One of the more useful attributes of the new commenting system Gawker is launching today is the ability to use "Burner" accounts to anonymously comment and post photos on the site. As such, Burners are a handy way to leak information to us, and to the world, in relatively low-risk manner. Here are some other tips.
As you may have noticed lately, leaking information about your employer is an inherently risky proposition, even if your aim isn't to hold on to your job but to go out with a bang. There is virtually no completely safe way to transmit sensitive information to us, or any other news outlet. But there are some standard operational security measures you can take to make it harder for employers and law enforcement investigators to a) find out who you are, and b) gather the evidence necessary to successfully bring civil or criminal sanctions against you even if they do discover your identity. Many of them were helpfully assembled by Wired two weeks ago; with the advice of internet security and privacy expert Christopher Soghoian I've collected a few more below.
An overarching thought: If you want to provide information to us, you should operate with two different perspectives in mind—the investigator trying to identify you, and the investigator who already knows who you are but is trying to prove that you are behind the leaks. Setting up a dummy email account that's not associated with you is a wise step to throw off the former. But if you retain that dummy account's login and password information in the browser on your laptop or mobile phone, it is useless against anyone who has the power to seize and inspect your belongings with a search warrant. It's wise to proceed on the assumption that your antagonists will eventually have full access to your private devices—the key is to make those devices useless to them. With that in mind:
Don't tell us who you are. We routinely grant anonymity to our sources, and we are men and women of our word. We will vigorously reject any attempt to compel us to reveal sources, and New York has a robust shield law making it very difficult for law enforcement to pry that information from us. But there is no federal shield law, and even though I like to imagine that I will go to jail on a contempt charge Judy Miller-style if it ever came to that, it's impossible to know how you would respond to such a situation until the screws are put to you. As Soghoian put it, "You shouldn't have to rely on a journalist going to jail to keep you anonymous." Of course, in order to use or verify the information you are offering and to weed out hoaxes, we will often need to know your identity. So refusing to tell us who you are might mean we don't use your information. But if we can independently verify what you're presenting, then it's safest to hide your identity from us.
Don't read Gawker. Kidding! Read Gawker. But if you've ever read Gawker on your work computer, think twice before leaking to us. "If your morning routine is to read the New York Times at work with your coffee, then leak whatever you have to the Wall Street Journal or some other paper," Soghoian says. Employers can fairly easily use browser logs and histories to zero in on all the regular Gawker readers in the office. And deleting cookies or your history won't help, because there are generally various routers and other devices between your computer and the internet that have already recorded your visits.
Don't Use Your Work Computer. For anything. At all. Never, ever use your work computer. Ever. But you're only sending us an email from a dummy Gmail account, you say? Ask LD Beghtol—a former Village Voice designer who was fired after his bosses saw him using Gmail and Gchat to look for other work and complain about his job because they were monitoring his screen—how safe that is. Don't use your work's network either—if you're using your iPhone to communicate with us from your office supply room, for example, use the 3G network and not the work WiFi.
Create a Dummy, Untraceable Email Account. Gmail is fine for this. Use it only on devices that you own, or on public computer terminals. Make sure it has its own unique password that's different from any of your other passwords. Never store any information about this account on any of your devices. Don't install it as an email account on your iPhone. Don't let your browser remember the password. Use your browser's "Private Browsing" setting before accessing the account. The idea is that if an investigator seized your computer or phone, he or she would find no connection between you and the account.
Don't Leak Any Electronic Documents. If you have a salacious memo in PDF form, don't email it to us. Print it out (but be careful—the printing can be logged) and take it to a FedEx Kinko's. Scan it in and email the scan from a public computer terminal. Be sure to pay for the scan and the computer time in cash. Alternatively, as Wired advises, you could use your phone to snap a photo of the document on your computer screen and email it to us. If you do, delete the photo and the email immediately afterward. And remember: Your service provider has a complete list of everywhere you've been and every IP address your phone has visited. In fact, turn your phone off before you get near the Kinko's and wait until you're a significant distance away before you turn it back on.
