Tor guide for journalists: protecting sources and communicating securely

Since Edward Snowden's 2013 revelations, secure communication between journalists and sources has moved from an optional skill to a professional obligation. In a context where states, corporations, and digital platforms can intercept all communications by default, investigative journalists must master a specific toolkit to protect their sources and conduct their investigations. Tor and its ecosystem have become the cornerstone of this. This page compiles the essential resources, tools, and best practices for journalists who want to work with maximum security.

⚫ This page is the showcase. The rest is elsewhere. Tor access →

Why Tor has become essential for journalism

Source protection is a fundamental principle of press freedom and freedom of expression in democratic societies. But this legal principle needs technical infrastructure to actually exist. With the normalization of electronic communications surveillance, only technical rigor can today guarantee that a source will not be identified through metadata analysis.

Journalists who work on sensitive topics — political corruption, financial fraud, human rights violations, corporate misconduct — face adversaries with considerable resources. Intelligence services, corporate security teams, and economic intelligence firms can all attempt to identify a source by analyzing their communications. Ordinary email, SMS, and regular phone calls all reveal metadata to carriers: who communicates with whom, when, from where. These metadata are often more revealing than the content itself.

The Tor network allows communication without exposing these metadata. Combined with the right tools (SecureDrop for receiving documents, Tails as a working environment, Signal for short exchanges, OnionShare for files), it allows a whistleblower to transmit documents to a newsroom without their Internet service provider, employer, government, or even the newsroom itself being able to identify them through connection metadata. This combination of tools is what made possible the Snowden revelations, the Panama Papers, the Paradise Papers, the Vatican Leaks, and many other major investigations of the last decade.

SecureDrop: the reference tool for whistleblowers

SecureDrop has become the de facto standard for anonymous communication between sources and newsrooms. The project, initially designed by Aaron Swartz and Kevin Poulsen in 2013 under the name DeadDrop, was taken over by the Freedom of the Press Foundation after Aaron Swartz's death. More than eighty major international newsrooms now deploy it, including Le Monde, Mediapart, The New York Times, The Washington Post, The Guardian, ProPublica, The Intercept, CBC, Bloomberg, Reuters, Forbes.

How SecureDrop works technically

SecureDrop's architecture is designed to offer the best possible guarantees at every step. On the newsroom side, two isolated machines are installed: a server that receives submissions via a dedicated .onion address, and a journalistic workstation — the "Secure Viewing Station" — that never connects to the Internet and on which journalists view documents via an intermediate USB stick. This air-gap architecture ensures that a potentially weaponized document cannot contaminate the newsroom's systems.

On the source side, the experience is designed to be simple and anonymous. The source downloads Tor Browser (ideally from a public computer such as a library) and accesses the target newsroom's .onion address. They can upload files and leave a message, and will receive a unique passphrase that lets them return to check for any replies. No email, no phone number, no account. Anonymity is preserved by design.

English-language SecureDrop instances

The New York Times has had a SecureDrop instance since 2017. The Guardian has been receiving documents on its instance since 2014. ProPublica since 2016. The Washington Post, The Intercept, Bloomberg, Forbes, and Reuters all maintain active instances. Newsrooms that do not yet have SecureDrop can deploy it with technical assistance from the Freedom of the Press Foundation. The cost is modest (approximately $5,000 in hardware for a complete two-machine installation, plus a system administrator's time). The return on investment is considerable in terms of source trust.

The journalist's complete toolkit

Beyond SecureDrop, several complementary tools form the technical ecosystem for sensitive journalism.

Tor Browser. The official browser for accessing the Tor network. Five-minute installation from torproject.org. Allows you to consult sources, research information, or read the press without leaving a trace. For journalistic use, an indispensable complement to the rest of the toolkit. Our dark web access guide details the installation.

Tails OS. Amnesic operating system on a USB stick. Routes all traffic via Tor and leaves no trace on the computer used. Recommended by Edward Snowden, used by most investigative journalists on the most sensitive files. Allows you to work from any computer without compromising it. Our complete Tails guide explains installation and use.

