Rationale

Every online interaction creates data points about your identity, relationships, and behavior patterns. Adversaries can aggregate these seemingly harmless details to build comprehensive profiles for identification or targeting purposes.

Key Actions For You

Audit Your Online Presence

• Review all social media accounts and shut down every account you don’t absolutely need.

• Delete old accounts and unused applications. These can become security liabilities containing your personal data and are frequently targeted in breach attempts that enable impersonation and social engineering attacks

• Configure privacy settings across all online platforms to restrict data sharing to the minimum required for functionality

Secure Your Location Data

• Disable location sharing features on social media platforms and mobile applications

• Review photo metadata settings to prevent automatic location tagging

Control Public Information Sharing

• Be mindful of sharing personal information on public forums or social media platforms, avoiding disclosure of sensitive details, routine patterns, or specific location data
• Remember: Digital content may persist indefinitely, regardless of deletion attempts
• Understand the limitations of data deletion rights – legal precedents have required technology providers to maintain data logs, and many organizations lack comprehensive deletion protocols

Implement Identity Separation

• Utilize pseudonyms or anonymous accounts for sensitive online activities to create separation from your real identity

• Pursue opt-out procedures with data brokers and public record services to reduce the availability of personal information in searchable databases

Recommended tools

Anonymous E-mail

Anonymous email accounts serve as your first line of defense against identity tracking. They enable creation of untraceable social media and user accounts while maintaining operational security.

1. Mailbox: well known E-Mail Provider from Germany with good PGP support.
2. ProtonMail – well known E-Mail Provider from Switzerland with good PGP support & cash payment (https://proton.me/support/payment-options#cash) -> anonymous email account creation possible by signing-up using a free account and using a temp mail (tested with Guerrilla Mail) for verification
3. Tuta – well known E-Mail Provider from Germany with E2E encryption and zero-knowledge-calendar

Data Removal Resources

Data brokers collect and sell personal information. Regular removal requests reduce your digital footprint and limit unauthorized access to your data.

1. Start Here:
   A great place to begin is the GitHub Data Broker Opt-Out List, which provides detailed instructions for opting out of various data broker sites.

2. Opt-Out Tools & Services:
   For general-purpose opt-out tools and service providers (including both free and paid options), refer to the Privacy Guides’ section on data broker removals.

3. More Reading:
   To better understand how to protect your privacy online, we recommend exploring these additional resources from Privacy Guides:

   • • Email privacy and aliasing services

     • Comprehensive guide to data broker removals

Temporary E-mail

Temp Mail

Guerilla Mail

Usage Guidelines:

• Use for online signups and one-time account verifications
• Never use for important accounts requiring password recovery
• Check messages promptly as they expire automatically

Impact

Reducing your digital footprint shrinks the attack surface for adversaries using open-source intelligence (OSINT) or exploiting data breaches. This defensive measure makes it significantly harder to link your online personas or track your activities across platforms.

The data points you share across platforms create a comprehensive vulnerability profile. Location metadata from photos, social media check-ins, and background app tracking build detailed maps of your movements and habits. When adversaries attempt to identify you, this aggregated information provides crucial leads and corroborating evidence. Consciously limiting what you share and removing old data reduces the raw material available for such analysis. This approach denies threat actors the comprehensive dataset they need to build accurate profiles or establish reliable connections between your activities.

Rationale

Account compromise typically begins with weak or reused passwords. Adding two-factor authentication (2FA) creates a second barrier that stops unauthorized access even when passwords are stolen.

Key Actions For You

• Create unique passphrases for every account. Password managers generate and store complex credentials automatically. Strong passphrases combine random words rather than predictable patterns.

• Enable 2FA on critical accounts first. Protect email, financial services, social media accounts, and other services you may use for whistleblowing activities. Use authenticator apps (TOTP) or hardware security keys over SMS-based 2FA where possible.

• Secure your 2FA backup codes offline. Store 2FA recovery codes in a safe location separate from your devices. These codes restore access if your primary authentication method fails.

• Choose a reputable password manager. This tool manages password complexity without requiring you to memorize dozens of unique credentials.

Recommended tools

• Bitwarden

• Vaultwarden

• Keepass

• Proton Pass

• Ente Auth

• YubiKey

Impact

Using a password manager significantly reduces your risk of account takeover from threats like credential stuffing, password guessing, and phishing attacks. It protects the sensitive information stored in your online accounts.

