Whether you are an independent journalist or a newsroom manager, there may come a time when you need to set up a dedicated tipline. Which platform you choose may help protect the identity of your sources when making first contact with them or receiving confidential files, but not all options offer equal privacy or guarantee the same level of anonymity.

From email-based tiplines to specialized whistleblowing software, options also vary greatly in technical expertise and cost. Some setups are completely free but have set file-sharing limits. To receive large numbers of files, some may require stand-alone computers that can run 24/7. The most elaborate setups do not compromise on security and anonymity but require dedicated IT staff members and expensive resources.

Smaller newsrooms should consider their requirements carefully before committing to an option. Fortunately, we have compiled a short list of tiplines that could fit your budget. While conducting our research, we considered the following categories:

• Estimated cost: What is the first-year cost of the components in U.S. dollars?
• Technical expertise: Is specialized know-how required for setup and maintenance?
• Ideal audience: What is the recommended newsroom for this tipline?
• Support duration: How long will it receive official security updates?
• Considerations: Miscellaneous information and potential caveats

Proton Mail

• Estimated cost: $0
• Technical expertise: Low
• Ideal for: Individuals and freelancers
• Support duration: Long-term
• Considerations: Free and highly secure, ideal for those with limited budgets; no technical protections for anonymity

Email-based tiplines, especially with end-to-end encrypted providers like Proton Mail, are great for making first contact with potential sources. Not only are they advertisable on social media accounts, most encrypted email services are also straightforward in terms of usability. Proton — the Swiss company behind Proton Mail — promises end-to-end encryption and zero access to its customers’ emails, though it does hold certain types of metadata (e.g., IP addresses).

Unfortunately, these services often have a hard file attachment limit. If you intend to receive large files regularly, you may want to look elsewhere. Alternatively, a source may redirect you to a secure cloud storage drive to download relevant files.

Finally, anonymity is an important caveat for this option. If an incoming email belongs to an external, nonencrypted service (i.e., Gmail), it could still be read by the sender’s email provider, even if the source sends it to a Proton Mail address. This is especially concerning if your source reaches out with their work email. While it is possible for them to use Mailvelope to encrypt their emails with PGP, or Pretty Good Privacy, subject lines and user identities cannot be end-to-end encrypted.

Regardless, email-based tiplines provide a working budget solution when prioritizing security and convenience. If you are interested in setting up an email-based tipline, read our guides on using Proton Mail and Mailvelope.

2. Computer-based tiplines

Mac mini with OnionShare

• Estimated cost: $600 to $800
• Technical expertise: Moderate
• Ideal for: Smaller/nonprofit newsrooms, independent and freelance journalists
• Support duration: Five to seven years (Apple security updates)
• Considerations: Notable for official security updates and long-term support; maximizes the anonymity of your sources on a budget

OnionShare is an anonymous file-sharing application that utilizes the Tor network. It works by generating a sharable link accessed through the Tor Browser. Clicking on it leads to an anonymous website that prompts the visitor to either download or send files. It can even act as a private chat room that is hosted on your computer.

By enabling “receive files” mode and configuring OnionShare to launch on start-up, your device can become an anonymous drop box that could receive an indefinite number of files and messages, depending on your storage size. For first-time users, we recommend installing OnionShare on a new Mac mini to ensure long-term security updates and minimize power consumption. You should also learn how to secure your Apple devices as well.

For stricter budgets, you can use a secondhand laptop or desktop computer if you are comfortable installing a Linux distribution. We generally do not advise Windows because of its data collection policies.

Check out this beginners’ guide to OnionShare to learn more about its features.

3. Mobile-based tiplines

Smartphone with Signal

• Estimated cost: $500 to $1,000
• Technical expertise: Low
• Ideal for: Individual and freelance journalists
• Support duration: Seven years (security updates)
• Considerations: User-friendly with top-notch security, but less anonymity protection

Signal has become popular with journalists worldwide for its end-to-end encryption and other security features. It has support for disappearing messages and usernames — which allow you to share your contact information without disclosing a phone number. Since it retains less communications metadata, it is almost impossible for state actors to discern who’s speaking to one another based on sent messages. For those who plan on receiving files, Signal can send photos up to 8MB and videos up to 100MB at a given time.

