Skip to main content

Source Protection: Advanced Techniques

Air-gapped devices, hardware security keys, Tails OS, SecureDrop, and OnionShare: for journalists handling high-risk sources and sensitive documents.

Last reviewed: Next review due:

When basic precautions are not enough

Signal and a VPN are sufficient for most journalists, most of the time. But sources facing criminal prosecution, whistleblowers in regulated industries, and people in countries with aggressive surveillance capabilities need a more robust approach. Advanced source-protection techniques reduce the risk of technical exposure even when legal protections fail.

For legal protections, see Source Protection Law in the UK (Detailed). For a comparison of everyday tools, see Digital Tools Comparison.

Air-gapped devices

An air-gapped machine has no network connectivity — no Wi-Fi card, no Bluetooth, no Ethernet. It cannot be reached by remote malware or surveillance tools. Use one for: opening untrusted attachments, analysing potentially malicious documents, and storing the most sensitive source material offline.

  • Buy a dedicated cheap laptop and permanently disable Wi-Fi (physical removal or BIOS-level).
  • Use a write-once DVD or a verified, clean USB drive to transfer files — never a USB that has touched a networked machine.
  • Never connect the air-gapped device to power via USB hubs shared with networked devices.
  • The FPF recommends Tails OS on air-gapped devices for document review.

Hardware security keys (YubiKey)

Hardware security keys implement the FIDO2/WebAuthn standard — you physically touch the key to complete authentication, which cannot be replicated by a remote phishing attack. They are supported by Google, Microsoft, Twitter/X, GitHub, and many other services journalists rely on.

Why hardware keys beat SMS 2FA

SIM-swap attacks can intercept SMS codes. Hardware keys require physical possession — an attacker must steal the device from you.

Which key to buy

YubiKey 5 series covers USB-A, USB-C, and NFC. Buy two: one primary, one backup. Register both with every critical service.

Which accounts to protect first

Email, cloud storage, Twitter/X, Signal registration number, password manager (if supported), and any publications management system.

NCSC guidance

The NCSC recommends hardware security keys as the strongest available 2FA method for accounts holding sensitive information.

Tails OS for source communications

Tails is a live operating system distributed by the Tails Project and recommended by both the Freedom of the Press Foundation and the EFF. Boot it from a USB drive; it routes all traffic through Tor and wipes memory on shutdown. The host machine's storage is never touched.

  1. 1Download from tails.boum.org only and verify the OpenPGP signature before installation.
  2. 2Use Tails on a dedicated USB drive (minimum 8GB) — do not use it on the same USB as other files.
  3. 3When receiving source material, boot Tails on an air-gapped machine and open the files there.
  4. 4Use the Tails Persistent Storage feature to save your GPG keys — never store keys on a networked machine.
  5. 5Never suspend (sleep) Tails — shut down fully so memory is wiped.

SecureDrop

SecureDrop is the most widely used whistleblower submission system in newsrooms. Developed by the Freedom of the Press Foundation, it is used by The Guardian, The Times, BBC, Financial Times, and other major UK publishers.

  • Sources access the .onion address via Tor Browser — ideally from Tails OS on a public network not linked to them.
  • The newsroom receives submissions on a dedicated, air-gapped server.
  • Sources receive a unique random codename to check back for journalist responses.
  • No IP addresses or tracking metadata are logged by SecureDrop.
  • Newsrooms: contact the FPF for implementation guidance. SecureDrop requires dedicated server infrastructure and security maintenance.

OnionShare

OnionShare is a lighter alternative to SecureDrop for one-off secure file transfers. A journalist runs it on their own machine to generate a temporary .onion address; the source uploads files via Tor Browser. No server infrastructure is required.

Use it for

  • One-off document transfers from a known source
  • Sharing files with a source without email metadata
  • Hosting a simple anonymous chat room

Do not use it for

  • Volume whistleblower submissions (use SecureDrop)
  • Sources who need to check back repeatedly
  • Situations where you cannot run the server on a trusted device

Frequently asked questions

What is an air-gapped device and when do journalists need one?
An air-gapped device is a computer with no network connection — no Wi-Fi, no Bluetooth, no Ethernet — so that malware cannot transmit data remotely. Journalists should consider an air-gapped device when handling documents that could expose a high-risk source: leaked government files, corporate whistleblower material, or documents from countries with aggressive surveillance capabilities. Transfer files using a write-once DVD or a verified, clean USB drive.
How does SecureDrop work?
SecureDrop is an open-source whistleblower submission system developed by the Freedom of the Press Foundation. Sources visit a news organisation's SecureDrop .onion address using Tor Browser. They upload documents anonymously and receive a unique codename. The journalist accesses submissions via a dedicated, air-gapped server. The Guardian, The Times, and other UK publications operate SecureDrop instances. Sources should use Tails OS when accessing SecureDrop for maximum protection.
What is OnionShare and how is it different from SecureDrop?
OnionShare is a simpler tool that lets you share files, host a website, or receive files anonymously over Tor. Unlike SecureDrop, it does not require dedicated server infrastructure — a journalist can run it on their own machine. It is suitable for one-off secure file transfers. SecureDrop is better for newsrooms receiving large volumes of whistleblower submissions over time.
Do I need a hardware security key (YubiKey) as a journalist?
Hardware security keys provide the strongest form of two-factor authentication because they cannot be phished remotely — you must physically touch the key to authenticate. They are strongly recommended for journalists with high-risk accounts: email, cloud storage, social media accounts that attackers would want to compromise. YubiKey is the most widely used brand and is supported by Google, Microsoft, and most major services.
What UK law governs source protection?
Section 10 of the Contempt of Court Act 1981 provides qualified protection against compelled source disclosure. The Police and Criminal Evidence Act 1984 (PACE) creates special procedures for police access to journalistic material. These protections are qualified: courts can override them on national security, justice, or crime prevention grounds. Technical source protection via encryption is therefore a complement to, not a substitute for, legal protection.