A major vulnerability for many users is relying on a single, often weak, password across multiple services. If that password is exposed in a data breach, every account using it is at risk. A password manager solves this by automatically generating and storing strong, unique passwords for each service by eliminating the need for you to remember them all.

However, this convenience comes with a trade-off: the password manager itself becomes a high-value target. That’s why it’s crucial to secure it properly. Your master passphrase must be both extremely strong and memorable. In addition, the password manager account should be protected with the most secure form of two-factor authentication (2FA) available.

Hardware security keys offer the highest level of 2FA protection. Unlike SMS codes or authenticator apps, hardware keys are resistant to phishing and malware, making them the most robust defence against unauthorized access.

Rationale

Encryption renders your data unreadable without the correct key (your password or passphrase). If your device is lost, stolen, or seized, full-disk encryption (FDE) protects the data stored on it. Encrypting your specific files or communications adds another layer of protection.

Key Actions For You

• Enable disk encryption on all devices:
  Turn on full disk encryption (FDE) for your laptops (e.g., BitLocker for Windows with LVM, FileVault for macOS), smartphones (enabled by default on modern iOS and configurable on Android), and any external drives used for sensitive data or backups.
• Use strong passphrases for encryption:
  The effectiveness of full disk encryption relies heavily on the strength of the passphrase you use to unlock the device. Choose a long, complex passphrase that’s hard to guess.
• Encrypt sensitive files and backups individually:
  For added protection (especially when storing data in the cloud or on portable media), use file-level encryption tools like VeraCrypt or 7-Zip to secure specific files or backup archives.

Recommended tools

• Linux: Use LUKS on LVM – The Arch Wiki provides an excellent guide.

• Windows: Enable BitLocker – See Microsoft’s official article here.

• macOS: Use FileVault – Apple’s documentation is available here.

• Android/iOS: Rely on the built-in encryption features provided by the operating system.

Impact

Full-disk encryption (FDE) protects your data at rest (when your device is powered off) against unauthorized physical access. If your device is lost or stolen, encryption keeps your data confidential.

FDE should be considered a non-negotiable baseline for security. Fortunately, most modern operating systems make it straightforward to enable.

However, it’s important to recognize the limits of FDE:

• It does not protect data on a device that is already powered on and unlocked.

• Therefore, using a strong password or PIN and enabling auto-lock features is equally critical.

Finally, don’t forget your backups, especially those stored off-site or in the cloud. Backups must be encrypted as well. An unencrypted backup can be just as dangerous as an unsecured device, particularly if it contains sensitive communications or evidence.

Rationale

Every file you create (photos, documents, PDFs, videos) contains metadata: embedded information such as your name, device type, location, and timestamps. This data isn’t visible in the file itself but can be easily extracted. If left intact, it can expose your identity, location, or habits without your knowledge.

Key Actions For You

• Assume metadata is present. Nearly all digital files include it.

• Remove metadata from all shared files before sharing them, especially evident: Use metadata removal tools or built-in OS features.

• Disable location tagging on your smartphone camera.

• Be mindful when photographing documents. Avoid including reflections, identifying items, or background details that could reveal your identity.

Recommended tools

• Basic Removal: Use built-in tools like Windows File Explorer or macOS Preview.
• Advanced Removal: Tools like ExifTool or MAT2 (note: these may require more technical skill).
• PDF-Specific Tools: Online options like PDF24 Tools or Smallpdf.

Impact

Metadata clean up and sanitization prevent accidental exposure of identifying information embedded within your files. This practice protects your anonymity and maintains the confidentiality of your activities.

Digital files carry two types of signatures that can identify you. The content itself, the “facts are their signature,” can point to you through context and details. Metadata adds a technical signature, revealing the “who, when, where, and how” of file creation.

Specific examples include:

• EXIF data in photos containing GPS coordinates of capture location

• Camera model and serial number identification

• Document properties listing author names and creation software

• Timestamps establishing patterns of your digital activity

When you submit a document with your name in the author field, or share a photo with GPS data pointing to your location, your anonymity is immediately compromised. Removing this metadata creates an essential security barrier before sharing any evidence or sensitive files.

Rationale

Your browsing activity creates a digital fingerprint. Standard web browsers and search engines continuously track your online behavior, building detailed profiles that include your interests, research patterns, and digital habits. This tracking data can identify you and compromise your protection as a whistleblower.

