CPJ is proud to announce our instance of SecureDrop, the anonymous submission system engineered to resist even nation-state surveillance. In a time of unprecedented, technologically-mediated threats to journalism both online andoffline, CPJ's adoption of this state-of-the-art system will help us protect journalists who need help the most. There has never been a safer way to tell CPJ about press freedom violations anywhere in the world -- or request direct support when you're under fire for your reporting.
SecureDrop allows for secure and anonymous submissions to newspapers, watchdogs, oversight groups -- or anywhere else that someone might be concerned about being identified as the source of a submission. The project is maintained by the nonprofit Freedom of the Press Foundation (FPF). SecureDrop is easy to use but difficult to compromise. Behind the friendly submission form is a sophisticated system which separates different tasks onto independent computers. Each machine only performs part of the puzzle, so it's very difficult to exploit them together.
SecureDrop relies on the Tor network, which the National Security Agency (NSA) once called "The king of high-secure, low-latency anonymity." Tor conceals the origin and contents of communication with CPJ's SecureDrop server. The Tor Browser is a version of the free and open source Firefox Web browser developed byMozilla, which the Tor Project has extensively modified to protect against a slew of possible ways that one's anonymity could be compromised. Micah Lee, journalist and technologist at The Intercept and First Look, has written clear and detailed instructions about the best ways to stay safe when anonymously submitting materials via SecureDrop.
More technically-sophisticated sources wanting to contact CPJ may want to use theTails live operating system, which uses Tor to anonymize all connections into and out of a computer. Tails leaves no traces, history, or logs, and provides a selection of state-of-the-art anonymity, privacy, security, and cryptography software for savvy users. British government surveillance agency Government Communication Headquarters (GCHQ) described Tails as "CNE [computer network exploitation] hell" for the no-traces features which make it much harder to attack and reliably take control of Tails -- unlike most other operating systems, such as Windows, Mac OS X, or Linux distributions which aren't specifically security-focused.
Read the full post at the Committee to Protect Journalists site.