This encrypted submission system set up by The Times uses the Tor anonymity software to protect your identity, location and the information you send us. We do not ask for or require any identifiable information, nor do we track or log information surrounding our communication.
We strongly recommend that tips be sent using a public Wi-Fi network, and that the computer you use is free of malware. If the computer is compromised, communications using SecureDrop may be compromised as well. The steps below outline best practices for use of SecureDrop, as well as the steps that we take to protect your privacy.
- Download and install the Tor browser from https://www.torproject.org. The Tor browser allows access to our SecureDrop page, which operates as a Tor hidden service.
- Open the Tor browser and wait for the page that says a connection has been established, then copy and paste the following into the address bar: https://ej3kv4ebuugcmuwxctx5ic7zxh73rnxt42soi3tdneu2c2em55thufqd.onion
- Follow the instructions to send us information. Users will be given a codename that can be used to log back in and check for responses from Times reporters.
- For added security, consider using the Tails operating system instead of the Tor Browser.
- Please note that we are migrating to v3 onion services on SecureDrop which provide greater privacy and anonymity. Our v2 address at https://nyttips4bmquxfzw.onion will continue to function until February 2021, at which time SecureDrop will no longer support the shorter v2 address.
Privacy Information
The SecureDrop servers are under the physical control of The New York Times.
The information you send us is stored on our SecureDrop servers in an encrypted format. Before distributing your submission to reporters, we will decrypt your submission on a computer that has never been connected to the internet and remove any metadata associated with it. After it has been stripped of metadata, and, if possible, known source information, tips and submitted documents will be accessible to our editors and reporters. We will not know the source of tips submitted through SecureDrop: If your name or other identifiers are included in the tip itself, it may not be redacted from the information we share with the reporters. If this is a serious concern, we encourage you not to include identifying information within your submission.
If you wish to log back in to check for responses from The Times, we recommend that you delete each message as soon as you have read it. The message will then also be securely deleted from our servers.
SecureDrop is regularly audited by independent security experts. Like all software, it could have security bugs that are exploitable. Ultimately, you use the service at your own risk.read more