Beware Metadata. If you send us a photo, we will make sure it is scrubbed of EXIF data—which contains all manner of information that could help identify who took it, including the GPS coordinates where the picture was taken—before we post it. But it's safest to scrub it yourself. One easy way to do this is to take a screengrab of the image and delete the original. Whatever you do, don't post a photo taken with your phone directly to Gawker, Twitter, or any other web site unless you are fully prepared for everyone to know where and when it was taken. One Anonymous hacker learned that lesson the hard way earlier this month when he was arrested in part on the strength of evidence gleaned from a photo of a women he posted to his anonymous Twitter account. The EXIF data showed that it was taken at the suspect's girlfriend's house. It's not just photos—all manner of digital documents, from text files to movies, contain varying amounts of metadata that could easily help identify their provenance. Strip them out.
Use Tor. Tor is a software bundle that makes it impossible for your computer's IP address to be tracked back to you. The only downside is that it slows down your internet connection considerably. The upside is that it's free and you can switch it on and off, so you can enable it only while you are in the midst of your mischief and turn it off while you browse. Another alternative is a virtual private network, or VPN. Basically, you rent a remote computer to route all your internet traffic through. It that computer is, like those operated by the hosting firm PRQ, located in Sweden and owned by radical anti-copyright and internet freedom activists, your level of protection is fairly high—your IP address shows up as a PRQ-owned computer in Sweden, and that's where the trail will end. VPN's usually cost $15 or so a month, depending on the services you order.
Don't Talk on the Phone. The minute you make a phone call using your phone, you're creating an easily accessible record of contact between you and your leakee. The safest way to make phone contact, if you must, is for the reporter to buy two prepaid cell phones, write down both numbers, and send one of them to the source. (Make sure not to turn the disposable phone on near your office or home. If you do, and if investigators become aware of the phone, they could use geo-tracking data from the phone company to associate the number with you.) Alternatively, you could establish a dummy Skype account, taking care that you use your dummy Gmail account as the associated email address. Make sure that you use a unique password that's not duplicated from any other accounts associated with you, don't save your log-in information locally on your computer, and never use the account from an IP address that could be associated with your work or home computers.
Use a Gawker Burner. Burner accounts are 100% anonymous. We do not record or retain the IP address that opened any particular account. We don't know who you are, and if we were subpoenaed by a law enforcement organization, we'd have no way to tell them who you are. (We do currently retain logs of the IP addresses that visit the site—but not associated with any particular comments or accounts—for a period of seven days. We're working on getting that down to three days. UPDATE: That was fast. Our tech folks inform me that we now flush our IP logs after three days.) What that means is that you can post anything you like in Gawker comments with an exceedingly low risk of getting tracked down. (Though it is remotely conceivable that a law enforcement agency could subpoena our IP logs before they are flushed—which would be very fast—and, based on what addresses were visiting which pages at the time a particular comment was made, come up with a reasonably short list of suspect addresses. That's why our medium-term goal is to stop logging IP addresses entirely.)
If you don't want to tell the world (or all Gawker readers) about your particular nugget of salacious gossip, you can use the Private Message function with your burner account to contact one of us directly. Just click on one of our names, select "View Profile," and click on "Leave a Message." We will get the message. One important caveat: The way the site is currently configured, these messages cannot be deleted (when you click on "delete," it removes them from your menu of messages, but not from our servers). We're working on changing that. And if you do use a Burner to leak to us, be sure to rid your computer of all cookies from Gawker and to log in with your key fresh each time.
Hand Delivery. We'd love to meet you! We know of some dark bars. Make sure no one followed you.
U.S. Mail. We do get letters. The old-fashioned postal way is very, very hard to crack. Think of the Unabomber or Anthrax Killer. Send your dirt to:
210 Elizabeth St.
New York, NY 10012
The above suggestions are offered with a worst-case scenario in mind. It is highly unlikely that you will actually need that level of security. Most people interested in providing us with information will be able to do so without worrying that their employer will scrutinize browsing history, let alone spark a criminal investigation. Most tipsters need only cover their tracks with an anonymous email address and perhaps the precaution that we speak only via cell phone. But you never know when the hammer is going to come down, and it's best to be aware of the digital footprints we leave behind.
I'm sure you all have many, many more tips. Let us know in comments.