Gawker Media runs on tips and leaks from people with information to share. To make that sharing as private as possible, we are announcing our newest, most secure method for sending things to our reporters and editors: the Gawker Media SecureDrop.
If you have something to tell us, or a document or file to provide us, and you want to minimize the chance that anyone—and this includes us—will ever be able to prove that you were the source, SecureDrop is your best option. Designed by Aaron Swartz and developed by the Freedom of the Press Foundation, SecureDrop uses Tor, PGP encryption, and other security tools to establish a thoroughly anonymous communications channel that is hardened against interception or investigation.
The Washington Post's Adam Goldman, who reports on national security matters, recently described what it feels like to take extreme measures to protect his conversations with sources from potential surveillance: "I don't want the government to force me to act like a spy. I'm not a spy; I'm a journalist." But the sad fact is that when it comes to the internet, everybody is a spy: the government, the service providers watching your packets whiz by, the employer who operates the network you're reading this post on, the lurker on the wifi at Starbucks. The ubiquity of digital communications has made it harder than ever before to engage in truly private conversations, and tools like SecureDrop are increasingly crucial to guaranteeing that people with important stories to tell can safely come forward.
The Freedom of the Press Foundation has installed the system for the Washington Post, the New Yorker, the Guardian, the Intercept, and other outlets. As far as we can tell, the Gawker Media network—Gawker, Deadspin, Jezebel, Gizmodo, Jalopnik, Kotaku, and Lifehacker—is one of the largest U.S. publishers by audience to use it, and we're excited to see what can happen when we give readers and sources the freedom and safety to communicate with us about sensitive matters with minimal fear of exposure or retribution. Please go here to read more about how SecureDrop works and how to submit.
SecureDrop was designed for maximum safety; not all conversations merit its use. But we have been systematizing (somewhat) the other security tools we use here across all the sites. At this point, all the site editors and at least two reporters on each site have public PGP keys and are capable of sending and receiving encrypted email messages. PGP—an encryption scheme that stands for Pretty Good Privacy—permits correspondents to send messages that are designed to be read only by the intended recipient, preventing anyone who gains access to, say, Google's email servers from being able to decipher their content. From here on out, you will see contact signatures at the bottom of posts with links to those reporters' keys and their PGP fingerprints, short codes that can be used to authenticate the public keys.
Reporters at each site have also been trained in the use of OTR, a chat protocol that permits end-to-end encryption. You can reach these reporters, using their email addresses, via Google Talk on any chat client and initiate an encrypted chat.
To find out which of our reporters and editors are reachable via more secure means than simple email, please consult this list, which will be continuously updated as more of our staffers acquaint themselves with tools that can help us communicate with sources in safe, effective ways.