SECURITY FOR WHISTLEBLOWERS
When submitting sensitive information, you must consider the risks involved in taking that action in revealing the truth, as you may be subject to retaliation by parties that do not like what you have to say.
That is why you must take all possible actions to preserve your anonymity. You need to be aware of the social and technical risks, and take the right countermeasures to protect yourself. The most applicable protection strategies depend on the scenario, especially those related to social risks.
First of all, when you leak or share sensitive information there are always some risks involved that could threaten your anonymity. As a first step as a whistleblower, if sending us information in a Confidential fully encrypted way (via HTTPS) is not enough, and you need stronger anonymity, we suggest you download and install the Tor Browser, to be able to anonymously access the Internet and WildLeaks. Naturally, don’t do it at your work or with computers belonging to your employer. Do it from home and with a private computer, or from an Internet cafe using our Confidential option (HTTPS)
It’s easy and quick to install the Tor Browser. Click here for the instructions.
The following Risks Overview and series of hints and tips will help you protect yourself:
The most important thing to consider is what can happen after your leak/submission if the information you have provided is used for an investigation or on the media. Please think about the following before submitting any information:
- Are you the only person who has access to the information that you have submitted?
- If the submitted information reaches public attention, will someone ask you something about it? Is the information directly traceable to you only?
- Are you aware that after the information is used for an investigation or published on the media people around you can ask about the leaked information
- Can you handle the psychological pressure of an internal or external investigation (someone asking you about something) about the submission?
To better protect yourself you should take at least the following set of actions:
- Before you make a submission to WildLeaks, don’t tell your intention to anyone
- After you make a submission, don’t tell what you have done to anyone
- If the news about the submission gets out to public media, be really careful in expressing your opinion about it with anyone
- Be sure that there’s no surveillance systems (cameras or other) in the place where you acquire and submit the information
- Don’t look around on search engines or news media websites for the information you submitted (this would reveal that you knew about it earlier)
These are just a set of social protection actions that you must consider.
You must be aware of the fact that while using a computer and the internet to exchange information, most of the actions you take leave traces (computer logs) that could lead an investigator to identify where you are and who you are.
For this reason you must consider risk mitigation strategies and adopt very specific precautions to avoid leaving technological traces about your actions.
You may leave computer’s traces while:
- Researching the information to be submitted
- Acquiring the information to be submitted
- Reading this web page
- Submitting the information to us
- Exchanging data with receivers of your submission
- Downloading a software, including the TOR Browser Bundle
Technological protection actions could be the most tricky to understand, due to the underlying technical complexity of today’s computing and network systems.
To achieve a 100% guarantee of security from technical perspective, you need to be computer-proficient enough to fully understand all the risks.
However, by strictly following the procedures and tips reported below, you should be safe enough:
How can you protect yourself and improve your anonymity?
- Use the software Tor Browser Bundle for “Anonymous Web Browsing.” Click here to download it
- Use BleachBit that removes many traces of your computer.
- Upload information from your personal computer, not the one at your employer/company
- Keep the 10 digits receipt code that you receive from WildLeaks after uploading a submission in a safe place.
- Remove any information from your computer after the upload.
- If possible keep a copy of the uploaded information in a safe place not at work.
- After you upload the information make sure you leave no trace on the ICT systems and other devices, which can be used to understand your identity. For example, if you use a USB card/key, delete all the files that you uploaded and substitute them with other files like photos, videos and music.
- Please be aware of the metadata information that may be associated to the information that you have uploaded, such as author’s name, date of writing, etc. You can use programs like MAT to remove the metadata from your files.
By applying the above-described procedures you should be safe enough. But safe enough doesn’t mean 100% safe.