Tor for Investigative Journalists: Complete Security Guide

Investigative journalism security requires a layered approach: device security (encrypted devices, compartmentalized workstations), network security (Tor for research and source communications), communication security (Signal, SecureDrop for source contact), document security (GPG encryption, metadata stripping), and operational security (behavior patterns, need-to-know information sharing). Tor addresses the network security layer, preventing IP-based identification of your research subjects and routing communications with sources through multiple encrypted hops. No single tool addresses all layers - each requires appropriate tools and practices.

Investigative subjects often monitor website access logs for media organization IP ranges as an early warning system for incoming investigations. Corporate communications teams at large companies receive alerts when major news organization IPs visit their site. Government agencies log metadata from media inquiries to their press offices. Conducting research via Tor Browser prevents these attribution systems from functioning. Tor exit IPs are not linked to any newsroom. For the most sensitive investigations, use a separate Tor Browser profile or Tails OS session for research related to each investigation to prevent cross-investigation correlation even within your own browsing sessions.

Establish a SecureDrop instance (or use your organization's existing instance) for receiving documents from sources. Publish the .onion address on your organization's contact page and in your published work bio. Train sources on how to use SecureDrop: access via Tor Browser, submit without creating an account, keep the codename secure, return to check for replies. For ongoing source relationships requiring real-time communication, establish Signal contacts through in-person verification of safety numbers. For source relationships where in-person verification is impossible, use secure messaging platforms that do not require phone numbers (Briar, Session) after establishing initial contact through SecureDrop.

Documents received through SecureDrop or other secure channels must be processed securely before use in reporting. View documents only in sandboxed environments: Dangerzone converts documents through an isolated conversion process, eliminating macros, tracking pixels, and executable code. Tails OS sandboxes document viewing applications by default. Never open untrusted documents on internet-connected machines using standard document viewers (Adobe Reader, Microsoft Office) that can execute embedded code or beacon home. Extract and verify factual claims from documents without downloading them to production machines when possible. Strip metadata before sharing documents with editors or sources.

If your investigative team manages its own communication or publication infrastructure, secure that infrastructure using Tor hidden services. An .onion-addressed internal wiki, encrypted document sharing, and team chat server reduces exposure of internal investigation details to network-level surveillance. Host investigation-specific infrastructure on servers in privacy-respecting jurisdictions separate from your publication's main servers. Use OnionShare for ad-hoc secure file transfer with editors and collaborators who cannot access your full secure infrastructure. Treat your investigation's internal communications with the same security level as your most sensitive source relationships.