How to blow the whistle to us without blowing your cover

Holding powerful people accountable for corruption, waste, abuses of power, fraud, and other illegal or unethical acts – in Washington and outside it – is what we do. But we don't do it alone.

We want to know if you see or hear something wrong. With SecureDrop, you can blow the whistle – by sending us information, messages and tips as well as evidence including copies of e-mails and other official communications, videos, files, and documents —while shielding your identity.

What is SecureDrop?

Using The Center for Public Integrity's SecureDrop, whistleblowers can communicate with our reporters and send them documents and messages more securely than with traditional electronic methods. It's easy to use, but less public than regular e-mail, phone calls, web or other electronic communications. Information is encrypted and even we won't know your real identity, unless you want to tell us.

How do I use SecureDrop?

  • Visit a location with publici WiFi, such as a coffeeshop, preferably one you don't frequent.
  • Download and install software to access the Tor network from https://www.torproject.org.
  • DO NOT use your home or work networks to download the Tor software or upload information to us.
  • DO NOT use a work or government computer.

For higher security, don't:

  • bring your cell phone or any other devices with wireless internet or cellular service.
  • download or link to files, including video/audio, streaming services and documents; any of these may reveal information about your computer or your connection to eavesdroppers.

For even more security, you can use the Tails (https://tails.boum.org/) operating system, which is designed to run from a DVD or USB drive without leaving traces on your computer and includes the Tor browser.

Got it. How can I submit files and messages through SecureDrop?

Once you are connected to a public network at a cafe or library and have installed the Tor Browser.

Launch the Tor Browser. Visit our organization’s unique SecureDrop URL at ahgpmkiaqfde4innkotgz5q6bgt4gbxmelqod3tjtmpdt3zvxaxareyd.onion. Follow the instructions you find on our source page to send us materials and messages.

When you make your first submission, you will receive a unique codename. Memorize it. If you write it down, be sure to destroy the copy as soon as you’ve committed it to memory. Use your codename to sign back in to our source page, check for responses from our journalists, and upload additional materials.

Other ways to securely contact The Center for Public Integrity:

Send us a package or letter with no forwarding address via U.S. mail. Use a mailbox located away from your regular routine, not a post office.

Our address (don't add anything extra here to the label; it may call unwanted attention to your package):

The Center for Public Integrity
910 17th Street NW
7th floor
Washington, DC 20006

Why use SecureDrop?

Surfing the web, sending emails or text messages, and phone conversations all leave traces that could expose your identity and reveal who you're communicating with. Regular email and other electronic messages aren't protected;  they can be captured, monitored and even altered by anyone with moderate-level technical know-how, including governments, corporations and individuals.

All connections to SecureDrop are encrypted using the Tor network. Tor helps shield what you're doing and your identity from anyone who may be monitoring your internet connection or ours.

Messages, files and other content you send through SecureDrop are all saved in encrypted form. To decrypt whatever you've sent, our reporters will transfer it via USB keys to computers that aren't connected to the internet. These computers will also be used to encrypt our replies before being transferred back to SecureDrop, again via USB key. Even if someone hacks into our SecureDrop system or the computer hardware is seized, messages or files you send should still be protected.

Terms/Disclaimer

The Center for Public Integrity's SecureDrop system is under our physical control and separate from the rest of our office network and our website. Neither The Center for Public Integrity nor any third parties will be able to record your IP address or information about your browser, computer or operating system.

We want to keep your identity safe, so we recommend you follow the safeguards we've outlined. However, no system is completely secure. Among other things, if your computer is compromised, through a virus or other means, your communications may be compromised as well. The system is provided on an “as is” basis, with no warranties or representations, and any use of it is at the user's own risk.

About SecureDrop

The SecureDrop (securedrop.org) software we use is an open-source project, maintained by the Freedom of the Press Foundation (freedom.press).