Last updated

Because this is a challenging topic, we strongly recommend the prerequisite modules before getting started. Likewise, it may be most appropriate for students who plan on pursuing journalism professionally.

This module opens with a presentation outlining publicly documented examples of compromised sources, and then moves onto an activity requiring students to threat model on behalf of multiple sources, using the Electronic Frontier Foundation's threat modeling worksheet. After discussing these threat modeling approaches and their shortcomings, the lesson continues with reminders about the limitations of end-to-end encrypted communication channels, as well as a discussion of the "first contact problem."

Note: Professors should print (or have students print) three copies of Page 3 of the Electronic Frontier Foundation's threat modeling worksheet. The other pages are optional, and may have been covered in the previous threat modeling module.


Threat modeling
Internet and telecommunication security
Legal requests in the U.S.
Mass surveillance in the U.S.
(Good to know) Obfuscating location
(Good to know) End-to-end encryption for files
(Good to know) File safety

Estimated time

80-90 minutes


  • Upon successful completion of this module, students will be able to conduct a risk analysis on behalf of potential sources.
  • Students will be able to identify several ways metadata, as well as electronic recordkeeping at workplaces, may be used in leak investigations.
  • Students will be able to identify tradeoffs of confidential tip channels used by contemporary U.S. newsrooms.

Why this matters

While most stories are not so sensitive, and it's uncommon for sources to be at serious risk of reprisal, it is important to be able to analyze that risk to ensure their ability to work with journalists safely. Ultimately, this module is also intended to help learners understand how context-dependent source protection really is.


(Before class)

Sample slides

Threat modeling on behalf of sources (Google Slides)


Using page three of the Electronic Frontier Foundation's threat modeling handout (or writing the same questions down elsewhere on a document of your choosing), have students attempt to threat model on behalf of their source. Most contacts won't be newsworthy, but let's imagine a few that might be.

  • Someone working at a local restaurant has reached out to you with evidence of fraud coordinated by their manager. They have found your number online, and sent you a text message about the situation from their personal phone. Is this a safe way for them to reach out? Why or why not?

    Things to discuss: It might be okay. It is unlikely that the restaurant has the technical capacity to access these calls or call records, however, if they are the only person at the workplace who has expressed concern to the boss in the past, the workplace might be able to figure out who's leaking!
  • You have a good relationship with someone working at your state governor's office. You've exchanged a variety of messages with them over text messages, Signal, tweets, emails, and calls spanning back two years. One day they message you on Signal to let you know they have some internal documents — "something you need to see.” Is this a safe way for them to reach out? Why or why not?

    Things to discuss: It depends! How likely is it that the sensitivity of these documents warrants a workplace investigation? You and this source have a lot of publicly-documented history speaking. Additionally, are these documents that only they, or a small number of other people at their workplace have access to? It could make it easier to identify who shared them. Likewise, have they ever reached out to you using a workplace device?
  • You have a source who works at a large internet company, and you occasionally send them questions about their workplace over Signal. Sometimes you will speak publicly about unrelated topics over social media sites, such as Twitter. Using Signal, they will occasionally send you recordings of internal meetings that include some sensitive product details. Is this a safe way for them to reach out? Why or why not?

    Things to discuss: It depends! Are they using a workplace-provisioned device, or a personal device with workplace software installed? How many people have access to these particular meetings? Are they using workplace networks that could log their activities?

Questions for discussion

(Following threat modeling exercise)

  • What were some common risks across your threat modeling exercises? Any major differences?
  • How did metadata factor into your threat model?
  • Is there more your sources could have done to minimize risk further?
  • What are some common issues you can imagine for anyone who wants to reach out to a news organization with a sensitive disclosure?
  • Do you think it's possible to communicate with sources without leaving a digital trail? Why or why not?

Donate to support press freedom

Your support is more important than ever.