What Whistleblowers Should Check Before Using Information Submission Tools
Tools such as SecureDrop, GlobaLeaks, and OnionShare can be useful for whistleblowing and anonymous information submission.
However, there are things to check before opening a tool.
Can the submission destination be trusted? Does metadata remain in the material? Can you be inferred from the content? Are you using a workplace device or work network? How will you check replies after sending?
Organize the risks before choosing a tool.
Tools Only Protect the Entrance
Anonymous information submission tools are used to protect the initial contact and handoff point.
However, they do not erase the source of the material, internal logs, document metadata, or inference from the content.
What a tool can help with
Remaining risk
Avoiding real-name email
Creator names remain in the material
Avoiding ordinary cloud services
File access history remains
Making the source of connection harder to see
Candidates narrow from the content
Separating the handoff route
Poor recipient-side operation is dangerous
Tools are important.
But in whistleblowing, "what to send" and "who to send it to" can matter even more.
It is dangerous to see names such as SecureDrop, GlobaLeaks, and OnionShare and think, "If I use this, I will be anonymous."
Depending on the situation, these tools can help make handoff safer than ordinary email, social media DMs, or cloud sharing. However, tools do not automatically erase user behavior mistakes.
If you access from a workplace device, it remains in device management logs. If you access from a work network, it may remain in proxy or DNS records. If the material contains a department name or creator name, the source can be known even if the handoff route is safe.
Misunderstanding
Reality
An anonymous tool means safety
Devices, networks, material, and content also need checking
is enough
Sending files and behavior after submission can reveal information
An encrypted form is enough
Recipient-side operation and storage methods also matter
Not writing your name means safety
Candidates narrow from content and timing
Check the Submission Destination
Choose the submission destination carefully.
Protection, response, and risk change depending on the option, such as a news organization, lawyer, public-interest whistleblowing channel, audit organization, NGO, or external intake point.
Check item
Reason
Operator
Who manages the intake point
Handling of information
Who can see the material and report content
Reply method
Whether ongoing contact increases traces
Legal protection
Check the relationship with public-interest whistleblowing and confidentiality obligations
Track record and explanations
Whether there are risk explanations and source-protection policies
It is important not to trust a submission destination just because "there is an anonymous form."
Look at the operator's stance and explanations.
Check the Material You Will Send
Always check material before sending it.
Look at the body text, filename, metadata, creator, edit history, version, distribution scope, screenshot notifications, and screen information.
Check item
Reason to look
Filename
Real names, department names, and case names appear
Creator information
Real names or organization names remain
Change history
Editors and comments remain
Version and distribution scope
The people who can access it narrow
Specific information in the body
It reveals who knows the matter
Modifying material can also affect evidentiary value.
In high-risk cases, consider consulting legal or reporting specialists instead of altering materials on your own.
Check the Environment You Use
Accessing information submission tools from a workplace device or work network is dangerous.
Records may remain in device management, proxies, DNS, firewalls, logs, and monitoring software.
Check item
Reason
Device
Whether it is a workplace-managed device
Network
Whether it is work Wi-Fi or an internal line
Login state
Whether you are logged into a real-name account
File sync
Whether it will be automatically saved to cloud services or backups
Notifications
Whether information may appear in screen sharing or screenshots
Environment separation is a prerequisite for the tool.
If you cannot separate environments, you may not yet be at the sending stage.
Minimize What You Send
In whistleblowing, more information can increase persuasiveness, but it also increases identification risk.
Before sending all materials together, think about what the other party really needs in order to judge the matter. Especially in first contact, it is safer not to reveal more about your identity or internal position than necessary.
Information
Risk of revealing too much at first contact
Department name
Candidates narrow at once
Detailed work dates
Compared against shifts and entry and exit logs
Original files
Creator, edit history, and watermarks remain
Internal terms
Affiliated department or years of experience become visible
Personal emotions
Writing style and relationships make the person recognizable
Of course, specificity is necessary to report serious wrongdoing. The problem is revealing everything from the start.
It may be safer to provide information in stages after the submission destination is trusted, the contact path is ready, and the handling of materials can be confirmed.
In whistleblowing, rushing to send out of a sense of justice leaves traces that cannot be undone later.
Do Not Rush to Send When Unsure
The more dangerous the whistleblowing, the stronger the desire to "tell someone quickly" becomes. However, hurried sending increases mistakes.
Not checking files. Using the workplace network. Working while still logged into a real-name account. Not reading how the submission destination operates.
These mistakes become traces that are difficult to undo after sending.
Situation where you should stop once
Reason
You have not read the submission destination's explanation
You do not know how information is handled
You have not checked the material's metadata
Creator information or edit history remains
You can only use a workplace device
It remains in management logs
You are rushing emotionally
You are more likely to reveal unnecessary information
The legal impact is large
Consultation with a specialist becomes necessary
Choosing not to send is also part of securing safety. If preparation is insufficient, prepare the environment and submission destination first.
Think About What Happens After Sending
Risk continues after sending.
Checking replies, sending additional material, internal investigation after publication, responding to reporting, and reacting on social media. Correlation happens at every stage.
Post-submission behavior
Caution
Checking replies
Do not access repeatedly from the same environment
Additional material
New metadata and timing correlation increase
Internal organization reactions
Avoid being suspected because of unnatural behavior
Comments after publication
Do not react too much on social media or at work
Continued consultation
Maintain a safe contact path
Whistleblowing does not end with the send button.
Think through behavior after publication too.
Summary
Before whistleblowers use information submission tools, they should check the submission destination, material, environment, and behavior after sending.
Tools such as SecureDrop, GlobaLeaks, and OnionShare are useful, but they do not automatically erase the source of the material, internal logs, metadata, or inference from the content.
Do not judge something safe just because there is an anonymous form.
Check who operates it, what it records, who sees the material, and how you will communicate after sending.
The checks before using a tool have a major effect on whistleblowing safety.
Related tools
Anonymous communication
Tor Project
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.