New York Times Confidential Tips

The New York Times is one of the leading newspapers in the United States. At least some part of its reporting comes from tips provided by confidential sources. To facilitate receiving confidential tips, the New York Times provides a number of ways to provide information to the newspaper confidentially.

Now I am not suggesting that you become a confidential source for the New York Time. Sure, if you found out that some out-of-control government employee was sitting a basement office somewhere keeping illegal files about you... well this might be a story for the New York Times. For most of us however, the reason we want to look at how the New York Times receives confidential tips is to see how one of the most powerful newspapers in the country protects its sources.

The New York Times recommends the following means of communicating with them securely:

WhatsApp - WhatsApp is a free messaging app owned by Facebook that allows full end-to-end encryption for its service. Only the sender and recipient can read messages, photos, videos, voice messages, documents and calls. Though you can limit some account information shared to Facebook, WhatsApp still keeps records of the phone numbers involved in the exchange and the users’ metadata, including timestamps on messages.

Signal - The free and open source messaging app offers end-to-end encryption to send messages, photos, video and calls. Signal retains only your phone number, when you first registered with the service and when you were last active. No metadata surrounding communications is retained. The app also allows messages to self-destruct, removing them from the recipient’s and sender’s phones (once it’s been seen) after a set amount of time. I wrote about Signal here in the blog in November 2017.

PGP Encrypted E-mail - Pretty Good Privacy (PGP) is an encryption software that allows you to send encrypted emails and documents. Mailvelope is a browser extension for Chrome and Firefox that makes it easy to use PGP. The extension will only encrypt the contents of the email you’re sending. Mailvelope will not encrypt metadata such as sender, recipient, subject or information about when the email was sent. This metadata will be available to your email provider. I strongly recommend PGP and have mentioned it in the blog here and here.

Postal Mail - Mail delivered through the postal service is another secure means of communication. The New York Times recommends that you use a public mailbox, not a post office.

Secure Drop - This encrypted submission system set up by The Times uses the Tor anonymity software to protect your identity, location and the information you send us. We do not ask for or require any identifiable information, nor do we track or log information surrounding our communication.  I previously wrote about Secure Drop here in the blog. 

Are there other means of secure and anonymous communication? Of course there are. But, if you need to set up some way of receiving information securely, the techniques recommended by the New York Times are good places to start.

I also note that the New York Times Onion Service on http://nytimes3xbfgragh.onion  is a more secure way to access the website over Tor.