Why This Matters

Websites and advertisers deploy multiple tracking techniques across the internet. These include cookies, browser fingerprinting, and embedded tracking scripts that monitor your every move. Browser fingerprinting presents a particular threat because it collects specific details about your browser configuration—fonts, plugins, user agent strings—to create a unique digital signature. This identifier persists even when you disable cookies.

The risk: Adversaries can use this tracking data to build comprehensive profiles of your activities and potentially link them to your disclosure activities.

Key Actions For You

Choose a Privacy-Respecting Browser

Primary recommendation: Firefox with enhanced privacy configuration provides strong foundational protection. Configure it following established privacy guidelines to maximize security.

Alternative options:

• • LibreWolf: A Firefox fork with built-in privacy features that eliminate manual configuration requirements
  • Mullvad Browser: Designed to make all users appear identical, providing protective anonymity through crowd blending
  • Brave: Offers built-in tracker blocking, though it operates on Chromium and connects to cryptocurrency systems—disable advertisement features immediately

Avoid: Chrome and Edge maintain extensive tracking mechanisms that compromise your privacy.

Configure Critical Browser Settings

Your browser requires specific security configurations to protect your activity:

• Enable strict tracking protection: Set Firefox’s Enhanced Tracking Protection to “Strict” mode
• Block third-party cookies: Prevents cross-site tracking mechanisms
• Activate HTTPS-Only mode: Ensures encrypted connections to all websites
• Disable telemetry: Stops data collection by browser developers
• Clear browsing data regularly: Remove history, cookies, and cache if not using private browsing exclusively

Search Engine Security

Recommended privacy-respecting alternatives:

• • Oaisis Search : Specialized privacy-focused search engine
  • DuckDuckGo: Established no-tracking search provider
  • Startpage: Provides Google results without tracking
  • Brave Search: Independent search index with privacy protections

Security principle: These alternatives claim not to track your searches, preventing the creation of search-based behavioral profiles.

Essential Privacy Extensions

Install these critical security tools:

• • uBlock Origin: Comprehensive ad and tracker blocking system
  • Privacy Badger: Blocks non-consensual tracking mechanisms automatically

Note: LibreWolf includes these protections by default. Mullvad Browser incorporates similar protections in its base configuration.

Advanced Protection Measures

For high-sensitivity critical research activities, consider Tor Browser. This provides additional anonymity layers through encrypted routing networks.

Ephemeral environments offer maximum protection for sensitive work and Mission-Critical Operations:

• • Whonix: Isolated virtual machine environment
  • Tails: Amnesic operating system that leaves no traces
  • Qubes: Compartmentalized security architecture

Hardware support: Contact us for assistance with secure hardware provisioning if needed.

Recommended tools

• Firefox, Mullvad Browser, Brave

• DuckDuckGo, Startpage, Brave Search

• uBlock Origin, Privacy Badger, Whonix, Tails 

Impact

Implementing these practices delivers multiple security benefits:

• Reduces tracking exposure: Minimizes data collection about your browsing patterns

• Prevents profile building: Makes it significantly harder for adversaries to construct behavioral profiles

• Breaks activity correlation: Disrupts attempts to link your research to whistleblowing activities

Websites and advertisers use a variety of methods to track you online, including cookies, browser fingerprinting, and tracking scripts embedded in web pages. Browser fingerprinting, for example, gathers detailed information about your browser (such as installed fonts, plugins, and user agent) to create a unique identifier, even if cookies are disabled.

Privacy-focused browsers and extensions are designed to block these tracking methods and reduce how unique your browser appears. One example is Mullvad Browser, which aims to make all users look the same, creating a uniform digital identity that helps you blend in. This kind of anonymity is especially valuable if you’re researching sensitive topics related to your disclosure.

Rationale

Your whistleblowing communications with journalists, legal counsel, or oversight bodies are primary surveillance targets. Protecting the information and these channels preserves both your identity and the disclosure’s integrity.

Key Actions For You

Use end-to-end encrypted (E2EE) messaging apps

Signal is a widely recommended option for your E2EE calls and messages

Harden Your Messaging Setup

Follow these steps to use Signal anonymously and securely:

• Buy a burner phone with cash
• Get a prepaid SIM without ID (e.g., Lebara from the Netherlands)
• Install Signal and:
  • Set a Signal PIN
  • Use disappearing messages (set a default timer)
  • Use the Molly client for encrypting Signal’s local database
  • Read the full hardening guide: PrivacyGuides Signal Setup

Verify Safety Numbers with Your Contacts

After connecting on Signal, tap on your contact’s name and select “Verify Safety Number”. This ensures you’re talking to the right person — not an imposter or a man-in-the-middle intercepting your messages.

