Further Reading

  1. The Irish based Front Line Defenders charity has published Digital Security & Privacy for Human Rights Defenders manual

    We have a few minor quibbles ,but this is a very useful, clear and simple guide, which complements these hints and tips. It is of use to human rights activists living under repressive regimes, and also to UK based journalists, and political bloggers alike.

  2. The United States National Security Agency does not just snoop on foreigners and US citizens, it also publishes very useful practical documentation aimed at securing US Government and Business computer systems and networks.

    Have a look at these open source Security Configuration Guides and checklists, and make sure that your computers are at least as well secured as the NSA recommendations:

    These used to be available as NSA Security Configuration Guides, but these checklists have now mostly been moved to the:

    National Institute of Standards and Technology (NIST):

  3. The NSA also publish an illustrated, step by step guide to secure document redaction or censorship from Microsoft Word 2007 to Adobe .pdf format:

    Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word 2007 to PDF (.pdf)

  4. Thomas C.Green writes in The Register about Clearing swap and hibernation files properly - - probably especially important for laptop computers, which are especially vulnerable to loss or theft. See also his Windows hack for Web-surfing privacy and Internet anonymity for Windows power users gives some hints a techniques for using RAM disks rather than hard disk space for Windows and Web Browser temporary files and registry settings.

  5. Privacy International:- "Legal Protections and Barriers on the Right to Information, State Secrets and Protection of Sources in OSCE Participating States" - should be read by legislators, civil servants, investigative journalists, whistleblowers and bloggers in Europe, North America and Central Asia.

  6. Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

  7. Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

  8. Everyone's Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the Munk Centre for International Studies at the University of Toronto.

  9. How To Master Secret Work Some idea of the precautions necessary for making sure that you have not been followed to clandestine physical meetings, on foot or by car, can be gleaned from this re-print of advice and techniques given to ANC / Communist activists under the South African apartheid regime - African National Congress or South African Communist Party (or, if you are desperate, from here) First published during the 'eighties as a series of articles in the SACP publication 'Umsebenzi'; later as a single pamphlet for underground operatives.

    Following the Edward Snowden revelations about the extent of untargeted mass surveillance by NSA and GCHQ, some of these old school, pre-internet tips about operational security should still be of interest to today's political activist, even in supposedly more democratic countries than South Africa.

  10. A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages ), by experienced UK direct action political activists (www.activistsecurity.org). It is full of practical advice, on many of the topics in this blog, including physical meetings, surveillance, anonymous letters and mobile phones. They make the point that there are private sector snoopers as well as government ones who are interested in meetings and communications between whistleblowers or activists or journalists etc.

    There is a mirror copy on this blog, in case your access to the original is blocked

    [hat tip to Mr. Tor for his suggestion in the comments below]

  11. Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

  12. Privacy International - Speaking of Terror: A survey of the effects of counter-terrorism legislation on freedom of the media in Europe (.pdf) includes sections on Protection of journalists' sources and materials, and Wiretapping and surveillance of journalists and on Limits on Photography.

  13. The Berkman Center for Internet and Society, at the University of Harvard, in the USA,has several research projects which examine the effectiveness of State and Corporate Internet Censorship and the tools and techniques used to achieve this,m and the arms race with the Censorship Circumvention tools and techniques. They have published a useful study of some of the most popular Circumvention tools and technologies, showing their trade offs between usability, speed, security, and effectiveness at breaching the Great Firewall of China and other repressive countries.

    Unfortunately, exactly the same techniques which are useful in helping dissidents in very repressive countries, are also now needed to help to protect the anonymity of whistleblower sources and contacts with, or between, journalists, bloggers and political activists, here in the increasingly repressive United Kingdom

    2007 Circumvention Landscape Report: Methods, Uses, and Tools
    Published March 05, 2009
    Authored by Hal Roberts, Ethan Zuckerman, John Palfrey


    The following tools were included in the study:

    Anonymizer Anonymous Surfing - an HTTP proxy tool
    Anonymizer China - an HTTP proxy tool
    DynaWeb FreeGate - an HTTP proxy tool
    UltraReach - an HTTP proxy tool
    Circumventor / CGIProxy - a CGI proxy tool
    Psiphon - a CGI proxy tool
    Tor - a randomized re-routing tool
    JAP - a fixed re-routing tool

    Coral - a distributed hosting tool

    Hamachi - a IP tunneling tool

    These tools were chosen to represent most of the most popular tools and to represent a range of different technical and organizational models. There are many tools with the same or similar functionality as the tools included in the study, including Gpass, Guardian, FirePhoenix, Invisible Browsing, Metaproxy, PHPProxy, a plethora of VPN and HTTP tunneling tools, and many others.

