Sending an email. Reaching out through a social media DM. Making a call. Sending a cloud link. Holding a video meeting. All of these are ordinary ways to communicate, but in source protection they become important records.
The issue is not only the content of the conversation.
Who contacted whom, when, and through which service. That fact alone can become material for narrowing down possible sources.
Traces by contact method
In contact with sources, the information that remains differs by method.
Contact method
Traces left behind
Email
Sender and recipient, subject, time, attachments, headers
Display names, participants, recordings, backgrounds, participation history
Even in encrypted apps, the fact of contact and notifications on devices remain separate issues.
Encryption is important for protecting the content of a conversation. But in source protection, "who contacted whom" is also important. Email subjects, sending and receiving times, phone numbers, cloud link viewing history, and video meeting participation history are traces separate from the body of the conversation.
For example, even if the content of an encrypted chat cannot be read, a notification may appear on the source's device. Simply showing the contents of a cloud link can leave an owner name or viewing time. For contact with sources, think separately about content and the fact of contact.
First contact is especially important
In source protection, first contact can become the most dangerous moment.
A source contacts you from an everyday email address. A reporter replies through real-name social media. Materials are uploaded to an ordinary cloud account. These first actions cannot be undone later.
First action
Remaining problem
Contacting by real-name email
Sender, email address, and time remain
Contacting through social media DM
Account relationship and conversation history remain
Sending from a workplace device
Remains in organizational logs or device management
Placing materials in the cloud
Owner name, sharing history, and viewing logs remain
Consulting by phone
Call history and numbers remain
For high-risk reporting, "contact us normally first, then move to a safer method" is dangerous.
Prepare an entry point that matches the threat model from the beginning. A safe entry point here does not mean something that erases every trace. It means an entry point designed to reduce records after deciding which people, services, or systems will be trusted.
First contact cannot be redone later. A tip sent from ordinary email, a DM from real-name social media, access from a workplace device, and an upload to an ordinary cloud account remain as the first record. Even if the conversation later moves to a safer chat, the line showing who first made contact remains.
Journalists need to provide an entry point that does not leave readers or sources guessing at the beginning. If there is only a normal contact form, sources will send information there. If you may handle high-risk information, make the safe contact method, warnings, and information that should not be sent at first clear.
Separating contact methods
Journalists also need to separate everyday contact methods from high-risk contact with sources.
If real-name social media, personal email, a personal phone, and everyday cloud accounts are used as they are, contact with sources gets mixed with other parts of life and work.
What to separate
Reason
Email address
Do not mix source contact with personal use or normal work
Device
Separate notifications, histories, and files
Cloud account
Avoid real-name accounts and edit histories
Chat
Separate reporting conversations from personal conversations
Storage location
Limit who can access materials
Separation does not only protect the journalist.
It is a minimum baseline practice for protecting sources.
Real-name work and source protection cannot always be completely separated for journalists. Journalists often work under their real names, and their contact methods are public. But if contact with high-risk sources is also mixed into everyday environments, traces of the source spread.
Using dedicated email, a dedicated device, a dedicated browser, a dedicated storage location, and dedicated notification settings can narrow the scope of traces. Cloud sync and notifications require particular care. If a source's name or a material title appears on a journalist's everyday device or shared screen, that alone becomes a risk.
Contact content also contains clues
Pay attention not only to the communication method, but also to the content of the conversation.
Exchanges such as "about yesterday's meeting," "the document only your department knows," or "send it at this time" can narrow down the source if seen later.
Conversation content
Risk
Department or position
Reveals the source's affiliation
Meeting name or date
Narrows down the participants
Material title
Narrows down who had access
Sending instructions
Action time can be compared with logs
Distinctive phrasing
Shows characteristics of the witness
In safer contact, it is also important not to leave more specific internal information in conversation logs than necessary.
The more detail a source explains, the easier it is to understand the facts. At the same time, if departments, dates, meeting names, material titles, positions, and distinctive expressions remain in conversation logs, they become clues leading back to the source. In early contact, keep details to the minimum necessary and decide on a safer method before handling detailed materials.
Telling a source to "send it now" also requires care. The sending time may be compared with organizational logs. In safer reporting, the issue is not only what is sent, but also when, from where, and from which device it is sent.
Traces remain after reporting too
Traces from contact with sources can become a problem after publication. After an article appears, an organization may investigate "who knew this information." At that point, the source's email, call history, cloud viewing, internal document access, printing, USB use, and entry/exit records may be reviewed.
What may be reviewed after publication
Impact on the source
Internal document access
Narrows who viewed the material
Sending time
Compared with the time of contact with the reporter
Phone and email history
Shows the fact of contact
Cloud history
Leaves viewing or sharing of materials
Specificity of the article
Limits who could have known the information
Source protection is not only an issue while communication is happening. Design the first contact and handling of materials with post-publication investigation in mind.
Prepare guidance before contact
Journalists should prepare guidance that helps sources make safer decisions. "Do not send high-risk information from a workplace device or real-name email." "Before sending materials, first consult only about the outline." "Attachments may contain metadata." Guidance like this can reduce failures at first contact.
If guidance is too long, it will not be read. Briefly show what not to do at first, what contact methods are available, and what to check before sending. Safer contact with sources is not something that asks only the source to make an effort. It is something the recipient designs at the entry point.
Summary
In contact with sources, not only the content of conversations but also the fact of contact becomes a trace.
Email, social media DMs, phone calls, chats, cloud sharing, and video meetings each leave logs, notifications, and account information.
For high-risk reporting, prepare a safer entry point from the first contact.
It is also important not to mix contact with sources into everyday accounts and devices.
Source protection begins at the contact stage, before the article is written.
Related tools
Breach check
Have I Been Pwned
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.