Browse parent directory

my_research/us_govt_whistleblower_guide.html

2025-06-22

US Govt Whistleblower guide

Disclaimer

• Incomplete
• I deleted the full version as I'm still working on it. Will update once ready.

Why this guide?

• I continue to think there isn't a single whistleblower guide on the internet that's good enough for this scenario. Some guides avoid talking about important details due to chilling effects. Other guides prioritise interests of journalists or lawyers.

Summary of the guide

• If you are leaking US classified information, your best choice is probably flying to Russia like Snowden did. It is probably not improving your opsec and hoping to stay anonymous in the US.
  • Why?
    • The sysadmins working for the NSA leadership track every document downloaded from central DB to client machines, so your opsec being good isn't enough to protect you.
    • Almost every person who stayed in a country within US sphere of influence after leaking classified info has been imprisoned.
  • How?
    • You should probably leave no digital trail. You should probably redact documents yourself using GIMP on an airgapped tails setup, inspect bytes for steganography and metadata, and create a single tarball of everything. There is no safe way to erase a disk, so you must physically shred all disks used and process data in RAM otherwise.
    • You should probably leave no physical trail. This includes but is not limited to every item in your house (electronic, paper, etc), every purchase you make and every roadside camera you pass.
    • While in the US you should probably have zero people in-the-loop, while outside the US geopolitical sphere you should probably have one lawyer and zero other people in-the-loop. "People" here includes immediate family members, psychiatrists, journalists, etc. You should probably trust zero people to help you commit the action, but trust a few people to support you after you have committed the action.
    • You should probably send documents to as many journalists as possible, but trust none of them.
    • Most SecureDrop servers provide journalist's PGP pubkeys. You should ideally manually PGP encrypt the tarball before you send it via any channel (be it securedrop or protonmail or something else).
    • Russia has good historical track record for this scenario. It is very important to make the right choice on which country you fly to.
    • Advanced users only: You can connect your tails setup to Tor instead of keeping it airgapped, acquire ETH anonymously, then publish your tarball directly to ethereum blobdata. This ensures mirroring to multiple nuclear states without trusting journalists. There's two ways to acquire ETH anonymously, the first is mine XMR and then swap it using a trusted bridge over Tor, the second is use some imperfect method like cash or gift cards to buy ETH, but then use Tornado to wash it.
  • Evidence, full guide
    • Some of this is currently my personal opinion. I would much rather back everything in the guide with empirical evidence from previous cases, than rely on my opinion.
    • see more: https://www.lesswrong.com/posts/jKehN6uTYF7Z4WFKW/us-govt-whistleblower-guide-incomplete-draft
• If you are not leaking US classified information but only an overview of the situation based on your own word, your best choice is probably coming out publicly in the US with a legal defence and requesting donations to fund it.
  • Why?
    • Most people who got a good legal defence did not get imprisoned.

Comments