Use a tailor-made email account with PGP encryption to help protect your messages and attachments against prying eyes.
- Encrypted emails and documents are protected by secret encryption keys and passwords to use those keys. The bad guys would need to have both to read your stuff.
- You can send long messages and attachments. This is difficult using phone apps.
- It’s easy to communicate directly with a specific Guardian journalist.
- PGP requires a bit of technical know-how to set up.
- If you lose your keys or forget your password, you won’t be able to read your own communication.
If you plan to write an email to a Guardian journalist about a sensitive matter, look into PGP encryption. Used properly, PGP should make a message or document unreadable to anyone except the person who sent it and the person for whom it was encrypted. You will use a public key that belongs to the person you are writing to, but is freely available on the internet. This key turns your message into an unreadable jumble. Your recipient – and no one else – has a corresponding private key which can unlock messages that were encrypted by their public key.
Don’t use your regular email address. Create a new email account solely for corresponding with the Guardian. Do it on a computer that isn’t being monitored, and make sure the sign-up information you provide doesn’t tie the account back to you.
If you’re using a browser-based service such as Gmail, Yahoo! Mail or GMX webmail, look into Mailvelope or FlowCrypt (Gmail only) for encrypting messages in your browser. Two popular applications for encrypting text and documents, which you can then paste or attach to emails, are Gpg4win for Windows and GPGSuite for Mac.
Once you have installed one of these tools you can use it to create your own PGP keys. Keep your private key and password safe and don’t store the two together.
You should encrypt your messages and attachments using both your public key and that of the person you are writing to. All being well, this means that only you and the journalist will be able to decrypt them. You can find Guardian journalists’ keys at theguardian.com/pgp.
Information carried with an email message can reveal your IP address. If you don’t want the location you’ll send from to be traceable, connect to your email service over the Tor network.
Email your encrypted material to us, along with a copy of your public key so we can reply to you also under encryption. Don’t encrypt the public key itself.
Remember to log out after sending the message. You may also wish to delete the history of the correspondence from your browser or email software. Keep your computer secure.