Everything you do on the internet leaves a trail.
Before following these instructions and connecting to our SecureDrop, go to a public wifi network like a coffee shop or library that you do not normally frequent, or connect to a VPN. You should be careful in public places that may contain CCTV, or where people could see your screen.
Do not follow any links on this page from your home or office network.
For maximum privacy you can connect to Tor with the Tails operating system, this is recommended if you are employed by a government or if you think someone may be monitoring you.
Our SecureDrop servers are under the physical control of Schwartz Media. They are kept in a locked room, under constant video surveillance.
We do not ask or require you to provide any personally identifiable information when you use SecureDrop.
SecureDrop does not record your IP address, information about your browser, computer, or operating system.
Our SecureDrop server will only store the date and time of the newest message sent from each source. Once you send a message, the time and date of your previous message is automatically deleted.
Journalists decrypt and read each message on a computer that has never been and will never be connected to the internet. They are also encouraged to delete messages from the server on a regular basis. The date and time of any message will be securely deleted from the server when the message is deleted.
Be aware that the actual messages you send and receive through SecureDrop may include personally identifiable information. For this reason, once you read a journalist's message, we recommend you delete it. It will be securely deleted from the file system.
When you submit certain types of files through SecureDrop you may be sending us metadata associated with that file.
For example, if you submit a photo through SecureDrop in JPEG format, the file may include information about the date, time, GPS location of where it was taken and the type of device used to take the photo.
Similarly, if you submit a Word file (.doc or .docx) through SecureDrop, it may include the identity of the document's author, the author's operating system, GPS data about the author's location, and the date and time when the document was created.
Our policy is to scrub metadata from the files we receive through SecureDrop before publication. If you do not want to send us metadata, please use the Metadata Anonymization Toolkit to scrub the file before you submit it.
No system is 100% secure, so we cannot absolutely guarantee your security. SecureDrop is regularly audited by independent security experts, but like all software it could have security bugs that could be exploited by attackers.
If the computer you are using to submit documents is already compromised, any activities, including communication through SecureDrop, could be compromised as well.
Ultimately, you use the service at your own risk.
If SecureDrop is unavailable you can also contact us anonymously by PGP for email or Ricochet for messaging.
If you do not know how to use PGP we strongly recommend you install Ricochet and contact us that way.
Ricochet is a text messaging app for Linux, Mac and Windows, and does not require any initial exchange of phone numbers unlike Signal.
Ricochet is a good choice if you have never contacted us or are unsure how
to use our SecureDrop, and SecureDrop is overkill or too much work at this stage.
We still recommend you download and use Ricochet on a public wifi network, and never on your work computer.
If you know how to use PGP you can email us and encrypt your messages with the following key:
B284 9F06 015F 5A28 8835 DE23 4C0A 9C83 85FE 4F3A
PGP is a good choice if you know how to use it. It's easy to make a mistake if you don't know it well, in which case we would recommend using any of the other options on this page.
curl https://www.thesaturdaypaper.com.au/tips | gpg
curl https://www.themonthly.com.au/tips | gpg
D1AA C039 3288 6146 BB14 3E9F 890A 80A9 D59C 28C0