Digital Dead Drops
How reporters are using a digital version of the classic 'dead drop' to protect themselves — and their sources.
Clandestine Communication Made Easy
A hollowed-out knot in a tree in a quiet park, a loose brick in an aging wall, or an envelope taped behind a post box — these, and many other, places have been used to securely hand off information for a very long time.
These are called “dead drop,” locations. People dealing with sensitive information, from spies to journalists, have made use of these to hand off everything from microfilm to leaked financial documents. The investigative journalist borrows from a variety of fields — from espionage to police work — to build their stories and communicate with sources.
In a time when legacy media has increasingly come under fire from within journalism itself — modern problems of source security without a newsroom, require modern solutions.
The Freedom of the Press Foundation came up with one such solution — SecureDrop.
Today’s reporters need source security and information sharing just like Woodward and Bernstein’s flowerpot signal from Deep Throat during the Watergate investigation. Daniel Ellsberg’s clandestine handoffs of the Pentagon Papers, and their current equivalents, are even more crucial in a time when a free press itself is under fire — and more lifelong journalists, like Dan Rather and Jim Acosta, are leaving legacies to go independent.
Created by Aaron Swartz and maintained by the Freedom of the Press Foundation, SecureDrop is a tremendous tool for the investigative reporter’s arsenal — no newsroom required.
Breadcrumbs to the Witch House
The hard truth about modern communication is that almost every conventional method leaves traces. Emails can be subpoenaed, phone records can be obtained, and messaging apps can be compromised. Even encrypted messaging services like Signal require a source to trust that a journalist will protect their phone number and identity. Each point of contact between journalist and source creates metadata – digital breadcrumbs that can reveal a relationship even when the content remains hidden.
SecureDrop eliminates these vulnerabilities by creating a completely anonymous submission system. Think of it as a digital version of that hollow tree in the park, but with military-grade encryption and security measures. Sources access it through the Tor network, which masks their real location and identity. They're given a randomly generated codename that only they know, allowing for secure two-way communication without ever revealing their identity or leaving traceable metadata.
The system is designed with the worst-case scenario in mind. Even if a journalist's computer is compromised, the source's identity remains protected. If authorities demand access to the system, there are no logs to hand over. If someone manages to intercept the communication, strong encryption ensures they can't read it. The system is air-gapped – physically isolated from other networks – making remote attacks virtually impossible.
This level of security matters because sources take enormous risks when they share sensitive information. From whistleblowers exposing corporate fraud to insiders revealing government misconduct, these individuals often face severe consequences if discovered. Traditional methods like encrypted email or secure messaging apps can protect the content of communications, but they still create digital records of the relationship – records that can be discovered through surveillance, legal demands, or device seizure.
SecureDrop's approach to security isn't just about technology – it's about changing how sensitive communications happen. By eliminating direct contact and traceable metadata, it provides something crucial: plausible deniability. A source can share information without leaving evidence that they ever did so, protecting them from both technical surveillance and legal hazards.
Layering Onions
Another alternative is to use ready-made software, such as OnionShare.
OnionShare is an anonymous file-sharing application, and another that utilizes the Tor network. It works by generating a sharable link accessed through the Tor Browser.
Clicking the link leads to an anonymous website that prompts the user to download or send files, and can act as a private chat room hosted on your local computer. It can be used as-needed, or by enabling a mode to receive files and configuring the app to launch on startup, it can turn a laptop into an anonymous dead-drop-box that can receive a number of messages and files — limited only by your storage space.
Apple (for out of the box security and ease of configuration) and Linux distros (for advanced users) offer the most security for those that need it. Windows builds aren’t recommended, because they’re the easiest to exploit, and Microsoft has its own problematic data-collection policies.
Whether built in the newsroom or in an independent reporter’s home workstation — extra security measures for tips and sensitive documents help keep the reporter and the source as safe as possible.