Everything you do on the internet leaves a trail.
Before following these instructions and connecting to our SecureDrop, go to a public wifi network like a coffee shop or library that you do not normally frequent, or connect to a VPN. You should be careful in public places that may contain CCTV, or where people could see your screen.
Do not follow any links on this page from your home or office network.
For maximum privacy you can connect to Tor with the Tails operating system, this is recommended if you are employed by a government or if you think someone may be monitoring you.
Our SecureDrop servers are under the physical control of Schwartz Media. They are kept in a locked room, under constant video surveillance.
We do not ask or require you to provide any personally identifiable information when you use SecureDrop.
SecureDrop does not record your IP address, information about your browser, computer, or operating system.
Our SecureDrop server will only store the date and time of the newest message sent from each source. Once you send a message, the time and date of your previous message is automatically deleted.
Journalists decrypt and read each message on a computer that has never been and will never be connected to the internet. They are also encouraged to delete messages from the server on a regular basis. The date and time of any message will be securely deleted from the server when the message is deleted.
Be aware that the actual messages you send and receive through SecureDrop may include personally identifiable information. For this reason, once you read a journalist's message, we recommend you delete it. It will be securely deleted from the file system.
When you submit certain types of files through SecureDrop you may be sending us metadata associated with that file.
For example, if you submit a photo through SecureDrop in JPEG format, the file may include information about the date, time, GPS location of where it was taken and the type of device used to take the photo.
Similarly, if you submit a Word file (.doc or .docx) through SecureDrop, it may include the identity of the document's author, the author's operating system, GPS data about the author's location, and the date and time when the document was created.
Our policy is to scrub metadata from the files we receive through SecureDrop before publication. If you do not want to send us metadata, please use the Metadata Anonymization Toolkit to scrub the file before you submit it.
No system is 100% secure, so we cannot absolutely guarantee your security. SecureDrop is regularly audited by independent security experts, but like all software it could have security bugs that could be exploited by attackers.
If the computer you are using to submit documents is already compromised, any activities, including communication through SecureDrop, could be compromised as well.
Ultimately, you use the service at your own risk.
If SecureDrop is unavailable you can also contact us anonymously by PGP for email, Ricochet for messaging, Signal for messaging and voice calls.
If you do not know how to use PGP we strongly recommend you install Ricochet or Signal and contact us that way.
Ricochet is a text messaging app for Linux, Mac and Windows, and does not require any initial exchange of phone numbers unlike Signal.
Ricochet is a good choice if you have never contacted us or are unsure how
to use our SecureDrop, and SecureDrop is overkill or too much work at this stage.
We still recommend you download and use Ricochet on a public wifi network, and never on your work computer.
Signal is an app available on iPhone and Android. It provides secure and private text messaging and audio calls. It is likely that a capable government will be able to detect you are using Signal to communicate with us, but will not know what we are saying.
If you do communicate with us via Signal, you need to first exchange phone numbers with us. You can do this in person, or via Ricochet, or SecureDrop. Then you can verify you are really talking to us by comparing the Signal Safety Numbers with the one below.
To verify the Signal Safety Numbers open the conversation, and open Conversation Settings. On iPhone tap the name in the top bar, on Android tap the menu icon on at the top right of the screen.
Then tap 'Verify Safety Numbers'. If you are meeting in person, you can take a photo of the QR code on the screen. Otherwise you can verify that half of the Safety Number on screen matches with the number of who you are communicating with below.
The number will either begin at the start, or halfway through.
40334 19193 43458 76969 64106 02397
00221 97492 28537 88253 78483 83145
Signal is a good choice if you have previously contacted us, or already have a phone number for us.
If you know how to use PGP you can email us and encrypt your messages with the either of the following keys, depending on who you are contacting.
9750 F52D FAE8 4A15 8075 AF8D 9E0A 5469 636B A187
PGP is a good choice if you know how to use it. It's easy to make a mistake if you don't know it well, in which case we would recommend using any of the other options on this page.
curl https://www.thesaturdaypaper.com.au/tips | gpg
curl https://www.themonthly.com.au/tips | gpg
D1AA C039 3288 6146 BB14 3E9F 890A 80A9 D59C 28C0