    2007 Circumvention Landscape Report: Methods, Uses, and Tools (.pdf)

  14. The Crown Prosecution Service's Decision on prosecution - Mr Christopher Galley and Mr Damian Green MP is worth reading, especially the legal opinion on

    22. As already noted, Mr Galley was arrested for an alleged offence of misconduct in public office and Mr Green was arrested for an alleged offence of aiding and abetting, counselling or procuring the alleged offence by Mr Galley and of conspiring with Mr Galley for him to commit the offence of misconduct.

    23. This is not a case which falls within the framework of the Official Secrets Acts

    This CPS Decision also mentions that

    9. The leaked document was the "Asylum and Immigration High Level Monthly Performance Report July 2007". It was marked "Restricted-Management". A copy was recovered by the police from Mr Green's Parliamentary office bearing the name "Galley" in manuscript. In his interview with the police, Mr Galley denied passing this document to anyone.

  15. Whistleblowing and Whitehall - A review of how the policies of Government Departments comply with accepted good practice on whistleblowing (.doc) - 2007 report by the Public Concern at Work whistleblowing charity.

  16. This research gives an overview of internet snooping and censorship technologies, including British Telecom's CleanFeed system, and some ways in which this can be avoided, thereby preserving some whistleblower source / political dissident anonymity:

    Anonymity and traceability in cyberspace (.pdf)

    Richard Clayton

    November 2005

    Technical Report Number 653

    University of Cambridge

    Computer Laboratory


    ISSN 1476-2986

    Dr. Richard Clayton's home pageand contact details.

  17. How To Communicate Securely in Repressive Environments - a blog post with useful comments and links, and a Word (.doc) version, by Patrick Philippe Meier

    House of Commons - Public Administration Committee - Tenth Report - Leaks and Whistleblowing in Whitehall - 16 July 2009

  18. Public Concern at Work, together with the British Standards Institute, have produced a useful Whistleblowing Arrangements policy document for public and private sector organisations in the United Kingdom (free for individual use).

    Code of Practice

    In partnership with PcaW, British Standards has published a Code of Practice on whistleblowing arrangements under the classification PAS 1998/2008. PCaW is delighted that, to mark the tenth anniversary of the UK's whistleblowing regime, BSI has agreed that the Code will be available for free for individual use.

    We hope you find the Code helpful. If you do, please note that PCaW has developed a range of practical support to help organisations comply with and benefit from the Code.

    Copyright Provisions

    Copies of this Code are available for free for individual use under licence by download from here or from www.bsigroup.com/PAS1998. For printed and own-branded copies or for a network licence, please contact BSI at copyright@bsigroup.com.
    Thank you for filling in the form:

    Click here for the BSI Code of Practice. (.pdf)

  19. FLOSS Manuals - Circumvention Tools - Bypassing Internet Censorship (available as a single web page for printing or as a .pdf file)

    Is a neatly written and illustrated guide to to various Proxy and Virtual Private Network tools and services.

    * USING PHProxy
    * RISKS
    * WHAT IS VPN?

  20. The Whistleblower's Handbook
    How to Be an Effective Resister

    Brian Martin, The Whistleblower's Handbook: How to Be an Effective Resister (Charlbury, UK: Jon Carpenter; Sydney: Envirobook, 1999). Out of print from 2008.

    Entire book in pdf, 89 pages, 1.6MB

    HT4W mirror copy of The Whistleblower's Handbook (.pdf)


    1. Seven common mistakes 3
    2. The problem 7
    3. Speaking out and the consequences 10
    4. Personal assessment: what should I do? 18
    5. Preparation 23
    6. Official channels 29
    7. Building support 45
    8. Case studies: considering options 65
    9. Surviving 77
    10. Whistleblower groups 82
    References 87

    Seven common mistakes

    Seven mistakes which are commonly made
    by those aiming to expose wrongdoing:
    • Trusting too much
    • Not having enough evidence
    • Using the wrong style
    • Not waiting for the right opportunity
    • Not building support
    • Playing the opponent's game
    • Not knowing when to stop.

  21. Flash memory / USB devices (thumbdrives, digital camera or mobile phone memory cards etc) is very hard to securely erase:

    Reliably Erasing Data From Flash-Based Solid State Drives (.pdf)
    Michael Wei
    ∗, Laura M. Grupp∗, Frederick E. Spada†, Steven Swanson∗
    ∗Department of Computer Science and Engineering, University of California, San Diego
    †Center for Magnetic Recording and Research, University of California, San Diego

  22. Hacker OPSEC blog by by @thegrugq with interesting links to counter intelligence examples and documents, which emphasises the need for comparmentalisation between your normal life and your "secret" one or between your normal family and business contacts and any confidential sources or contacts.

