Introducing BayLeaks

Pub date February 18, 2014
WriterRebecca Bowe

From time to time, sources have told us at the Bay Guardian that they would love to share sensitive information for news articles, but fear they would be retaliated against or even terminated from employment if they were to do so.

We have found a way around that.

Sources who wish to retain their anonymity while sharing information they believe the public has a right to know now have the option of using an encrypted submission system to anonymously send documents to our news team.

Created by Bay Area technologists in partnership with the San Francisco Bay Guardian, BayLeaks uses the latest cryptography software to protect the identities of our sources. This is a secure, anonymous way for concerned citizens to communicate with journalists to release information.

“Politically, economically, and socially, it is becoming increasingly clear that the Bay Area is at a crossroads. We see BayLeaks as a critical first step in securing radical transparency in public discourse as the region charts its future,” said T.R. Hwang, a BayLeaks partner and deputy director of the San Francisco Committee of Vigilance, a citizens’ alliance dedicated to enhancing the public sphere through technology.

Our system uses SecureDrop, a whistleblowing platform managed by the Freedom of the Press Foundation, and Tor, an online anonymity network that has gained the trust of Internet users around the world.

The SecureDrop program originated with the late Aaron Swartz, who developed it in collaboration with Wired Editor Kevin Poulson. Swartz was an Internet activist and programmer known for hashing out inventive ways to fight corruption and promote transparency. He’s remembered, among other things, for cofounding Reddit, the online news site; and for founding Demand Progress, an online activism group known for its 2012 campaign against the Stop Online Piracy Act.

To access BayLeaks once you have logged onto Tor, type this URL into the browser: l7rt5kabupal7eo7.onion.

Now SecureDrop is managed by the Freedom of the Press Foundation, a nonprofit organization founded in 2012 that is “dedicated to helping support and defend public-interest journalism focused on exposing mismanagement, corruption, and law-breaking in government.”

To provide maximum security, BayLeaks is only accessible over the Tor anonymity network.

When connecting to Tor in order to submit documents through SecureDrop, the Freedom of the Press Foundation recommends first going to a public location, such as a library or a café, rather than using one’s home or work station where it would be easier for a third party to detect you as a Tor user.

The Tor Browser is as easy to use as other browsers. But once you have downloaded it, it masks the IP address of the computer you are working on by sending your requests through a set of computer relays to keep anyone from tracing communications back to you.

Using the Tor Browser allows you to access Tor Hidden Services like BayLeaks, which are only available over Tor and can be much more secure than ordinary websites. These hidden services have .onion Web addresses (the .com of the digital anonymity world). After you’ve submitted something to BayLeaks, journalists can use the SecureDrop system to communicate securely and anonymously with you. Once you’ve sent all documents to BayLeaks, the Freedom of the Press Foundation recommends deleting the Tor Browser Bundle, destroying any recorded copies of your codename (see “A Low Tech How-To”), and erasing or destroying any media (CD-ROMs, USB sticks) used to copy the leaked documents.

“As the old adage goes, ‘Sunlight is the best disinfectant,'” said J.D. Shutt, a BayLeaks partner and Special Initiatives director of the SF Committee of Vigilance. “We’re excited to provide a technologically robust means of bringing this basic rule of civics into the 21st century.”