What is SecureDrop?

The Washington Post’s SecureDrop is a discreet way for readers to share messages and materials with our journalists. It offers greater security and anonymity than conventional e-mail and Web forms.

How do I use it?

SecureDrop relies on Tor, an application designed to encrypt your communications and obscure your computer’s IP address.

In order to use SecureDrop:

Keep the codename you are provided safe and secure. We will not know your codename, and you should never share it with anyone. If you forget your codename, we will have no other way to contact you.

That doesn't look like the url I've seen before. Has something changed?

One of the things the Washington Post does to keep SecureDrop as secure as possible is to keep it up to date with the latest software from the Freedom of the Press Foundation. Recent updates have enabled the use of a stronger encryption protocol, which also requires this new (longer) url.

What steps are taken to protect my privacy and anonymity?

Nearly all digital communications can leave a trail. The Washington Post's SecureDrop is designed to minimize these digital trails using best practices, such as:

However, no system is 100 percent secure, and even with these measures, there might be a risk of someone discovering who you are or what you are sending. In addition to using SecureDrop, we recommend that you:

Other fine print:

The Washington Post works diligently to protect the identities of our sources and keep the information they give us confidential. We do not make any warranties as to SecureDrop; use of the system is on an "as is" basis, at your own risk.

Last updated: 03/10/2022