[LINK] "How to Blow the Whistle Anonymously" :-)

Fri Jun 7 23:35:43 AEST 2019

https://old.reddit.com/r/australia/comments/bxo04z/how_to_blow_the_whistle_anonymously_please_feel/

How to Blow the Whistle Anonymously - Please feel free to add or correct anything on this list. Hopefully by the end of this discussion we may have a fairly safe method.<https://old.reddit.com/r/australia/comments/bxo04z/how_to_blow_the_whistle_anonymously_please_feel/> (self.australia<https://old.reddit.com/r/australia/>)  submitted 13 hours ago * by 04FS<https://old.reddit.com/user/04FS>

1.   Many useful tips / do's and don'ts here privacytools.io<https://www.privacytools.io/>
2.   Use a burner computer
3.   Use Tails<https://tails.boum.org/> as your operating system - Tails is a security hardened OS that connects to TOR<https://www.torproject.org/> by default. It is a 'live' system that runs off a USB flash drive.
4.   Use a disposable email address such as guerrillamail.com/<https://www.guerrillamail.com/> This service allows you to send and receive emails only for as long as you stay on the page. Once you close the page the email address is lost.
5.   Compose your email
6.   Connect to a free public wifi access point - preferably in a city / town where you neither live or work.
7.   Send your email. Disconnect from wifi.
8.   Dispose of / destroy your burner device (try and be nice to the environment)
9.   Don't take any mobile devices that can be linked to you - u/rickAUS<https://old.reddit.com/u/rickAUS>
10.           Obscure your face and other identifiers when traveling to and from the wifi point    you choose u/rickAus<https://old.reddit.com/u/rickAus>
11.           Pay cash for everything the entire time u/rickAUS<https://old.reddit.com/u/rickAUS>
12.           Don't take your private (or hire) car u/Nuijeblk<https://old.reddit.com/u/Nuijeblk> & u/alecshuttleworth<https://old.reddit.com/u/alecshuttleworth>

See u/stumcm<https://old.reddit.com/u/stumcm> 's post regarding the use of pgp encryption.

Familiarity with the concept of correlation attacks<https://security.stackexchange.com/questions/147402/how-do-traffic-correlation-attacks-against-tor-users-work> may be useful.

u/htvwls<https://old.reddit.com/u/htvwls> on the pitfalls of gait analysis<https://en.wikipedia.org/wiki/Gait_analysis> and writing style.

u/jhbc9f3f904v<https://old.reddit.com/u/jhbc9f3f904v> has raised some very valid points. This is a long, complicated and convoluted process that may discourage those who are not confident enough to carry out this kind of implementation. He correctly states that one mistake has the potential to break the whole chain. Please read his post and make your own decision.

Having said that, if Tails is good enough for Bruce Schneier<https://en.wikipedia.org/wiki/Bruce_Schneier>, Glen Greenwald<https://en.wikipedia.org/wiki/Glenn_Greenwald> , and Edward Snowden<https://en.wikipedia.org/wiki/Edward_Snowden>, it's solid.
As other commenters have pointed out, there is no such thing as complete anonymity or network security. One has to trust that TOR is not compromised. One has to trust that Tails will do what is says on the can.
As for taking security advice from "randoms on the internet"; again, worthy advice. At the very least this thread can point folk in the right direction to research and then come to their own decisions on how to proceed.

]mutantbroth 2 points 6 hours ago

Do not use email! It's not encrypted at all and the NSA vacuum up all of it and share it with their five-eyes partners (see https://en.wikipedia.org/wiki/XKeyscore).

If you want to contact a journalist, find out how to do using encrypted communications. For example here is the contact page for four corners, listing their Signal and WhatsApp contact details: https://www.abc.net.au/4corners/contact-us/

I saw some other Signal/Whatsapp contacts listed on one of the ABC's AFP stories but I can't find the link now. But definitely make sure the means by which you're communicating is protected by encryption, in addition to observing the precautions listed by OP.

Also as suggested in another thread [1], consider contacting a news organisation based overseas that the AFP can't touch. The same precautions should obviously be taken.

Also a shout out to https://gnupg.org/. It's a complex and difficult program to use, but the investment in learning it will pay off (the same goes for any reporters reading this). Glenn Greenwald almost missed out on the whole Snowden story because he didn't want to bother learning PGP [2].

[1] https://www.reddit.com/r/australia/comments/bxdp0j/psa_for_whistleblowers_if_you_blow_the_whistle_to/

[2] https://arstechnica.com/information-technology/2013/06/guardian-reporter-delayed-e-mailing-nsa-source-because-crypto-is-a-pain/