OnionShare. Allows you to share a file via a temporarily generated .onion address from your computer. No cloud, no intermediary: the recipient downloads directly from your machine. Ideal for receiving or sending documents to an identified source, without going through Gmail or Dropbox. Developed by Micah Lee, security engineer at The Intercept.

Signal. The reference encrypted messaging application, usable via Tor Browser for its web version or via Orbot on mobile. Requires a phone number (ideally a dedicated prepaid SIM for sensitive contacts). End-to-end encryption by default. Complementary to SecureDrop for short exchanges with an already-identified source.

ProtonMail on .onion. End-to-end encrypted email, accessible via .onion since 2017. Useful for creating a dedicated address for an investigation project or for communicating with a source who refuses SecureDrop. Swiss jurisdiction with legal privacy protection. See our Email and messaging category.

KeePassXC. Open-source password manager, locally encrypted AES-256 database. For managing the dozens of accounts in a complex investigation without reusing passwords.

Metadata Cleaner. EXIF metadata cleaner for photos and documents. A photo taken with a smartphone contains by default the device model, the precise date, and often the GPS location. Cleaning these metadata before sharing is a critical step when transmitting documents that could identify their author.

OTR and PGP. Encryption for instant messaging (OTR via Pidgin) and email (PGP via GnuPG or Thunderbird). An indispensable complement to cryptographically verify the identity of your correspondents over time.

Practical workflow for a sensitive investigation

Theory is worthless without application. Here is a typical workflow for a journalistic investigation requiring high operational security.

Phase 1 — Preparation. Before even beginning the investigation, create a dedicated environment: a Tails USB stick, a laptop to be used solely for this project if possible, a prepaid phone with a SIM card purchased with cash if the threat warrants it. Create a dedicated email address (ProtonMail, Mail2Tor) and a PGP key for this specific investigation. These elements must be compartmentalized, never mixed with your civil identity.

Phase 2 — First contact with the source. If the source contacts you via SecureDrop, use that channel for all initial communications. If the contact is direct, offer to switch to SecureDrop going forward. Never ask for information that could identify the source beyond what is strictly necessary for document verification. Never cross-reference with LinkedIn, Google, or personal social networks.

Phase 3 — Receiving and verifying documents. On a dedicated workstation (ideally Tails), open the transmitted documents. For suspicious files, use a virtual machine. Systematically clean metadata before any reuse. Verify authenticity by cross-referencing with other sources, never by directly confronting the suspected source.

Phase 4 — Editorial work. Write from your usual environment, with precautions appropriate to the sensitivity. Source files remain on the dedicated workstation. Internal exchanges with the editorial team should use Signal or Keybase for sensitive elements. Avoid plain-text emails, even internal ones, with real source names.

Phase 5 — Publication and follow-up. At the time of publication, the source's identity must be durably protected, including against subsequent legal demands. Legal source protection principles prevail in judicial proceedings in democratic countries, but technical guarantees must support this legal protection. Archive documents securely (VeraCrypt container, dedicated offline hard drive) and never on commercial cloud services.

Opsec mistakes to avoid

Documented deanonymizations almost never result from flaws in Tor itself, but from recurring human errors. Here are the most common ones.

Mixing identities. Signing into your personal Gmail account during a Tor session, or browsing your Twitter feed from the same machine as SecureDrop. These actions immediately associate a civil identity with the secure environment. Use strictly compartmentalized machines, accounts, and networks.

Ignoring metadata. Publishing a photo of a document without cleaning EXIF metadata is a fatal opsec error: the iPhone model, the date, and GPS location can reveal the source through a few cross-references. Always use a metadata cleaner before publication.

Communicating from the office. Corporate networks are extensively monitored. Accessing SecureDrop from a work computer, even in private browsing mode, leaves traces in network logs. Use Tails on a domestic or neutral public connection.

Underestimating stylometry. Your writing style is a biometric identifier. A source publishing under a pseudonym can be identified if their style matches their public professional communications. Sensitive newsrooms sometimes re-read texts to smooth out distinctive writing tics.

