We at Gizmodo Media Group want you to leak us things. Sometimes an email will suffice, or a call to our tips line, or even an anonymous comment on a post. But sometimes sources want to contact us without leaving a digital trail.
SecureDrop is designed to help you do just that. It is a way for you to send us things—messages, tips, files, documents—while maximizing your anonymity and frustrating any attempts (including by us) to identify you as the source. Whether you want to securely provide information to reporters at Gizmodo, Deadspin, Jezebel, Kotaku, Jalopnik, Lifehacker, Splinter, or The Root, here you will find an explanation of how to do it.
For details on how SecureDrop protects your anonymity, please see our privacy terms below. And for other secure ways to reach us, including encrypted email, encrypted chats, and snail mail, please go here.
To use SecureDrop:
Created by Aaron Swartz and developed by the Freedom of the Press Foundation, SecureDrop employs rigorous security protocols and makes use of the Tor network to establish a communications channel that is hardened against interception or subsequent leak investigations. Your messages will be encrypted and read on a machine that is not connected to the internet. Gizmodo Media Group’s SecureDrop will not record or retain your IP address or any information about your browser or your visit, nor will it place any persistent cookies or third-party trackers on your machine. And the use of the Tor’s anonymizing software makes it extremely difficult for anyone to prove or even suspect that you used SecureDrop.
Please read our privacy terms carefully. It explains what type of information SecureDrop does and does not collect, and why.
Also please note that when you submit certain types of files through SecureDrop, you may inadvertently be sending us metadata associated with that file.
For example, if you submit a photo through SecureDrop in JPEG format, the file may include information about the date, time, and the GPS location of where it was taken, and the type of device used to take the photo. Similarly, if you submit a Word file (.doc or .docx), it may include the identity of the document’s author, the author’s operating system, GPS data about the author’s location, and the date and time when the document was created.
Our policy is to scrub metadata from the files we receive through SecureDrop before publication. If you don’t want to send us metadata, please use the Metadata Anonymization Toolkit to scrub the file before you submit it.
Gizmodo Media Group collects information about our own reporters’ use of SecureDrop for security monitoring and to make sure the system works properly.
This information includes details about the device, browser, and operating system Gizmodo Media Group staffers use when accessing the system, and the date and time of each session.
We retain these access logs for 7 days, and then delete them.
Gizmodo Media Group works diligently to protect the identities of our sources and keep the information they give us confidential.
SecureDrop servers are under the physical control of Gizmodo Media Group and are isolated from our network infrastructure.
However, no one can guarantee 100 percent security of any system against all adversaries. Like all software, SecureDrop may contain bugs. Ultimately, you use the SecureDrop service at your own risk.
We may revise these privacy terms from time to time. The most current version of the policy will govern our collection and use of personal information and will always be published on this page. If we make changes that we believe are material, we will prominently display a notice on our site before we make those changes.
Gizmodo Media Group welcomes questions, concerns, and feedback about this policy. If you have suggestions for us, feel free to let us know at firstname.lastname@example.org. If you work for a media organization and are interested in installing SecureDrop, please contact the Freedom of the Press Foundation.