Over the past few years, Gawker and other outlets have detailed how to leak documents and information without unwanted third parties finding out about it. Here’s a refresher course with the most up-to-date details.
If You’re Leaking Tips or Information
Say you have information about a politician, celebrity, or other public figure. Or about a company’s unethical or illegal business practices. Or you have access to newsworthy documents or revealing photos and just want to discuss their publication. Before you get in touch, here are some steps you can take before emailing firstname.lastname@example.org.
UPDATE 3/11/15: Gawker Media has launched a SecureDrop, a safe way for sources to communicate privately and anonymously with us. Go here for information. For instructions on how to reach Gawker Media staffers securely via encrypted email or chat, go here.
Tor is an “anonymity network” that attempts to mask an individual user’s Internet Protocol address, thereby greatly minimizing the ability of a third party to trace any online activity to that user. Tor isn’t perfect—no network can be completely anonymous—but in most cases it will make your real-world identity very difficult to ascertain. You can download the software for using it here.
Burner Kinja accounts
If you’re reading this, you’re already using Kinja, Gawker Media’s discussion platform. And if you click or tap “Reply” at the bottom of this post, you’ll have the opportunity to create a Burner account, which enables a user to comment and post on Kinja without being associated with a third party such as Google, Facebook, or Twitter.
Burner accounts are designed to supply sufficient protections to a person seeking to publish information anonymously. Gawker Media immediately deletes logs of IP addresses that visit websites in its network, which in theory would prevent anyone from demanding those addresses from us to try to find out the identity of a commenter—after all, we wouldn’t have them. Gawker Media websites are, however, connected to third-party servers operated by several companies that provide Gawker with banner advertisements and traffic analytics. Meaning, it’s still a good idea to use Tor if anonymity is important to you.
Anonymous email accounts
Another way of contacting Gawker is via an email account registered under a fake name. Gmail, Yahoo, and Outlook are all sufficient for this purpose. If you go this route, though, you may want to register that account on either your own personal computer (less safe), or on a terminal at a public library or Internet café (more safe). In any case, registering or even logging in to the account on your work computer or on any other network where you’re being actively monitored means that the account could be tracked back to you. The same applies to registering a Burner account.
PGP (Pretty Good Privacy) is a method of encrypting data to protect its contents from surveillance while being transmitted over the Internet. If you’re contacting Gawker via email, you can now use PGP to encrypt any emails sent to our main email address, email@example.com. To do so, you’ll need to download and familiarize yourself with free software that generates a pair of PGP “keys”—one private, one public—and hooks into the email program of your choosing. We recommend Mailvelope, a cross-platform browser extension that augments Gmail’s browser interface.
Update: You can also find out how to reach Gawker Media staff individually using PGP here.
Gawker’s current public PGP key can be viewed here; you’ll need it to contact us using PGP. As time goes on, we may change our public key, so make sure you have the most recent one when sending anything our way.
Photos and Documents
If you want to anonymously send us photographs or documents, it’s wise to consider an additional set of precautions.
Metadata: Before sending documents, you can completely remove any identifying information from the actual electronic file. Known as metadata, this information often indicates who took or created a photo or document, the software used to create or edit it, the date and time of its creation, even GPS coordinates—any of which could be used to identify you.
Public computer terminals: You can remove metadata using desktop software, but the most secure way to send photos or documents is to print them out at home, scan them into a public computer at a local Kinko’s or copy center, and email the file from there—paying in cash only. If you use this method, you may want to shred—or discreetly burn—the pages you printed out. Modern printers embed a microscopic pattern of dots on every page they process, which are believed to reveal the make of the printer, its unique serial number, and the exact time of printing. Gawker’s policy is to ensure that anything we publish does not identify a source—but again, it’s best to be safe on your end, too.
The U.S. Mail: You can always send us photos, documents, or DVDs via U.S Mail, which is a (surprisingly) secure method of communication. Assuming you use an out-of-the-way U.S.P.S. mailbox and don’t include anything that identifies you, physical mail is in many cases safer than the Internet.
Our address is:
114 Fifth Avenue
New York, NY 10011
If you’re a little lost or need us to clarify anything above, jump in the comments below. Otherwise you can email us at firstname.lastname@example.org or leave a message at 646-470-4295.