taken at the suspect's girlfriend's house. It's not just photos—all manner of digital documents, from text files to movies, contain varying amounts of metadata that could easily help identify their provenance. Strip them out.
Use Tor. Tor is a software bundle that makes it impossible for your computer's IP address to be tracked back to you. The only downside is that it slows down your internet connection considerably. The upside is that it's free and you can switch it on and off, so you can enable it only while you are in the midst of your mischief and turn it off while you browse. Another alternative is a virtual private network, or VPN. Basically, you rent a remote computer to route all your internet traffic through. It that computer is, like those operated by the hosting firm PRQ, located in Sweden and owned by radical anti-copyright and internet freedom activists, your level of protection is fairly high—your IP address shows up as a PRQ-owned computer in Sweden, and that's where the trail will end. VPN's usually cost $15 or so a month, depending on the services you order.
Don't Talk on the Phone. The minute you make a phone call using your phone, you're creating an easily accessible record of contact between you and your leakee. The safest way to make phone contact, if you must, is for the reporter to buy two prepaid cell phones, write down both numbers, and send one of them to the source. (Make sure not to turn the disposable phone on near your office or home. If you do, and if investigators become aware of the phone, they could use geo-tracking data from the phone company to associate the number with you.) Alternatively, you could establish a dummy Skype account, taking care that you use your dummy Gmail account as the associated email address. Make sure that you use a unique password that's not duplicated from any other accounts associated with you, don't save your log-in information locally on your computer, and never use the account from an IP address that could be associated with your work or home computers.
Use a Gawker Burner. Burner accounts are 100% anonymous. We do not record or retain the IP address that opened any particular account. We don't know who you are, and if we were subpoenaed by a law enforcement organization, we'd have no way to tell them who you are.
Update (August 2014): As of 2014, Gawker flushes all IP addresses for Burner accounts immediately. However it is still a very good idea to use Tor if you are concerned about publishing information that could result in a subpoena. To collect analytics data and supply banner advertisements, Gawker's site connects to several other companies' servers, which may track IP addresses and could, in theory, be subject to a subpoena. We trust all these companies enough to do business with them, but it's best to be as safe as possible.
Hand Delivery. We'd love to meet you! We know of some dark bars. Make sure no one followed you.
U.S. Mail. We do get letters. The old-fashioned postal way is very, very hard to crack. Think of the Unabomber or Anthrax Killer. Send your dirt to:
210 Elizabeth St.
New York, NY 10012
The above suggestions are offered with a worst-case scenario in mind. It is highly unlikely that you will actually need that level of security. Most people interested in providing us with information will be able to do so without worrying that their employer will scrutinize browsing history, let alone spark a criminal investigation. Most tipsters need only cover their tracks with an anonymous email address and perhaps the precaution that we speak only via cell phone. But you never know when the hammer is going to come down, and it's best to be aware of the digital footprints we leave behind.
I'm sure you all have many, many more tips. Let us know in comments.
This article was updated in August 2014 to include the most up-to-date information about Gawker's platform security and confidentiality, and to add a link to Gawker's tipline PGP key.