  23. Spy Blog "Bring and Swap" presentation given at recent CryptoParty / CryptoFestival events: (.pdf) & (.pptx)

  24. European Federation of Journalists Top Tips for Journalists Covering the 2014 Winter Olympics includes useful tips about SmartPhones etc. N.B. also do not trust any "free" USB charging devices for SmartPhones or Tablets etc. - these can be a malware installation vector.

  25. Information Security for Journalists version 1.1 by @ArjenKamphuis Arjen Kamphuis and @SilkieCarlo Silkie Carlo, in association with @cijournalismThe Centre for Investigative Journalism - detailed practical step by step guide helping Journalists protect their sources from compromised electronic communications e.g. PGP/GPG file or email encryption, TrueCrypt disk volume encryption, OTR encrypted instant messaging, phones and Tor anonymous web browsing. This e-book takes a pragmatic attitude to the importance of risk analysis and the different levels of security / anonymity which apply in practice.

    Information Security for Journalists version 1.1 (.pdf) on Arjen's website.

    N.B. a copy of this version 1.1 (.pdf) is also mirrored here at HT4W

    Contents 5

    Preface - Silkie 7
    Preface - Arjen 8

    Introduction 10
    Chapter 1: Protecting the System 14
    Your computer model 14
    Buying the right laptop 16
    Modifying your hardware 20
    Buying your laptop anonymously 22
    Guarding your laptop 23
    Detectability measures 24

    Chapter 2: Operating System 25
    Linux 26
    Tails 27
    Ubuntu install instructions 29
    Booting from USB 31
    Ubuntu privacy tweaks 32
    Tails install instructions 32
    Clean and prepare a USB stick 33
    Cloning Tails USB sticks 34
    Installing Tails manually via UNetbootin 35
    Installing Tails manually via Linux 36
    Troubleshooting 38
    Updating Tails 38
    Using Tails 39
    Using Tails via bridges/circumventing censorship 39
    Creating a persistent volume 41
    Using KeePassX 42
    Email in Tails 42

    Chapter 3: Safe Browsing 48
    A general purpose browser 49
    Tor 50

    Chapter 4: Data 53
    TrueCrypt 53
    Troubleshooting TrueCrypt installations 54
    Encrypt a file with TrueCrypt 55
    Hidden encrypted volumes 57
    Encrypting hard drives 60
    Sharing data securely 60
    Securely deleting files 62
    Physical erasure 63
    Metadata 64

    Chapter 5: Email 65
    Email metadata 66
    Email encryption 66
    Key pairs 67
    Verifying keys 67
    Protecting your identity and location 68
    Basic notes about email encryption 68
    Installation instructions for encrypted email 69
    Configuring Thunderbird 71
    Send an email 75

    Chapter 6: Instant Messaging 77
    Adium instructions (Mac) 77
    Pidgin instructions (Linux/Windows) 78
    Getting started with OTR chat 79

    Chapter 7: Phones & Voice/Video Calling Over Internet 82
    Mobile security 82
    Internet voice and video calling 85

    Chapter 8: Passwords 86
    Password cracking: understanding the risk 86
    How to create a strong password 88

    Glossary 90

    About the authors 93

About this blog

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Some of these people will, in the public interest, act as whistleblowers, and may try to leak documents or information to the mainstream media, or to political blog websites etc.

Here are some Spy Blog "Hints and Tips", giving some basic preecautions, and some more obscure technical tips, which both whistleblowers, journalists, and bloggers need to be aware of, in order to help preserve the anonymity of whisteleblowing or other journalistic sources, especially in the United Kingdom, but applicable in other countries as well.

Whistleblower anonymity may not always be possible, or even necessary, forever into the future, but it is usuially crucial during at least the early stages of a "leak", whilst it is being evaluated by others, to see if it merits wider publication and publicity.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.


Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG).

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.


Tag Cloud

CryptoParty London

CryptoParty London

Most months there is a CryptoParty London event. where some of these Hints and Tips and other techniques are demonstrated and taught.

Usually at:

Juju's Bar and Stage 15 Hanbury St, E1 6QR, London

Follow on Twitter: @CryptoPartyLDN

Syndicate this site (XML):


Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid.com- - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Open Rights Group

renew for freedom - renew your passport in 2006
Renew For Freedom - renew your Passport in the Summer Autumn of 2006.

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

Amnesty International's irrepressible.info campaign

BlogSafer - wiki with multilingual guides to anonymous blogging

NGO in a box - Security Edition privacy and security software tools

Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Public Concern at Work - "(PCaW) is the independent authority on public interest whistleblowing. Established as a charity in 1993 following a series of scandals and disasters, PCaW has played a leading role in putting whistleblowing on the governance agenda and in developing legislation in the UK and abroad. All our work is informed by the free advice we offer to people with whistleblowing dilemmas and the professional support we provide to enlightened organisations."