Use Secure Email Services

• Choose services with built-in E2EE, like Proton Mail or Tuta
• Sign up anonymously (ideally via Tor Browser)
• For external recipients, use password-protected E2EE options

Understand Metadata Risks

Even with E2EE, some information (like who you contacted, how often, and when) can still be visible via:

• Service provider logs
• Network traffic analysis

Always assume metadata is not private.

Treat accounts as disposable

Treat all accounts as if they are ephemeral and ready to be burned at any time. Whether due to a compromise or because a provider may comply with a cease and desist order.

Always operate under a zero trust policy.

Never use your work-related email or devices for any whistleblowing-related communication.

This includes:

• Personal devices that have been used in a work context, and
• BYOD (Bring Your Own Device) hardware that you carry into your employer’s environment.

Use Anonymous Communication Channels

For high anonymity:

• Use Tor Browser to access SecureDrop or anonymous email services.

For maximum anonymity:

• Use Tails or Whonix on a dedicated device used only for whistleblowing activity.

Need help? We provide preconfigured devices for individuals in need.

Additionally: Exchange a PGP key with your partner, encrypt your messages, and share only the encrypted content as a payload across all communication channels.

Recommended tools

• Signal or Molly (to access the Signal Network),
• Proton Mail,
• Tuta,
• GPG/PGP,
• Tor Browser,
• Tails/Whonix/QubesOS for isolation and ephemeral environments to operate under

Impact

Secure your conversations from interception. When paired with anonymous setup, this also helps safeguard your identity. Choosing the right communication tool depends on two things:
The sensitivity of your information
Your personal threat model

What to avoid:

SMS and standard email may be convenient, but they’re insecure and easily intercepted.

What to use instead:

Tools with end-to-end encryption (E2EE) ensure that only you and your intended recipient can read the message and no one else.

Important: End-to-end encryption alone isn’t enough.
To stay truly secure, you also need to verify your contact’s identity, especially when initiating communication. For example, apps like Signal allow you to check safety numbers to confirm you’re speaking to the right person, not a man-in-the-middle impersonating them or intercepting your messages.

A Note on Metadata:

Even with E2EE, service providers can still collect metadata, like who you’re talking to and when.

Solution: For stronger privacy, use these tools over Tor to help obscure metadata and prevent network-level tracking.

Rationale

When you are researching sensitive topics related to your disclosure, or when you are submitting information anonymously, it’s crucial for you to hide your IP address and browsing activity from your ISP, employer, and the websites you visit. Tor Browser is designed for this.

Key Actions For You

Choose a Secure Operating Environment:

Use one of the following privacy-focused systems for your research:

• Tails, Whonix, or Qubes OS (most secure)  or 
• Alternatively (less secure), use Tor Browser on your existing device

Download Tor Browser Safely

Get Tor Browser only from the official website on your available device: https://www.torproject.org

Use Tor for All Sensitive Activity

When researching sensitive online research related to your whistleblowing, always use Tor Browser to protect your anonymity.

Stay Anonymous While Using Tor:

• Do not log into personal accounts
• Do not provide identifying information
• Do not install extra browser extensions or plugins, as they can compromise its anonymity features.

Handle Downloads via Tor with Caution

Files downloaded through Tor (especially PDFs or Word docs), might make external network connections. To stay safe:

• Open files on a device that is offline, or
• If using Qubes OS, open them in an offline Qube
• Use a tool like Dangerzone to convert risky files into safe PDFs 

Be Aware of Network Visibility

While Tor hides your IP from websites, your ISP can see you’re using Tor (unless you’re using a Tor bridge). If this is a concern:

• • Move into proximity of a location with a public wi-fi, such as near a café (e.g., Starbucks)

  • Do not enter the location to avoid their CCTV recording your presence, and use the public wi-fi

For High-Risk Situations:

Use a dedicated device running Tails or Whonix, disconnected from your personal identity. (We can provide Qubes OS Devices on request).

Recommended tools

• Tor Browser, (Whonix, Tails, CubesOS)
• Good wi-fi antennas (Alfa provides easy to find long range hardware)

Impact

Makes it significantly harder for your online research or anonymous submissions to be traced back to your real IP address and identity.

