In 2021, a whistleblower named Frances Haugen leaked internal documents from Facebook, revealing how the company knowingly allowed misinformation and assisted in state-sponsored censorship. Known as the Facebook Files, this leak was notable in how successful it was in preventing retaliation before Haugen publicly identified herself. While not confirmed, she most likely shared documents with the Wall Street Journal through SecureDrop.
Her case is not unique. Whether you are a whistleblower, an investigative journalist, or an amateur blogger, the ability to publish safely is essential to a transparent society.
Why Publish Anonymously?
In some countries, simply speaking out can result in criminal charges or loss-of-life. Even in relatively “free” societies, publishing critical information can attract legal threats, online harassment, or unwanted media attention. For example, this hobbyist security researcher was sued for documenting a ransomware attack on his own blog!
Anonymity enables freedom of speech by separating your voice from your identity. It helps protect you from retaliation while keeping the focus on the message.
Best Practices
1. Use a Pseudonym
A pseudonym empowers you to maintain a consistent identity while separating your real-world persona from your published work. Choose a name (or Username) that has not been linked to you and use it exclusively for anonymous publishing.
Register new accounts and email addresses from devices and internet connections not associated with your identity. Avoid using the same writing style, login behavior, or online habits that could de-anonymize you. Remember that a pseudonym is only as strong as your ability to keep it separate.
In some cases, like in large newsrooms, you may need a public identity to establish credibility. If that is the case, shift your focus toward secure communication with confidential sources and protecting your operational security. Consider setting up a secure tipline instance for your organization.
2. Find a Platform
Where and how you publish matters. Here are a few options:
Create your Blog
Depending on your situation, you may be deciding between creating a website or using a third party platform like Substack or Medium. If you go with the former, Ghost is an excellent open-source alternative to Substack. You can also create your own website through services like Wix or SquareSpace if your threat model allows it.
You can also consider running a Tor hidden service for an informal blog. This gives you control over hosting and minimizes reliance on third-party platforms.
Use Alternative Social Media
Social networks can help you connect with a potential audience and gather feedback. Instead of X or Facebook, a decentralized and federated alternative like Mastodon can resist censorship from government actors.
Seek External Publishers
Many media outlets accept tips through a tipline, a system designed to receive anonymous submissions via Tor. This can be safer than publishing independently if you are sharing sensitive documents or exposing wrongdoing.
3. Compartmentalization
Compartmentalization involves isolating your publishing work from everything else. Whether you’re using a pseudonym or your real name, never mix your activities. Instead of using a personal laptop, purchase a dedicated laptop for your publishing work. When you decide to publish your final draft or upload your documents, do not log in from home or work networks. Instead, use an anonymous network like Tor over public wifi.
Furthermore, you should also install a anonymity or security-focused operatin system. When doing sensitive activities, boot from Tails OS, an amnesiac Linux distribution that leaves no trace. For high-security daily usage, Qubes OS lets you compartmentalize your personal and work tasks in isolated virtual machines called qubes. If one of these virtual machines becomes compromised, you can always dispose of them.
Do not reuse passwords, emails, or browsing habits across different identities. Each project or pseudonym should exist in its own bubble. Compartmentalization ensures that you can safely publish your work without endangering your safety.
Last edited by @jonah 2025-05-08T00:32:49Z