Career Woman

How whistleblowers can protect themselves


Blow the whistle without the fear of its repercussions. Here’s how you can make use of cybersecurity tools to protect yourself and be heard.

It is always difficult for those who notice illegal or unethical behaviour in their organizations to decide whether to blow the whistle. When people do not, the biggest reason is often simple fear. Blowing the whistle can be career suicide for some and possibly physically dangerous for others. But if you have legitimate cause to blow the whistle, how can you do it in a way that will not expose yourself?

The answer is simple—do it digitally. Here’s how whistleblowers can use the internet to ensure that they can expose wrongdoing without endangering themselves.

What is whistleblowing?

Before we get to the subject of self-protection, however, we should take a look at what exactly whistleblowing is. Whistleblowing refers to the discovery and public exposure of unethical or illegal behaviour within an organization. This applies to all companies, institutions, and even governments, regardless of ownership, financials, or incorporation status. The most famous example of whistleblowing is probably the case of Edward Snowden, who blew the whistle on the NSA (readers should note that the techniques below cannot protect you if you blow the whistle on a major U.S. spy agency).

Techniques for protecting yourself

Aspiring whistleblowers are well aware of the risks involved. This is why you should do as much as you can to hide your identity, and below are three ways to help you do just that:

1. Be mindful of access

For those working in offices, it may be tempting to blow the whistle at your desk. This would be a terrible idea, almost immediately exposing who you are even if no one is looking over your shoulder. The reason is that Wi-Fi networks serve the employers, not the employees. Essentially, everything you do while connected the company network can be tracked by your company. The same is true with your work devices. Hence, you should never try anything compromising unless you are sure no one associated with your whistleblowing target has access to your device and connection.

2. Hide your trail

Many actions you take can result in you leaving a trail for your targets to follow, particularly if you are operating online. While it may seem more anonymous than meeting someone in a coffee shop, using the internet could entail many acts that could unravel your plan to stay hidden. Threats abound, from paying with a credit card to simply printing a document with the metadata intact. Later, we’ll recommend some privacy tools to get around this.

3. Protect your sources

When you are blowing the whistle, it is tempting to disregard the safety of your sources of information. Journalists are known for protecting their sources, but this should be a high priority for everyone simply as a measure of self-protection. If caught providing information to a whistleblower, your source could face severe consequences and could easily be enticed to turn against you. Hence, even if you are planning to whistleblow anonymously, you should discuss your strategy with your sources offline. This makes your conversations harder to track. You should also provide your source with a signal that only the two of you know so that no one can impersonate you. Those communicating online can use a cryptographic key, while those doing so offline may want to design a passphrase.

Tools for protecting yourself

A range of secrecy and encryption tools are available and should be used as much as possible when you are blowing the whistle. They should be used every step of the way because your cybersecurity and anonymity are only as strong as their weakest link.

Often in the beginning, some research is necessary, and the internet is often the most convenient option. However, online behaviour is often tracked by multiple parties; so, how can you get around it? When browsing the internet, you should start by using either an Incognito (for Chrome) or Private (for Firefox) window.  But this will still leave you exposed to network admins, ISPs and DNS servers.

To ensure that they, too, cannot see your online activity, you should use a VPN when whistleblowing. To further increase security, you can opt for a privacy-oriented search engine like Tor, which routes your traffic in relays across the world.  You can further augment this by first connecting to a VPN before using Tor.

When you are finally ready, you should use an encrypted service to send the message that blows the whistle. Examples include SecureDrop, Jabber/XMPP with OTR encryption, or Signal. Each ensures that your messages are encrypted before they are delivered to the target destination. And when you pay for the tools, consider using a cryptocurrency like Bitcoin, as that is far harder to trace than a credit card.

About Jack Warner

Jack Warner is an accomplished cybersecurity expert with years of experience under his belt at TechWarn, a trusted digital agency to world-class cybersecurity companies. A passionate digital safety advocate himself, Jack frequently contributes to tech blogs and digital media sharing expert insights on topics such as whistleblowing and cybersecurity tools.

Recommended for you

What Do You Think?

Your email address will not be published. Required fields are marked *