Secure Source Submission Guide
Hello prospective source!
North Star Post is a fledgling newspaper founded in mid 2015. We cover a number of issues, including surveillance, national security, and government accountability. We have staff in the Minneapolis, Phoenix, Chicago, Canada and trusted partners elsewhere.
We look forward to working with sources, and using whatever means possible and appropriate to protect their confidentiality. We are excited to announce that we now have a platform for sources to anonymously contact North Star Post’s editorial staff, based on GlobaLeaks, a free and open source project. Our submission site is available exclusively through the Tor network, and should only be accessed using the Tor Browser for safety and anonymity reasons.
Please read through this complete set of instructions before starting. It is critical that you understand the process in full before starting.
If you have strong concerns about your safety from a major power, please consider contacting Wikileaks or The Intercept and working with the Courage Foundation in advance. North Star Post is very new, and does not have the same financial, organizational, or technical capabilities as these organizations. We encourage you to seriously do your homework on who to work with, and how to do so, in advance of a major disclosure likely to attract the attention of a major intelligence or law enforcement agency, corporate entity or other institution.
Here is our recommended process:
1. DO NOT ATTEMPT TO ACCESS THE SITE FROM ANYTHING OTHER THAN THE TOR BROWSER!
2. DO NOT USE AN EMPLOYER OWNED COMPUTER OR CONNECT FROM WORK!
3. If possible, boot the TAILS operating system on a computer you trust and control.
a. Skip to step 5
4. If you are unable or unwilling to use TAILS you can install the Tor Browser on a computer you trust and control [not an employer owned computer].
a. Use an up-to-date version of Google Chrome or Mozilla Firefox to download the Tor Browser at https://www.torproject.org. Do not download it from any other site.
i. You can ensure Chrome or Firefox is up to date by restarting the browser and allowing it to install updates, or by telling it to check for updates in the About: menu.
ii. This is critical to make sure you download an authentic copy of the Tor Browser, instead of malware from an attacker.
iii. Advanced users should additionally consider verifying the PGP signature of their Tor Browser installer.
b. Install the Tor Browser.
5. Access our submission site via the Tor browser.
a. Launch the Tor Browser and visit our site at http://tno6jphtw47s7ekd.onion/
6. Begin the web-based submission process by clicking “Blow the Whistle.”
a. Fill out the simple form with a title, description, files, and any descriptions of files we need to know.
i. Please note if you are the sole person or part of a small group with access to this information, or if you have other concerns about your anonymity.
ii. Please note any time that we should hold your publication for submission.
b. Upload any files.
c. Click through the page to acknowledge you are using recommended security practices as described in (1) and (2).
d. You will be provided a 16-digit key code to log in and see any messages from North Star Post staff. Please check back if possible, and if you expect any questions or answers from us.
e. North Star Post staff will acknowledge any legitimate submission (not obvious spam, malware, or harassment) within 48 hours
7. Check back at http://tno6jphtw47s7ekd.onion after 48 hours by entering your key code in the box under “Have you already filed a submission? Enter your key code.”
a. North Star Post staff will have follow-up questions, or thank you for your submission.
Advanced users may add a layer of encryption by encrypting data to be readable to Jason Hernandez’s PGP key if they do not want to solely trust the GlobaLeaks platform to encrypt the submission. These submissions will be handled with additional security measures on receipt.
We recommend using the TAILS operating system, which includes the Tor Browser and is designed to boot from a USB flash drive without leaving any traces on the computer used.