Signal-based tiplines are safest on the latest smartphones like a Google Pixel or Apple iPhone, which can receive up to seven years of security updates on the newest models. Generally, you should avoid repurposing or purchasing old devices unless they support the latest updates. If you do, always factory-reset to erase existing data and to update the device.

Since Signal requires a cellphone number for registration, you may want to obtain a virtual number or second SIM instead of your personal number. Find out how Freedom of the Press Foundation (FPF) helped a local newsroom tackle this problem, in this blog post. You should also consider locking down the app itself as a security measure.

SecureDrop

• Estimated cost: $3,000 to $5,000
• Technical expertise: Expert
• Ideal for: Medium to larger newsrooms
• Support duration: Long-term
• Considerations: Best for larger organizations with in-house IT staff; exceptional security with extensive anonymity protection

SecureDrop is a free and open source whistleblowing submission system developed by FPF. Designed with maximum anonymity and security in mind, it routes all submissions through the Tor network. Its computer hardware requirements can be an obstacle for smaller newsrooms or media organizations without physical offices. Nonetheless, it provides arguably the best protection against advanced malware and state-sponsored attacks. If your newsroom has the necessary IT infrastructure and budget, SecureDrop can be an ideal tipline choice.

A SecureDrop instance consists of two servers — an application server and a monitor server — and a dedicated network firewall. This requires self-hosting, which means your newsroom would need in-house IT staff members with knowledge of Linux administration. They would set up and maintain these servers, ensuring they are updated with the latest patches. Additionally, there must be a physically secure place to store these servers, which can be a challenge for distributed newsrooms that may not have a central office.

You would also need a dedicated laptop to handle submissions. Historically, this involved using two laptops running Tails OS, with one being an air-gapped decryption station that cannot access the internet. This ensures that potentially dangerous files are viewed in an isolated environment, minimizing the risk of malware infection. Nowadays, you have the option of using a single laptop running Qubes OS, which provides strong security through compartmentalization. Both setups require some training for journalists to ensure they can effectively handle submissions.

If you have questions on setting up a SecureDrop instance, you can contact the SecureDrop team. You can also read the official documentation for specific instructions.

GlobaLeaks

• Estimated cost: Varies
• Technical expertise: High
• Ideal for: Medium to larger newsrooms
• Support duration: Long-term
• Considerations: Moderate security and anonymity protections, depending on configuration; more commonly accessible to users speaking languages other than English

GlobaLeaks is a free and open source project developed by Whistleblowing Solutions. Like SecureDrop, GlobaLeaks relies on the Tor network to protect the anonymity of any submissions. Tor can be disabled for those living in countries where using it is dangerous.

However, it has lightweight hardware requirements that makes it more accessible for newsrooms. A GlobaLeaks tipline only requires a single computer operating as a 24/7 server, where it generates a website interface. You can use a separate laptop to access it and view submitted files.

A GlobaLeaks instance can also be shared with a consortium of other organizations. That way, a leaker only needs to make one submission rather than doing so to multiple newsrooms. Instead of hosting a GlobaLeaks server, it might be worth joining a consortium to save resources.

Finally, GlobaLeaks offers many localization options beyond English. Although SecureDrop does support a wide range of languages, many newsrooms outside of the English-speaking world already operate GlobaLeaks instances.

One potential weakness is that a GlobaLeaks tipline is slightly more vulnerable to advanced malware than other platforms, especially since it does not explicitly require an air-gapped viewing station. Despite this, it does have acceptable security features if you feel comfortable with configuring a server on a limited budget. Its documentation acknowledges these risks and recommends that users optionally own an air-gapped viewing station when opening files.

Need further assistance?

If you would like additional assistance setting up a tipline, the Digital Security Training Team can help. Contact us for our training options.