PrivacyTools.io
Reviewed by Gabriel Bachmann

Anonymous Whistleblower Tools - Security & Privacy

Grouped by threat level

Covered Easy start and good defaults for everyone
Targeted Maximum effort for when you're a target

How they compare

Tool Type Cost
SecureDrop
Submission system Free
GlobaLeaks
Submission system Free
Briar
Messenger Free
OnionShare
File drop Free
Haven
Monitoring Free
EFF
Guides Free

Speaking up about wrongdoing can carry real risk, so the tools you use to do it matter. These are the secure systems trusted by journalists and organisations to receive sensitive material while protecting the identity of the source. They work by separating the disclosure from the person making it, but they are only as safe as the care taken around them. Used carefully, they keep the focus where it belongs: on what was disclosed, not on who disclosed it.

Why ordinary tools can’t protect a source

The instinct is to email a document or send it over a familiar messaging app, but those channels are built to record exactly the trail a source needs to hide. Email logs the path of every message, and a phone number ties an account to a real person, while most platforms keep metadata that survives long after the contents are gone. None of this is a setting you can disable, because the recording is how those systems are meant to work. The danger in whistleblowing is rarely the content alone, it is that metadata which links a disclosure back to a name. Tools like SecureDrop and OnionShare exist because the only reliable answer is a system designed from the start to avoid that trail, which is what every pick on this page is built to do.

How these protect a source

Each of these systems attacks the metadata problem directly. They route submissions over anonymity networks, typically Tor, so the connection between source and recipient is hidden rather than logged. They avoid collecting identifying information in the first place, and they encrypt what is sent so the contents are protected in transit. The result is an organisation that receives the material without learning who sent it. Some, like GlobalLeaks, are platforms an organisation deploys to receive many submissions; others, like Briar, are built for direct contact that leaves no central record. That separation between the disclosure and the discloser is the entire point.

What to look for in a whistleblower tool

Look for a proven track record, since this is not a place to trust something untested. Favour open-source code that security researchers have been able to examine, because hidden flaws here carry a human cost. Insist on anonymity built in by design, normally over Tor, rather than bolted on as an afterthought. And look for clear, thorough guidance written for both the source and the recipient, because the tool only works when both sides use it correctly. A system that is technically strong but confusing to operate is a risk, not a safeguard, when the stakes are high.

How we pick these

Every system here is measured against our public listing criteria, with an unusually high bar given what is at stake: a real track record of protecting sources, open code where it can be reviewed, anonymity by design rather than by configuration, and documentation that genuinely prepares both sides. We weigh whether an organisation can deploy the tool correctly and whether a source can follow it under stress. We only list systems we would trust in a serious situation, and we point to the organisations that maintain and support them, such as the EFF, rather than asking anyone to go it alone.

Operational care matters most

No tool can protect a source who is careless, and this is the part no software can do for you. Use a device and a network that are not tied to you, and follow the platform’s official instructions exactly, remembering that how and when you act can be as revealing as what you say. Practise the steps before they matter, and avoid improvising under pressure. Most of all, if the stakes are high, seek guidance from an organisation that supports whistleblowers before you act. The technology removes one category of risk; sound judgement and preparation cover the rest, and the two only work together.

Frequently asked

Can these tools really keep me anonymous?
They provide strong protection by design, but anonymity depends as much on how you use them as on the software itself. Used carefully, on a device and network that are not tied to you, these are the systems major news organisations trust for exactly this purpose. Used carelessly, even a strong tool can leak the small details that identify a person, which is why the operational habits matter as much as the technology.
Do I need to use Tor for whistleblowing?
Usually, yes. Most of these systems route submissions over the Tor network, which is how they hide the connection between a source and the recipient. The anonymity the tool promises generally depends on that layer being in place, so skipping it can quietly defeat the protection you were relying on.
Who actually deploys these systems?
News organisations and NGOs run them to receive tips and documents safely, as do oversight bodies and watchdog groups. The systems are built with two roles in mind: the organisation sets one up to receive material, and the source submits to it. Both sides matter, because a securely received leak still depends on the source having sent it carefully.
Is using a whistleblower tool legal?
The tools themselves are ordinary privacy and security software, and many are open source and freely available. Whether a particular disclosure is protected is a separate legal question that varies by country and by the nature of the material and the employer involved. Anyone weighing a high-stakes disclosure should seek advice from an organisation that supports whistleblowers before acting, not rely on a tool alone.
What is metadata, and why does it matter to a source?
Metadata is the information around a message rather than its contents: who connected to what, and from where and when. In whistleblowing the danger is rarely the document itself but the trail that links it back to a person. These systems are built specifically to strip or avoid that trail, which is why they differ from simply emailing a file, where the path is recorded at every step.
Can I test one of these tools before I rely on it?
You can install and explore the open-source options to understand how they work, and reading the official documentation end to end is strongly advised before any real use. What you should not do is improvise under pressure: practise the steps in advance and follow the platform's instructions exactly, treating the first careful run as the one that counts.