Whistleblower Hosting — Secure Anonymous Infrastructure

Whistleblower platforms receive sensitive documents and communications from individuals who risk their careers, freedom, and sometimes their lives to expose wrongdoing. The infrastructure hosting these platforms must protect both the sources who submit information and the operators who run the platform. A single point of failure in the hosting chain can compromise everything.

When a whistleblower platform is hosted on infrastructure linked to a known operator, adversaries have a clear target. They can pressure the hosting provider, subpoena server records, monitor network traffic to and from the server, or physically seize equipment. Anonymous hosting removes the operator identity from the equation, making these attack vectors significantly harder to execute.

The most high-profile whistleblower cases in history have involved attempts to shut down disclosure platforms through infrastructure attacks. Hosting in a single identified location with a known operator creates a single point of failure. Anonymous, distributed hosting infrastructure provides the resilience that whistleblower platforms need to survive sophisticated, well-funded adversaries.

SecureDrop is the gold standard for whistleblower communication systems, used by major news organizations including The New York Times, The Washington Post, and The Guardian. Our VPS plans are fully compatible with SecureDrop deployments, and our Tor-friendly policies allow the .onion services that SecureDrop requires to operate without restriction.

GlobaLeaks is an open-source whistleblowing platform designed for organizations that need a simpler setup than SecureDrop while still providing strong source protection. Our managed hosting option is particularly well-suited for GlobaLeaks deployments, as our team can handle the server administration while the organization focuses on managing disclosures.

• SecureDrop: full support for Tor-based deployment, multi-server architecture
• GlobaLeaks: one-click deployment available, managed option for non-technical organizations
• Custom platforms: full root access to deploy any secure communication system
• Signal relay servers: support for running Signal-compatible relay infrastructure
• Encrypted file storage: secure document storage with client-side encryption

Whistleblower infrastructure requires defense-in-depth security. At the hosting level, we provide DDoS protection, clean IP addresses not associated with abuse lists, and network-level isolation between customer instances. Our KVM virtualization ensures that co-located customers cannot access your data through hypervisor exploits or shared memory attacks.

We recommend full-disk encryption (LUKS) on all whistleblower platform servers. With full-disk encryption, even physical seizure of the server hardware yields only encrypted data. Our NVMe storage ensures that encryption overhead is negligible — the performance impact is less than 5% with AES-NI hardware acceleration, which is available on all our server CPUs.

Network security should include exposing the platform only through Tor hidden services, with no clearnet accessibility. This means the server has no publicly routable services for adversaries to scan or attack. All administration should be performed through Tor-connected SSH sessions. We provide VNC console access as a backup for emergency out-of-band management if the Tor connection is unavailable.

Operating a whistleblower platform is a serious responsibility. The people who submit information trust that the platform operator will protect their identity and handle their disclosures responsibly. Choose a hosting configuration that matches the threat model — organizations facing nation-state adversaries need dedicated servers with full-disk encryption and Tor-only access, while organizations addressing corporate misconduct may operate safely with a well-configured VPS.

Regularly update all software on the platform, including the operating system, the whistleblower platform software, and the Tor daemon. Security vulnerabilities in any component can compromise source protection. Our managed hosting option handles these updates automatically, ensuring that your platform always runs the latest security patches.

Consider geographic redundancy by running backup instances in different AnubizHost datacenter locations. If one location experiences an outage or legal action, your platform can fail over to an alternate location automatically. Our multiple offshore locations in Iceland, Romania, and the Netherlands provide jurisdictional diversity that makes coordinated takedown attempts across all locations extremely difficult to execute.