Leak to us

Part of our mission at PublicSource is to hold those in power accountable.

Our community is key in helping us investigate those who breach public trust. If you know of government officials, companies or institutions in the Pittsburgh region abusing power or doing something wrong, below are guidelines on how to contact us while protecting information you share and your identity.

(Remember that no form of communication is 100 percent safe. Make a plan about how you'll handle it if someone learns you contacted us.)

DON'Ts

  1. Don't use your work email, computer or nearby post office to contact us.
  2. Don't contact us through social media.
  3. Don't talk about what you're doing with anyone else.
  4. Don't contact us via a work-issued mobile phone. If you use your personal cell phone, consider installing an encryption app. Signal is most recommended. Try to avoid speaking to us on your home landline.

DOs

  1. Use U.S. mail to send documents. Don't include a return address; if necessary, put one inside the envelope, not on the outside. Consider mailing it from one town over so the postmark doesn't show your town. If you plan to communicate with us regularly, consider getting a P.O. box at that site. (Again, do not use a return address.) Our snail-mail address is below.
  2. Send paper documents, or digital media such as CDs and thumb drives. Please include an explanation of what you are sending and why it's important for the public to see.
  3. To communicate with PublicSource via email, set up a new, anonymous account to be used only for our communications. Don't give your name or any other identifying information. Use a strong password. Use an open wifi network you don't use regularly, like a coffee shop or a library, when setting up and using the account. (On a home wifi network, it's easy to trace your location and identity via your IP address.) Ideally, use the anonymous Tor browser — instead of Chrome, Safari or Firefox.
  4. When communicating by email, we highly recommend using an encryption program like PGP. Our PGP handles are included in our profiles on our staff page. PGP will encrypt your message, but it doesn't shield your metadata (sender, receiver, IP address sent from, etc.), so it's important to follow Step 3 above if you want to better secure your privacy. If you want to try to remove metadata from attached files, see this guide.
  5. If you want to speak to someone at PublicSource, also consider getting the Signal app on your smartphone. It encrypts voice calls and text messages.
  6. Consider buying a burner phone. Use cash.
PublicSource
746 E. Warrington Avenue
Pittsburgh, PA 15210
412.515.0060

(The above list was originally compiled by InsideClimate News.)