Protect Your Stories

Forbidden Stories provides journalists in danger worldwide with the ability to make certain their investigations can be completed and published, if they are no longer able to do it themselves.

If you are a journalist working on a sensitive issue or if you feel in danger, there are 3 ways you can securely send us messages and documents: Signal, SecureDrop, and encrypted e-mail.

Send us instructions to follow as well. Explain when and how you want us to pursue your investigation. If something happens to you, we will be able to continue your work and publish it broadly, across borders, through our collaborative network.

The security of a digital system can never be fully guaranteed, but the tools below are among the best available. They are open-source, well known, and have been audited for bugs and vulnerabilities. Review all methods available before choosing the one that best suits your needs, and read the instructions carefully. Don’t worry, we’ll guide you every step of the way.

Signal Signal SecureDrop SecureDrop Encrypted E-Mail Encrypted E-Mail

SignalSignal

Signal is an easy-to-use, open-source messaging app for smartphones. Text messages, images, videos and phone calls are end-to-end encrypted. You can download it for free from the Play Store (Android) or from iTunes (iOS).

How to

  1. Launch Signal and start a new message. Type in and double-check our phone number:

    We recommend you not to save it in your address book.
  2. Type your message, add photos or videos and tap the “Send” button. Done!

For additional security, consider the following:

  • Keep your operating system and your apps up-to-date
  • Lock down your phone and/or Signal with a passphrase or PIN code.
  • Regularly delete old Signal messages.
  • Encrypt your phone.

You can refer to this article from The Intercept for instructions.

For more information about Signal, visit https://signal.org.


SecuredropSecureDrop

SecureDrop is an open-source whistleblower submission system managed by the Freedom of the Press Foundation. It encrypts messages and documents from end to end and uses the well-known Tor network, making it difficult for anyone to identify and trace users.

Our SecureDrop service is the most secure way to communicate with us.

How to

  1. Go to a place with a public network with lots of traffic, such as busy café you have never been to. Never connect from your home or work. Make sure your screen is not in the reach of surveillance cameras.
    Use a computer you own, never one provided by your work. Don’t use a computer if you think it is monitored.
  2. Download and install the Tor Browser from https://www.torproject.org.
    For maximum security, consider using Tails, a privacy-oriented operating system that you can start on almost any computer from a USB stick. Visit https://tails.boum.org for details and instructions.
  3. Launch the Tor Browser and do not visit any website, as it could identify you. Directly copy the address of our SecureDrop service in the address bar:
    http://w7t5f3u4mej6dvpt.onion
    Don’t open this address in your usual browser: it will not work and will leave a trace.
  4. You’re there! Simply follow instructions on the page to send us your message and documents.
    Be sure to memorize your unique codename, or write it down and store it securely. You will need it to check for responses, following the same precautions.

For more information about SecureDrop, visit https://securedrop.org.


Encrypted E-MailEncrypted E-Mail

If you don’t already use openPGP encryption, we recommend that you choose another method to contact us, as it can be difficult to set up and error-prone for beginners.

If you use openPGP encryption, you can send messages and attachments to our contact address, or to one of our team members.

Make sure to include your public key in your first e-mail so we can write you back.

This method does not hide metadata (who you communicate with and when), so consider creating a separate email account from the one you usually use. Remember that the content of your message is encrypted, but the “subject” line is not, so don’t write any identifying or sensitive information there.