Today we are proud to launch the source code for our encrypted submission tool. You no longer need to take our word for it. You can see exactly how it works, host your own version, or fork it for your organisation.
Why We Opened It
Transparency is a principle, not a marketing gimmick. By publishing whistleblower-pgp-tool on GitHub, we invite scrutiny, adoption, and evolution. We want to make this tool available to any person, newsroom, campaign or NGO who needs secure, private tip submission.
What You Get
- Browser-side encryption using your public PGP key (no server decryption)
- A simple HTML and JavaScript template you can drop into any static site
- Clear instructions to swap in your own PGP public key and email, never your private key
- No logins, no tracking, no analytics, just pure privacy
How to Use It
- Go to the GitHub repo: ReasonableMedia/whistleblower-pgp-tool
- Clone or fork it to your own project or site
- Replace the placeholder email and public key with yours
- Deploy the HTML and JS page on your host (GitHub Pages, Netlify, your server, etc.)
- Test by encrypting a sample message and decrypting it yourself
Security Note: Essential
Do not ever include the private key in your code. Only public keys belong in the repository. If you ever expose your private key, everything encrypted with it becomes readable by anyone who has it.
Who This Is For
Journalists, small NGOs, independent researchers, internal teams, anyone who wants to accept encrypted tips without relying on third party services. This is not just theoretical. We use this tool ourselves on trsa.org.uk/whistleblower.html.
Get Started
Visit the repo: ReasonableMedia/whistleblower-pgp-tool
Read the README. Follow the steps. Fork it. Make it your own. Help build a safer, more transparent web.






Be First to Comment