Send Anonymous Tip

Share anonymous tips or whistleblower information securely. No logs, no traces.

Why secure send anonymous tip matters

An anonymous tip is testimony where the source withholds identity from the recipient — a journalist, regulator, internal compliance line, or law-enforcement intake. PasteOnce keeps the textual contents out of email archives and chat retention. What it cannot do is make you anonymous at the network layer: the TCP connection uploading your ciphertext still carries an IP, a TLS fingerprint, and a timestamp an adversary with subpoena power can correlate.

The platforms tipsters reach for first are the worst. A corporate ethics-hotline that promises anonymity often funnels reports into NAVEX EthicsPoint or Convercent, where managers within two reporting layers can identify a submission from job title, location, and timeline of described events. Webmail leaves a permanent header trail. Signal beats email for source-to-journalist messaging only if the journalist's phone is the threat model — Signal still reveals your number to that recipient.

PasteOnce becomes useful when a journalist or regulator gives you an intake URL and you want to deliver text without it landing in their inbox. Compose offline, route the upload through Tor Browser or Tails OS so the request egresses from a Tor exit rather than your home ISP. For the gold standard, compare against SecureDrop — the open-source platform Freedom of the Press Foundation maintains, deployed by the Washington Post, The Guardian, and around 70 newsrooms.

What goes wrong when send anonymous tip is shared insecurely

Network-layer IP attribution. Your raw IP shows up in Vercel edge logs, Upstash request metadata, and any intermediate CDN. A subpoena, civil discovery order, or rogue insider can pull it. Tor Browser is the practical mitigation for adversaries with that reach.
Stylometric fingerprinting of the prose. Tools like JStylo, Anonymouth, and Writeprints can identify an author from roughly 6,500 words of samples. Pronoun habits, comma placement, and idiom choice all leak. For high-stakes tips, paraphrase aggressively or run the draft through a translator round-trip.
Time-of-submission correlation. If the events you describe happened at 14:03 and your tip lands at 14:11, anyone with badge logs or VPN-session timestamps can shortlist suspects. Submit on a delay, from off-network, outside your usual working hours.
The corporate ethics-hotline anonymity gap. EthicsPoint, Convercent, Syntrio, and Lighthouse advertise anonymous reporting; in practice, content combined with HRIS data often points to one obvious author. Internal investigators routinely identify reporters within the first interview round.

Send Anonymous Tip

Client-side encrypted. We can't see your data.

Press Ctrl/⌘ + Enter to send0 characters

Expires in:

End-to-End Encrypted

Your data is encrypted in your browser before it leaves your device.

Self-Destructing

Messages are automatically deleted after being read once.

Zero Knowledge

We never see your data. Only encrypted blobs pass through our servers.

One-Time View

Links work exactly once. Refresh the page and it's gone forever.

How does send anonymous tip work on PasteOnce?

Client-Side Encryption

Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.

Secure Storage

Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.

One-Time Read

When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.

Best practices for send anonymous tip

Compose on a clean device, off corporate networks

Draft on personal hardware that has never touched the employer's WiFi or MDM enrollment. Tails OS booted from a USB stick gives you an amnesic environment that leaves nothing on disk. Avoid logged-in browser profiles entirely.

Route uploads through Tor or VPN-over-Tor

Open Tor Browser, paste the text, hit submit. For threat models where a Tor exit might itself be hostile, chain a paid VPN behind Tor (Tor first, VPN second). Mullvad and IVPN publish multi-hop guides.

Sanitize the prose before submission

Strip identifying phrasing — internal jargon only your team uses, project codenames, the order you describe events in. Run the text through DeepL into another language and back to degrade stylometry models.

Match the channel to the recipient's intake spec

If a journalist publishes a SecureDrop address, use it. If a regulator like the SEC Office of the Whistleblower offers Form TCR submission, use that — Dodd-Frank Section 21F protections only attach to specified intake channels.