Neglecting the physical context. Street cameras, named transit cards, building badge timestamps: the physical world leaves as many traces as the digital world. For physical meetings with a source, apply the same rules as for digital communication: compartmentalization, avoidance of recognizable habits, precautions regarding transportation.

Major newsrooms that use Tor

More and more major newsrooms have integrated Tor into their editorial infrastructure. This mass adoption is itself a signal: what was ten years ago a practice of activists has become a professional standard.

In the United States. The New York Times maintains its .onion version and SecureDrop instance since 2017. ProPublica was the first major media outlet to open a .onion in 2016. The Washington Post, The Intercept, Bloomberg, Forbes, The Wall Street Journal (via SecureDrop), Reuters, and many others use Tor daily. CBS, NBC, and ABC have secure channels for their investigative teams.

In the United Kingdom. The Guardian has used SecureDrop since 2014, the BBC has maintained a .onion version of its news since 2019. The Times and the Daily Telegraph also have dedicated channels.

Internationally. Deutsche Welle, Radio Free Europe, Al Jazeera, CBC (Canada), The Globe and Mail, ABC (Australia), and many other newsrooms maintain .onion addresses. The movement is progressively spreading to all democracies where press freedom is taken seriously.

For the complete list of media accessible via Tor, see our Media & Press category, which lists a dozen verified official instances.

Landmark cases that used Tor

Several of the greatest journalistic investigations of the last decade relied on Tor and its ecosystem to protect their sources.

The Snowden revelations (2013). Edward Snowden contacted Laura Poitras and Glenn Greenwald via encrypted channels relying on Tor and PGP. The use of Tails OS during the preparatory phase of the leaks was publicly documented. Without these tools, the revelations would probably have been impossible or compromised.

The Panama Papers (2016). The largest journalistic leak in history, with 11.5 million documents from the law firm Mossack Fonseca. The International Consortium of Investigative Journalists (ICIJ) used a set of tools including SecureDrop, Tails, and dedicated infrastructure to coordinate hundreds of journalists in more than 80 countries without compromising the anonymous source "John Doe".

The Paradise Papers (2017) and Pandora Papers (2021). Following the Panama Papers model, these international investigations relied on the same secure infrastructure, with increased coordination and reinforced compartmentalization quality.

The Vatican Leaks. Several waves of leaks concerning Vatican finances (Vatileaks 1 and 2) passed through secure channels to Italian journalists Gianluigi Nuzzi and Emiliano Fittipaldi, then internationally.

"Football Leaks" (2016). An investigation by European Investigative Collaborations that revealed the aggressive tax optimization practices of European football clubs and players. The Portuguese whistleblower Rui Pinto used anonymization tools for years before his identification.

Training and resources for journalists

Acquiring these skills requires proper training. Several organizations offer courses specifically designed for journalists.

Freedom of the Press Foundation. The organization that maintains SecureDrop offers free training for newsrooms. Very comprehensive online resources, including technical guides, case studies, and recommendations by threat level. Main site: freedom.press.

Electronic Frontier Foundation (EFF). The "Surveillance Self-Defense" guide (ssd.eff.org) is the reference for digital self-defense for journalists. Translated into several languages, including French. Recommendations adapted by profile (journalist, activist, human rights defender).

Reporters Without Borders (RSF). RSF regularly publishes guides, advice, and in-person training for journalists working on sensitive topics, particularly foreign correspondents in restrictive countries.

Committee to Protect Journalists (CPJ). An American NGO that publishes a reference digital security guide, regularly updated. Recommendations adapted by threat type.

Tactical Tech Collective. A Berlin-based organization that has trained journalists and activists in digital security for twenty years. Their "Holistic Security Manual" integrates psychological, physical, and digital aspects.

As a complement, our dark web glossary precisely defines the technical terms encountered in these training programs. Our blog covers specific tools (Tails OS, VPN + Tor, etc.). Our unusual FAQ answers frequent questions about Tor beyond the strictly journalistic context.

Contribute to this page

This page is a living document. If you are a journalist or a digital security trainer and you would like to contribute to this resource — share a use case, flag a missing tool, correct an error — contact us. OnionDir is an independent project and this journalists section aims to become the English reference for the profession.