Investigative journalism often relies on the bravery of individuals who come forward with information that the public needs to know. These tips can expose corporate malfeasance, government overreach, or technological abuses that affect millions. However, the act of tipping off a news organization carries significant risks, especially for whistleblowers, insiders, or anyone in a position where reprisals are a real threat. This is why understanding how to submit a tip securely is as important as the tip itself. The following guide outlines the most reliable methods—email and Signal—along with crucial security considerations to protect your identity and your data.
Why Security Matters When Submitting Tips
Every digital communication leaves traces. Metadata such as sender and recipient addresses, timestamps, IP logs, and device identifiers can be used to identify you even if the content of your message is encrypted. Many whistleblowers have been exposed not because of what they said, but because of the digital breadcrumbs they left behind. For this reason, the first rule of secure tipping is to avoid using any device, network, or account that can be traced back to you personally. This means never using your work computer, work Wi-Fi, or work email address if you are at risk of reprisals. Instead, use a personal device on a public Wi-Fi network or a network you trust completely, and consider taking additional steps such as using a VPN (though VPNs themselves can be logged).
Email: Simple But Risky
Email remains one of the most accessible ways to contact a newsroom. Most outlets provide a general tips address, often something like tips@example.com. While convenient, standard email is not encrypted by default, meaning your message and attachments could be intercepted by anyone with access to the network or the email server. For sensitive information, you should ideally use a secure email provider that supports end-to-end encryption (such as ProtonMail or Tutanota) and encrypt the message with a public key if the outlet provides one. However, even encrypted email leaves metadata—the subject line, sender, recipient, and timestamp—exposed. To minimize this, you can create a burner email account using a pseudonym and access it only through a secure, anonymous connection. Include as much evidence as possible, such as documents, screenshots, or firsthand accounts, but be aware that large attachments may increase the risk of detection. If you are emailing from a personal device, be cautious of backups and cloud sync services that might store copies of your communications.
Signal: The Gold Standard for Secure Communication
Signal is widely regarded as one of the most secure messaging apps available. It uses end-to-end encryption for both text messages and voice calls, meaning that no one other than the intended recipient can read or hear them. Signal minimizes the metadata it collects: it only stores your phone number and the last time you accessed the app. It does not store information about who you are communicating with or the content of your messages. This is a significant improvement over other encrypted apps like WhatsApp, which shares metadata with its parent company. To use Signal for a tip, you should download the app onto a device that cannot be linked to you—ideally a secondary phone or a device that you can wipe afterwards. Do not use your work phone. You will need to register with a phone number, which can be a burner number obtained through services like Google Voice or a prepaid SIM card. Once registered, you can search for the journalist or newsroom’s Signal username or phone number (many journalists list their Signal contact on their author pages or staff lists). When starting a conversation, you may need to add the number as a contact first; you can delete the contact after the conversation has begun. For added security, you can enable disappearing messages, so that conversations self-destruct after a set period. Always verify the recipient’s safety number (a security fingerprint) to ensure you are communicating with the right person and not an imposter.
Additional Security Precautions
Beyond choosing the right tool, there are several practices that can help protect you. First, never assume that a single layer of anonymity is enough. Use public Wi-Fi (such as at a library or café) and avoid logging into any personal accounts while sending the tip. If possible, use the Tor browser to access the newsroom’s tips page or to check for instructions. Some news organizations publish their security guidelines in collaboration with groups like the Freedom of the Press Foundation, which provides detailed recommendations for locking down Signal, avoiding phishing, and securing devices. These guidelines often advise turning off notifications, using screen locks, and regularly updating software. Second, be mindful of the timing: sending a tip at an unusual hour or from a location that can be correlated to your daily patterns might raise flags. Mix up your routines. Third, consider the content of your tip. Avoid including personal identifiers in the message itself—do not write your name, job title, or other details that could uniquely identify you. Instead, focus on the evidence and the story. If you are concerned about physical safety, you may want to consult with a lawyer or a journalist who specializes in protecting sources before reaching out. Finally, after you have sent the tip, securely delete any copies of the messages from your device. Signal allows you to delete messages for both parties, but be aware that the recipient may have already saved them.
