Employees, ex-employees, customers, and others are often privy to the most accurate and useful information about a particular corporation, yet they may be in a position that makes it difficult to contribute to a project such as Crocodyl without fear of the potential repercussions.
If you have information that you would like use to contribute to Crocodyl, but can not use your name to publish it, there are secure ways you can submit to Crocodyl anonymously. The most secure way at the moment is to submit your documents via Wikileaks.org. People submitting information to Crocodyl or CorpWatch, via Wikileaks or directly to us, will be treated as a confidential source.
Send your documents by postal mail on a sealed envelope. If possible, please use tamper evident security tape. Address you mail to:
2958 24th Street
San Francisco, CA
1) Download and install TOR. Tor is free software and an open network that helps you defend against certain forms of network surveillance. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications. Once you have installed Tor, you can also use Torbutton, a Firefox browser extension.
2) Sending information over email is LESS secure than submitting a file via Wikileaks.org. You can send information in a PGP encrypted email to:
The public key is located here. We recommend using Thunderbird for email, installing GnuPg to handle the encryption, and the Enigmail Add-on to connect Thunderbird to the encryption software. You can find a really great explanation of email encryption and how to use Enigmail with Thunderbird on Mozdev.
Web browser and email clients
Mozilla Firefox: All good security starts with a good browser, and Mozilla Firefox is a great one. If you are using Internet Explorer there are many vulnerabilities that you are exposing yourself to, and many anonomyzing features are not available.
Mozilla Thunderbird: Similarly, if you are using another mail client, or webmail, there are some security vulnerabilities that you have probably overlooked. While email is a fairly insecure method of communication, using Thunderbird with PGP will mitigate the problem.
Tor (The Onion Router): Anonymized web surfing is almost impossible, and for absolute anonymity there is no perfect solution. Tor will get you most of the way however. The website has detailed instructions of how to install Tor and there is a Firefox plugin called Torbutton that will allow you to easily toggle Tor on and off.
Gnu Privacy Guard, or GnuPG is an Open Source and Free Software implementation of the OpenPGP standard. What does that mean? It means that you can use GnuPG without restrictions from patents, and without having to pay for it. GnuPG allows you to send an email that is encrypted so that even if it is intercepted by what is called a "man in the middle" attack, the message will be undecipherable to the majority of people who could access it. Installation can be complicated for inexperienced users, but the time that you take to learn about security and encryption will be well worth it.
General Whistleblower Support Information
The National Whistleblower Center offers a submission form that is NOT a secure web form, meaning your information could be intercepted by a third party during transmission of the data. They also offer an Attorney Referral service to help match whistleblowers with qualified legal counsel.