SecureDrop

The Intercept is serious about protecting our sources. With our SecureDrop server, you can share messages and files with our journalists in a way that should help you remain secure and anonymous, even from us.

To protect your anonymity, our SecureDrop server is only accessible using the Tor network. Messages and files that you send to us will be encrypted.

How to Use The Intercept‘s SecureDrop Server

Everything you do on the Internet leaves trails. Before following these instructions, go to a public wifi network, such as at a coffee shop that you don’t normally frequent, and follow them from there. Or connect to a VPN.

  • Download and install the Tor Browser Bundle from https://www.torproject.org/.
  • Open the Tor Browser and copy and paste this into the address bar: https://y6xjgkgwj47us5ca.onion/
  • Follow the instructions to send us information. You will be given a codename that you can use to log back in and check for responses in the future.

Don’t access our SecureDrop server from your home or office. If you wish to ensure maximum privacy, use the Tails operating system instead of the Tor Browser.

SecureDrop is an open source whistleblower submission systems, originally programmed by the late Aaron Swartz, that is maintained by the Freedom of the Press Foundation.

Privacy Information

Our SecureDrop servers are under the physical control of The Intercept‘s staff. When you interact with our SecureDrop servers, we don’t log any information about your IP address, web browser, or operating system, nor do we deliver persistent cookies to your browser. When you use Tor to connect to our SecureDrop server, your connection is encrypted. Using the Tor network helps mask your activity from anyone that is monitoring your Internet connection, and it helps mask your identity from anyone monitoring our Internet connection.

When you send messages or upload files to this server, these messages and files are stored encrypted. Journalists at The Intercept store the encryption keys on air-gapped computers that never connect to the Internet. Even if our SecureDrop server got hacked or the physical hardware got confiscated, the messages and files you have submitted previously should still be shielded from the attacker.

However, no system is 100% secure, so we cannot absolutely guarantee your security. SecureDrop is regularly audited by independent security experts, but like all software, it could have security bugs that could be exploited by attackers.

If the computer you are using to submit documents is already compromised, any activities, including communications through SecureDrop, could be compromised as well.

Ultimately, you use the service at your own risk.