Related Secure Sharing Tools

Share API Key Securely Share SSH Private Key Share .env Variables Share Database Credentials Send Password Securely Share Password Securely Share Credit Card Details Share Banking Info

Real situations this is built for

Disclosing accounting irregularities to a reporter

A staff accountant notices revenue-recognition manipulation and wants to reach a financial-press journalist before going to the SEC. The journalist has no SecureDrop instance. Over Tor Browser, the accountant pastes a sanitized narrative and shares the link via a burner ProtonMail account.

OSHA-protected safety reporting at a plant

A worker witnesses repeated PPE violations on the night shift. Section 11(c) of the Occupational Safety and Health Act prohibits retaliation, but proving it later requires evidence. The worker uses PasteOnce to send a structured incident log to a labor attorney before filing OSHA-7.

Pre-disclosure call with a whistleblower lawyer

Before invoking SEC Rule 21F-17 or False Claims Act qui tam protections, the source needs counsel. The attorney's firm uses PasteOnce for the first round of fact-pattern intake, then moves onto attorney-client-privileged channels.

Frequently Asked Questions

Is PasteOnce truly anonymous for whistleblowers?

No — and anyone claiming otherwise is selling something. PasteOnce hides the tip's text from server operators and chat-app providers. It does not hide your IP from the upload endpoint, nor protect against stylometric analysis. Layer Tor Browser or Tails OS on top, and treat PasteOnce as the delivery wrapper.

How does this compare to SecureDrop for journalism tips?

SecureDrop is purpose-built for source protection: it runs on hardened servers behind a Tor onion service, uses ephemeral codenames, and Freedom of the Press Foundation maintains threat-model documentation. If your recipient publishes a SecureDrop address, prefer it; PasteOnce is the fallback for recipients without formal intake.

Can the company I am reporting on subpoena my IP?

They can try. We do not deliberately log IP-to-note mappings. Upstream providers (Vercel, Upstash, your ISP) keep their own logs on their own schedules. Submitting from Tor or a VPN moves the answerable IP to those operators rather than to you.

Does using this affect SEC whistleblower award eligibility under Dodd-Frank?

The Section 21F award program requires submission through the SEC's specified channels — Form TCR, or to designated counsel. Sending a PasteOnce link to a journalist does not initiate a TCR filing. Parallel press contact does not disqualify you, but it does not substitute for the formal filing.

Why secure send anonymous tip matters

What goes wrong when send anonymous tip is shared insecurely

Network-layer IP attribution. Your raw IP shows up in Vercel edge logs, Upstash request metadata, and any intermediate CDN. A subpoena, civil discovery order, or rogue insider can pull it. Tor Browser is the practical mitigation for adversaries with that reach.

Stylometric fingerprinting of the prose. Tools like JStylo, Anonymouth, and Writeprints can identify an author from roughly 6,500 words of samples. Pronoun habits, comma placement, and idiom choice all leak. For high-stakes tips, paraphrase aggressively or run the draft through a translator round-trip.

Time-of-submission correlation. If the events you describe happened at 14:03 and your tip lands at 14:11, anyone with badge logs or VPN-session timestamps can shortlist suspects. Submit on a delay, from off-network, outside your usual working hours.

The corporate ethics-hotline anonymity gap. EthicsPoint, Convercent, Syntrio, and Lighthouse advertise anonymous reporting; in practice, content combined with HRIS data often points to one obvious author. Internal investigators routinely identify reporters within the first interview round.

How does send anonymous tip work on PasteOnce?

Client-Side Encryption

Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.

Secure Storage

Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.

One-Time Read

When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.

Best practices for send anonymous tip

Compose on a clean device, off corporate networks

Route uploads through Tor or VPN-over-Tor

Sanitize the prose before submission

Match the channel to the recipient's intake spec

Real situations this is built for

Disclosing accounting irregularities to a reporter

OSHA-protected safety reporting at a plant

Pre-disclosure call with a whistleblower lawyer

Frequently Asked Questions

Is PasteOnce truly anonymous for whistleblowers?

How does this compare to SecureDrop for journalism tips?

Can the company I am reporting on subpoena my IP?

Does using this affect SEC whistleblower award eligibility under Dodd-Frank?