SecureDrop is an anonymity tool designed for secure communication between journalists and whistleblowers. If you have tips or documents for the Global Reporting Centre, SecureDrop can help protect your identity from many of the surveillance hazards that can reveal your identity on other communication channels. Before you attempt to contact us through SecureDrop, please read the following guidelines:

What should I know before submitting material through SecureDrop?

To protect your anonymity when using SecureDrop, it is essential that you do not use a network or device that can easily be traced back to your real identity. Instead, use public wifi networks and devices you control.

Got it. How can I submit files and messages through SecureDrop?

  1. Once you are connected to a public network at a cafe or library, download and install the Tor Browser.
  2. Launch the Tor Browser. Visit our organization’s unique SecureDrop URL (fgsvnnkhpp3b4bpmvmsgldwmnsfcaoqeai7eshknntgutq4prbomygad.onion) and follow the instructions you find on our source page to send us materials and messages.
  3. When you make your first submission, you will receive a unique codename. Memorize it. If you write it down, be sure to destroy the copy as soon as you’ve committed it to memory. Use your codename to sign back in to our source page, check for responses from our journalists, and upload additional materials.

No tool can absolutely guarantee your security or anonymity. The best way to protect your privacy and anonymity as a source is to adhere to best practices.

You can use a separate computer you’ve designated specifically to handle the submission process. Or, you can use an alternate operating system like Tails, which boots from a USB stick and erases your activity at the end of every session.

A file contains valuable metadata about its source — when it was created and downloaded, what machine was involved, the machine’s owner, etc. You can scrub metadata from some files prior to submission using the Metadata Anonymization Toolkit featured in Tails.

Your online behavior can be extremely revealing. Regularly monitoring our publication’s social media or website can potentially flag you as a source. Take great care to think about what your online behavior might reveal, and consider using Tor Browser to mitigate such monitoring.

Our organization retains strict access control over our SecureDrop project. A select few journalists within our organization will have access to SecureDrop submissions. We control the servers that store your submissions, so no third party has direct access to the metadata or content of what you send us.

Do not discuss leaking or whistleblowing, even with trusted contacts.


Signal is a a free, open-source, end-to-end encrypted app for sending text, videos, and photos as well as making phone calls. Signal stores minimal account information, such as your phone number, registration date, and the date when you were last active on the app. It stores no metadata for your messages with other Signal users, and offers advanced options like self-destructing messages that are deleted from both devices after a set period of time.

You can reach the GRC on Signal at +1 604-262-1531.

Postal Mail

The postal service is a reasonably secure means of sending data and documents to us within Canada. If you live in another country, even one with strong legal protections for postal privacy, remember that international mail can be opened and inspected at the border. Finally, you can better preserve your anonymity by dropping packages in a public mail box instead of the post office.

Global Reporting Centre
UBC School of Journalism, Writing and Media
6388 Crescent Road
Vancouver, BC V6T 1Z2