Whistleblower Guide: How Privacy Tools Can Protect You From Retaliation

Picture this: You’re in a position where you want to expose wrongdoing but you’re afraid of retaliation. Whether it’s a company or a government, someone is putting lives, the environment, or society at risk with their actions. The people in charge benefit from the status quo and want to prevent exposure of their corruption. As an employee, you want to do the right thing but are afraid of the consequences.

Real Examples

Unfortunately, things like this do happen. People, governments, and other entities do bad things. Here are a few examples in which whistleblowers have helped society.

Theranos. Let's say that you've worked for the corporation Theranos and the CEO Elizabeth Holmes, believing to work on a breakthrough in the health sector by developing a rapid blood test. Theranos raised more than US$700 million from venture capitalists and private investors, resulting in a $10 billion valuation at its peak in 2013 and 2014. As it turned out the whole thing was a scam and posed an immediate risk to patient health and safety.

As an employee, you may have thought that there was something shady going on. You’re worried about patient health and safety and you want to inform the press or authorities. But you’re afraid to get sued which would put your life in danger and affect your career, such as the suicide of Ian Gibbons, a biochemist at Theranos.

More about Theranos:

• ColdFusion produced a great short documentary about Theranos on YouTube.
• There is also a new TV series on Hulu about it called The Dropout.

National Security Agency. Maybe you’re in a position like Edward Snowden. As a former employee and subcontractor for the NSA, he leaked information about NSA surveillance programs run by the United States and other countries. The programs spied on citizens and collected their data. You could be in a similar situation, working for a government or government agency and you’re worried about these secret programs.

You might make some enemies along the way but you also have plenty of friends. Here’s where our Whistleblower Guide can help. To help you on your path to exposing corruption, we have some tools and resources to get started.

You might make some enemies along the way, but you have plenty of friends from start

Who are your new friends?

1. PrivacyTools.io. PrivacyTools gives you the best open source services, programs, and knowledge to protect your privacy against global mass surveillance.
2. The Tor Project. With its foundings at the U.S. Naval Research Lab, The Tor Project helps people connect to the internet in a private, secure manner. The goal of Tor, or The Onion Router, is to create internet connections that don’t reveal its users or the websites they visit, encrypting connections every step of the way.
3. EFF Surveillance Self-Defense Guides. The Electronic Frontier Foundation is an independent non-profit organization dedicated to protecting online privacy for almost thirty years. Their guides cover self-defense, secure applications, and information on security and privacy topics.
4. The Crypto Paper. Written by @CryptoSeb, the Crypto Paper teaches you about threat models and how they can be different based on your job.
5. Freedom of the Press Foundation. FPF protects, defends, and empowers public-interest journalism. They work to help journalists cover, protect, and publish whistleblowers and their content.

The first big decision to make: Your internet connection

The first step to consider is making sure your internet connection is secured. Take your time making this decision and plan accordingly. There are many things to consider and it's best you get familiar with all risks involved yourself instead of blindly trusting this or any other guide. Don't worry or give up though, there are plenty of resources available and people have discussed and figured out most problems related to it.

Here are a few questions to think about: Will you use your internet connection at home, or a public Wi-Fi network? Are you only using Tor or considering using VPN and Tor?

Should you use Tor and a VPN at the same time? To start, whistleblowers should exclusively use the Tor Browser Bundle. It depends on your informed decision if you want to use Tor and a VPN at the same time. Here is one comment from Bruce Schneier, renowned cryptographer and computer security professional:

"We don’t talk about it a lot, but VPNs are entirely based on trust. As a consumer, you have no idea which company will best protect your privacy. You don’t know the data protection laws of the Seychelles or Panama. You don’t know which countries can put extra-legal pressure on companies operating within their jurisdiction. You don’t know who actually owns and runs the VPNs. You don’t even know which foreign companies the NSA has targeted for mass surveillance. All you can do is make your best guess, and hope you guessed well." Bruce Schneier, renowned cryptographer and computer security professional.

PrivacyTools.io is recommending only a very few out of several hundred VPN providers, but in the end you still have to trust them with your privacy. It's a good idea to pay in Cash or Monero.

Your Resources

• Why use Tor with a VPN service?
• https://www.privacytools.io/#vpn
• https://www.whonix.org/wiki/Tunnels/Introduction
• https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
• https://www.reddit.com/r/TOR/search?q=vpn&restrict_sr=on&sort=relevance&t=all

Once you have collected the data you want to leak, where and how do you share it?

SecureDrop: SecureDrop is an open source whistleblower submission system that media organizations can install to accept documents from anonymous sources. It was originally developed by the late Aaron Swartz, with assistance from Wired editor Kevin Poulsen and James Dolan. The project was previously called DeadDrop. Freedom of the Press Foundation took over management of the project in October 2013.

Globaleaks. This organization aims to increase the involvement of citizens in managing matters of public interest and to boost active participation of employees in correcting the management of the corporations and companies that they work for. GlobaLeaks forms a global community of human rights defenders based on the principles of international solidarity, the universality and indivisibility of human rights, impartiality, independence and diversity.

Haven. At the beginning, we mentioned that sometimes (or usually) whistleblowing can put your life in danger. Haven can help with physical security. It’s an Android app that uses on-device sensors to monitor and protect your physical areas. Haven turns any Android phone into a detection system for motion, sound, vibration, and light. 

Briar. This peer-to-peer messaging app stores your messages on your device instead of a cloud. Texts are synced between devices via Bluetooth or Wi-Fi, and online sync through Tor is also supported. 

Onionshare. As a whistleblower you’ll most likely be messaging journalists and sharing files with them. If you want to run your own platform, Onionshare’s open source tool helps you share files, host websites, and chat with other people using the Tor network. This helps you stay anonymous.

So what’s next? We hope these tools and resources give you a good start on your journey to fight corruption. Of course, as a whistleblower you’ll likely need legal advice at some point; for that, The Electronic Frontier Foundation may be able to help.

Related Articles

• Gaining Anonymity: The Tor Network & Tor Browser Bundle
• Finding safe places with decent public Wi-Fi for better privacy
• Using long-range Antenna to connect to Public Wi-Fis from a safe distance
• Using Tor bridges in hostile environments
• Man-in-the-middle attacks with malicious & rogue Wi-Fi access points

About the Author

Andrew Orr has been a supporter of privacy and security since 2015, writing about VPNs, password managers, DNS, and encryption. You can find him on Twitter under @andrewornot.