Its a shame that on the actual SafeSource site they don't seem to give much assurance:
Forbes does not make any representations or warranties as to SafeSource, and your use of SafeSource is on an "as is" basis, at your own risk.
I suppose it is just to cover them legally, but they could be a bit more reassuring to whistleblowers and informants who might not understand the technology very well or the credentials of those who have vouched for it like Schneier and others.
No, actual whistleblowers should be covering their own asses as much as possible with informed decisions and good opsec/infosec practices and not trusting anyone or anything else which includes the press. If a whistleblower's identity is exposed, it stands to reason media outlets have more to gain from the fallout.
How about instead of each newspaper creating its own system, they all just run a Mixmaster/Mixminion/Sphinx node, so that there is no single point of failure? The problem of anonymous communication has been well-studied and we know how to make practical systems for it. I should not have to connect to a server run by Forbes in order to communicate anonymously with Forbes.
Buy an inexpensive b/w laser printer, paying with cash. Maybe wear a baseball cap with a big front bill, for good measure. Or buy second hand. Preference to a model that at least ostensibly does not insert "hidden" identifiers into its printouts. Also buy a sealed ream of printer paper and envelopes that you can nest inside larger envelops, all in packaging. And a glue stick.
Buy stamps from an automated machine, paying with cash. Only handle them with gloves on, and be careful of body material adhering to the adhesive.
Put on your latex or similar gloves. Avoid touching yourself or breathing on them -- you might decide to wear a face mask and a hair net (before putting on the gloves).
Unpack the printer, and the paper. Load it up and print your documents. Print your mailing envelopes.
Find the mailing address in a non-obvious fashion. E.g. preferably from a paper copy of the newspaper. Don't Google it. Also, address a reporter known to have a strong interest in the topic/area you are addressing.
Put documents in mailing envelopes. Seal using glue stick. Apply postage carefully to avoid trapping identifiable material in the adhesive. If the adhesive requires activation (e.g. water), use the glue stick for this.
Nest the envelope in the larger envelope.
Find mailbox or mail drop that is, hopefully, unmonitored. DON'T take your cell phone with you when finding it nor when subsequently visiting it. Try to make it somewhere away from your normal patterns. Beware of your car being tracked; it may be better to visit it on foot or on a bicycle.
Slide the mailing envelope out of its nest in the larger envelope, into the mail receptacle. Try to be as discreet in this as possible.
I started writing this thinking that the suggested instructions would be relatively straight-forward. I'm realizing now just how much they are not so.
Now, a final step. Picture this scenario in a world where everyone's DNA is profiled -- a proposal that keeps rising in many states and which is already increasingly applied to everone who is ever arrested -- not convicted, just arrested. Or has any "secure" role, which can include working in a hospital or other healthcare setting, working with children, working in law enforcement, working for any paranoid employer in a state not explicitly protective of personal privacy...
I am suddenly realizing just how important "online" "black boxes" may be, going forward.
P.S. Also, I simply ran out of steam -- motivation for what started as a minor thought exercise. Of course, the above doesn't address the security, or lack thereof, of the system holding the documents and from which they are being printed. Nor many other aspects.
Already, it is seeming difficult enough.
I'm also thinking more about other, less desirable scenarios that seek to use anonymous postal mail. That was not my purpose. I was solely, hypothetically addressing sending whistle-blowing material to a journalist.
I am feeling more than a bit paranoid, right now...
SecureDrop is going to end up being so important to journalism and overall freedom I just want to cry endlessly about Swartz's fate, which came far before he (or we) knew about his potential effects on the world.
Nah, that would just create duplicates of your files, crash when you need it the most, and corrupt things beyond recognition and force you to blow the whistle again from the start.
Forbes does not make any representations or warranties as to SafeSource, and your use of SafeSource is on an "as is" basis, at your own risk.
I suppose it is just to cover them legally, but they could be a bit more reassuring to whistleblowers and informants who might not understand the technology very well or the credentials of those who have vouched for it like Schneier and others.