What Makes a Good Tip?
Editors receive dozens of tips every day, so your submission is more likely to be investigated if it is specific, credible, and actionable. Firsthand experience is the strongest foundation: if you have witnessed an event or have direct access to internal documents, your tip carries weight. Vague hunches or rumors are less useful. Include relevant context: what happened, when, where, and who is involved. Provide any documentation you can safely share, such as leaked emails, contracts, photographs, or data sets. If you are uncertain about the importance of what you have, err on the side of sharing—journalists are trained to evaluate information. However, do not fabricate or exaggerate; a false tip can waste resources and damage your credibility. Remember that newsrooms prioritize stories that affect the public interest, such as safety violations, corruption, privacy breaches, or severe mismanagement. If your tip falls into one of these categories, make that clear in your initial message.
Understanding Metadata and Surveillance
Even with encryption, metadata can be a powerful tool for surveillance. For example, law enforcement or an employer might be able to see that at a particular time, a phone number (yours) communicated with a newsroom’s phone number, even if they cannot see the content. This is why using Signal over a public network and with a burner number is essential. Additionally, be aware of cell tower triangulation: if you are using a mobile phone, your location can be approximated based on which towers your device pings. To mitigate this, turn off your phone’s location services, use airplane mode when not actively sending, and consider using a device that is not associated with your daily movements. On a computer, avoid using your normal browser; use a disposable browser profile or a live USB operating system like Tails. These tools are designed to leave no trace after you finish your session.
The Role of Newsrooms in Protecting Sources
Responsible news organizations take source protection seriously. Many have internal policies to minimize the collection of source information, use encrypted communications themselves, and are prepared to fight subpoenas or gag orders that seek to reveal a source’s identity. Some outlets provide dedicated tips pages that are served over HTTPS without third-party analytics or ad trackers, ensuring that even the act of reading the tips page does not generate metadata that could be sold or intercepted. Journalists are trained to use Signal and other secure tools, and they understand the risks sources take. When you submit a tip, you can often request a specific meeting method or ask to be contacted via an encrypted channel. Do not assume that a journalist will automatically know the best security protocols—offer to use a method you are both comfortable with. The strongest protection comes from a combination of careful source behavior and a newsroom’s legal and technical safeguards.
Practical Steps to Get Started
If you have information you believe should be public, begin by reading the newsroom’s tips page—often a dedicated, stripped-down page designed to reduce tracking. Note the preferred contact methods. If email is offered, set up a new, anonymous email account from a public computer or a private device using a VPN. Do not use your name or any identifying information in the account name. Write a concise, factual summary of your tip, attach evidence, and send it. Then delete your browsing history and log out. If Signal is an option, install the app on a secondary device or use a spare phone. Register with a burner number. Find the journalist’s Signal username (often listed on their author page or social media). Send an initial message that is brief and avoids specifics until you have established that you are talking to the right person. Verify their safety number via an out-of-band method (like a phone call or a public key). Once you are sure, you can share the details. After the conversation, consider deleting the app and the burner number to sever any residual ties.
Why Your Tip Matters
History is filled with stories that began with a single tip: the Watergate break-in, the Pentagon Papers, the Panama Papers. Each of these leaked documents or insider accounts led to investigations that changed policies, brought criminals to justice, and informed the public about how power truly operates. You might not have classified documents, but you might have evidence of a local safety hazard, a product defect, or a pattern of misleading advertising. In every case, the willingness of an individual to step forward—despite personal risk—is what makes accountability possible. By following secure methods, you protect not only yourself but also the integrity of the investigation. The newsroom can then focus on verifying and reporting your story without worrying about the source being compromised.
In an age of mass surveillance and corporate monopolies on digital infrastructure, the gap between what is known and what is reported often depends on those willing to speak. Secure communication tools like encrypted email and Signal, combined with careful operational security, can help you cross that gap safely. The first step is knowing which tools to use and how to use them. The second step is trusting that professional journalists will handle your tip with the discretion and seriousness it deserves. If you have something to say, the channels are open—use them wisely.
Source: The Verge News