Updated: Dec. 12, 2016
I am Barton Gellman, a journalist and author. My main focus is surveillance and privacy. I am one of the reporters who received an archive of NSA documents from Edward Snowden in 2013. I am writing a book for Penguin Press called DARK MIRROR: Edward Snowden and the American Surveillance State (2017).
This page explains how to make contact with me in maximum confidence. Most people will not need to take such strict precautions. If you do not face a realistic risk of retaliation from a government or large corporation, you can skip this message and browse directly to the Secure Contacts page on my web site:
For a small minority of people, talking to me could attract unfriendly attention from someone with serious surveillance resources and strong motive to point them your way. If you face that kind of threat from a nation-state or well-resourced company, please read on. This message addresses two problems. How do you know you can trust what you are reading here? And how can you safely take the very first step of browsing to the Secure Contacts page on my web site?
TRUST. Those who care, and know how, may verify this message cryptographically. It is signed with my PGP key. The signature proves that I am who I say I am and that no one has tampered with these words. To verify it, download this file and its accompanying signature, callmemaybe.md.sig. The key itself is verifiable at https://keybase.io/bartongellman.
BROWSING SAFELY TO MY WEB SITE. If you are in the highest-risk category, browsing to my Secure Contacts page from your home or work computer might place you under suspicion. Here are some options to protect your anonymity.
a. Do not browse to https://bartongellman.com/pgp from a device you usually use or a network near the places you usually go. Choose one of the following alternatives. Whichever you choose, leave your mobile phone behind, and leave it powered on while you're away.
b. Minimum precaution: Go to a public library away from home and work to communicate with me. That's not especially anonymous, but librarians are a liberty-minded tribe. They keep few records and do not hand them out lightly.
c. Better: buy a cheap computer for cash and connect to a high-traffic public wifi network away from your home and work. NEVER use this "burner" computer or wifi network for anything but secure communications. Especially do not use either one of them to log onto an account in your real name.
d. Better still: on your burner computer, connected to a public wifi network, download and install the Tor browser (https://torproject.org). Tor obscures your location and the unique IP address of your machine. After installing Tor, move to another high-traffic public wifi network. Launch the Tor browser and use that to make contact with me.
e. Best: on your burner computer, connected to a public wifi network, download and install Tails (https://tails.boum.org/). You will need at least one USB thumb drive. Bring two. Tails is an operating system (like Windows or Mac, but based on Linux). The web site explains clearly how to make a bootable thumb drive that can start most computers. Tails is designed from the ground up to leave no trace on your machine and to communicate as safely as technically allows. Tor is built in. After downloading Tails and creating a bootable thumb drive, move to another high-traffic public wifi network. Use the Tails thumb drive to start your computer and browse to my web site from there.
The time commitment and learning curve grow steeper as you move down that list. Decide for yourself what precautions are justified.
If you have something worth talking about, I hope you won't let any of this discourage you. Some things are worth taking risks for. You probably wouldn't be here if you thought otherwise.