In today’s world of advanced surveillance, warrantless wiretapping, email monitoring, deep packet inspection and other techniques destroy the integrity of communication between individuals. As a result, it becomes essential for those who are transmitting sensitive information and data to take extraordinary precautions to maintain their safety. The extent to which these dangers can impact anyone faced with being a dissident in a country run by a hostile regime is captured in this WSJ article that exposed how international tech firms aided Gadhafi’s regime in electronically spying on and monitoring Libyan citizens for years.
In response to these very real threats, 100Reporters created the first version of Whistleblower Alley – a secure, digital exchange and communications point for anyone, anywhere to contact us and/or transmit information. It utilized a server in Germany along with an easy to use web interface to send OpenPGP/2048-bit RSA encryption protected messages from sources all over the world to 100Reporters editors. All messages sent through Whistleblower Alley 1.0 were automatically encrypted prior to transmission during a secure browsing session and provide end-to-end security appropriate for the submission of sensitive information. Please note that if the computer used to send messages itself is compromised, these security measures could NOT protect you before and will NOT be able to protect you in the future. Use a system you KNOW to be clean for all sensitive communications.
We are presently designing WA 2.0 to build upon those best practices while enhancing security, capabilities and features both on the source end and the editorial side. Just as WA 1.0 was available using a hidden TOR service, so will WA 2.0. We are still evaluating whether we will continue to support access via i2p.
If you are interested in communicating securely with us in the meantime, but do not need to obscure your actual email address, physical location, etc., then feel free to contact us using 100 Reporters’ PGP key at firstname.lastname@example.org. Our public key is available here or via public key servers (search for “email@example.com”). Please note that the email address you use to send the message from and other technical information that could be used to identify your location, computer and other details will be potentially intercepted and associated with your message. If there is anything about the information that you would be communicating to 100 Reporters that could bring legal, physical or other harm to you and yours, please do NOT use this method and instead wait for the launch of WA 2.0.
If you do not know how to use PGP encryption, it is a useful skill in the light of the multitude of privacy threats that exist today. A number of free resources are available for downloading the software, learning PGP encryption works and how to use it. One good introductory guide is available here and there are free software packages for both Windows and Mac that make it easy to set up quickly. These are by no means the only options for using PGP encryption, but they are amongst the leading current and regularly updated software packages available today.