You're a tech novice, leaking to a reporter for the first time. Computers are confusing. Encryption is a very long and very tiring word. The people who know how to do this all talk like holier-than-thou jackasses. (Spoiler: we pretty much are.) Here's a quick, hopefully beginner-friendly guide to safer leaking.
-
Don't use your phone. There are some marginally safe ways to use phones, but you're not going to manage them. Just put it down, and never try to do anything terrible or heroic with a cell phone. The same is true of email.
-
Don't do anything from your work, your house or your regular haunts. There's various ways of tracing things back, and you don't want to have to worry about them.
-
Use someone else's WiFi. A cafe or a library, or better yet, the laundromat or cafe next to the one with the WiFi you're using. This takes a little investigation, but it's not hard. Get a few passwords as a customer and think about where you can sit unobtrusively.
-
Look for someone who knows how to talk to you safely. Look for the right journalist, and if the right journalist doesn't know how to communicate with you safely, find another person who can intercede for you and get that journalist communicating with you in a way that keeps you protected.
-
You're going to have to download some software. I'm sorry, but it's true. Don't use your work computer. If you can avoid it, don't use your home laptop either -- use a spare that you're not using for anything else. The two easiest communications programs in my recent experiences are Cryptocat (https://crypto.cat/) and Ricochet (https://ricochet.im/) -- they both have decent documentation online. Otherwise there's also Jabber (https://www.deepdotweb.com/2015/05/17/tutorial-xmppjabber-otr/), or Jitsi Meet (https://jitsi.org/Projects/JitsiMeet). You can also search on https://duckduckgo.com/ to learn more about them.
-
Before you communicate, think about what the journalist needs to know about you, and the story you have to tell. Don't tell them any details that might help someone narrow you down -- the town you live in, how many kids you have, what university you attended. Color can narrow down your identity in ways neither you nor the journalist may realize.
-
Once you're talking to a journalist, be clear and succinct. You won't make the journalist more interested by being mysterious, and the longer you pussyfoot around the more time you expose yourself to danger. Answer questions, but within the limits of the identity information you've already decided to share. That could range from nothing at all to your full legal identity.
-
Let the journalist do their job. You may wish the journalist would post your info the next day, but a good journalist is going to research the story and seek more sources and more information. That can seem frustrating, but ultimately this makes better and more effective stories -- news cycles instead of flashes in the pan.
-
If the journalist doesn't want to write about it, and often they won't, it may be that you haven't found quite the right person or that your information isn't enough to hold up a good story. Sometimes they can suggest alternative people, and sometimes you'll have to search for that on your own. Sometimes you've been swamped by a larger related story. Don't feel too bad about this, it happens to everyone in media, too.
-
Take care of yourself. This process is stressful, and making sure that you're well-rested, relaxed, thoughtful, and supported by loved ones and friends (even if no one knows what you're doing) can make the difference between making a mistake that exposes you to prosecution or retaliation, and remaining anonymous as long as you'd like.
If you'd like you ask me any questions, feel free to contact me via one of the methods here: https://gist.github.com/quinnnorton/d9285826ee8bc7415205f22fe1e22965