Important to Know:

Tor greatly enhances your privacy, but it’s not a magic shield. How you use it matters.

• Don’t log into personal accounts like Gmail while using Tor. Doing so reveals your identity to those services.

• Avoid downloading and opening suspicious files. A malicious file could compromise your device and undo Tor’s protections.

• Use the “Safest” security setting for maximum protection. It disables many web features like JavaScript, which can break some websites but significantly reduces the attack surface for sophisticated exploits.

What It Does:

Tor Browser makes it much harder for your online activity, like research or anonymous submissions to be traced back to your real IP address or identity.

How It Works:

Tor routes your internet traffic through a global network of volunteer-operated relays. At each step, your data is encrypted, so no single relay knows both who you are and what you’re doing. This layered approach makes tracking your activity extremely difficult.

Rationale

The evidence you gather is critical. You must protect it from tampering, unauthorized access, or destruction. Equally important, your process of acquiring and storing evidence must not inadvertently lead back to you.

Key Actions For You

• Secure your evidence before you draw suspicion to your whistleblowing activities, as your access might be cut off or evidence destroyed.

• Store your evidence securely: Use encrypted storage (encrypted USB drives, VeraCrypt containers, or encrypted cloud storage if absolutely necessary and properly configured by you). Keep your physical copies in a secure, private location. Consider using hardware encrypted USB sticks such as the aegis secure key.

• Avoid removing original documents if possible, especially for unclassified materials: Take photos with your personal/non-work phone instead, then strip metadata. For digital files, make copies to a secure, isolated environment you control.

• Strip all metadata from your digital evidence before any potential sharing.

• Use “clean” or burner devices for handling/transmitting your highly sensitive evidence: Avoid using your work devices or personal devices tied to your regular identity for these tasks. (See Rule 2)

• If you are dealing with classified information, it can only be disclosed by you through secure, authorized channels to designated recipients. Mishandling classified information carries severe legal penalties.

Secure Evidence Early

Act before suspicion to your whistleblowing activities arises. Once your intentions are detected, access could be revoked or materials destroyed.

Store Your Evidence Securely

Encrypt everything. Use tools like VeraCrypt, encrypted USB drives, or if absolutely necessary, encrypted cloud storage only if you’ve configured it securely yourself.

Store physical documents in a safe, discreet place.

Consider hardware-encrypted USBs (e.g., Aegis Secure Key) for high security.

Avoid Removing Original Documents (if possible)

Especially unclassified documents.

• Take photos using your personal, non-work phone
• Strip metadata from images and files before storing or sharing
• For digital files, copy them to a secure, isolated device that only you control

Always Sanitize Metadata

Before sharing any digital file, remove identifying metadata (timestamps, author info, location data, etc.).

Use Burner or “Clean” Devices

Use burner phones, clean laptops, or similar tools exclusively for handling and transmitting highly sensitive evidence.

Never use work-issued or personal devices tied to your identity. (Refer back to Rule 2: Use Secure Browsing for Your Anonymous Research and Submissions for more on this.)

Special Note on Classified Information

If your evidence involves classified data, you must only disclose it via authorized, secure channels to designated recipients.

Mishandling classified information could result in severe legal consequences.

Recommended tools

• LUKS (linux),
• VeraCrypt,
• Encrypted USB drives,
• Secure physical storage,
• Metadata removal tools,
• Burner phones/computers (we can provide you with burner phones and computers if you are an individual in need).

Impact

Protects the integrity and confidentiality of your evidence and minimizes the risk of the evidence being traced back to you through careless handling or digital forensics.

The act of you acquiring or copying evidence is often a high-risk phase. Common actions like accessing files on a work network, copying to a USB drive, or printing documents can all leave behind digital logs that your employer might scrutinize during an investigation, such as:

• File access logs

• Printer history

• USB connection records

Using your personal phone to photograph documents might seem safer. It avoids work system logs, but there is a risk you should be aware of. If your phone is later compromised, or if you forget to remove photo metadata, it can still link the evidence back to you.

That’s why planning your method of evidence collection is critical to minimize these traces, considering the surveillance capabilities of the organization. The concept of “plausible deniability” applies. If the evidence you gathered cannot be irrefutably tied to you through digital fingerprints or other means, it provides a crucial layer of protection, even if suspicion falls on you. This ties back to the idea that “facts are their signature”; if your handling of those facts also leaves a traceable signature, your deniability is significantly weakened.