Temporary Email for Journalists: Protecting Sources and Investigations

Journalism-Specific Privacy Threats

Journalists face unique threats:

**Source exposure:** - Email metadata reveals who you're talking to - Server subpoenas can expose communications - Hacked email reveals source identities - Even "deleted" emails may be recoverable

**Investigation compromise:** - Subjects of investigation may monitor you - Corporate legal teams subpoena journalist emails - Government agencies use surveillance - Competitors may try to scoop you

**Personal safety:** - Covering hostile subjects creates enemies - Doxing campaigns target journalists - Some stories create physical danger - Your email is a key identifier

**Legal exposure:** - Email is discoverable in legal proceedings - Shield laws don't always protect email - Cross-border journalism complicates jurisdiction - Subpoenas may come without notice

When Temporary Email Helps

**Initial source contact:** - Source reaches out via tip line - You need to respond without revealing identity - Use temp email for initial exchange - Move to more secure channel for ongoing

**Research and investigation:** - Signing up for services you're investigating - Creating accounts to verify claims - Accessing documents without identifying yourself - Testing company's privacy practices

**Covering your tracks:** - Emails you don't want subpoenaed - Communications that could identify sources - Research that reveals investigation direction - Contact with sensitive parties

**Throwaway communications:** - One-time source contact - Requests for public information - Anything that doesn't need follow-up

**Important limitation:** Temp email is for anonymity, not security. Communications aren't encrypted. For sensitive source communication, use encrypted channels (Signal, ProtonMail, SecureDrop).

Operational Security Setup

Temporary email works best as part of a complete setup:

**The journalist security stack:** 1. **VPN or Tor** - Hide IP address 2. **Secure browser** - Tor Browser or hardened Firefox 3. **Temporary email** - Anonymous identity for signups 4. **Encrypted messaging** - Signal for ongoing communication 5. **Secure email** - ProtonMail for email that matters 6. **SecureDrop** - Institutional tip line for sources

**Using temp email securely:** ``` 1. Connect to VPN (or Tor) 2. Use private browsing 3. Generate temp email 4. Use for specific purpose 5. Don't reuse across investigations 6. Don't connect to real identity ```

**Never:** - Use temp email on your regular browser - Access temp email and real email in same session - Use temp email that can be traced to you - Assume temp email is encrypted

Source Communication Protocols

**First contact via temp email:** If a source finds your public email, they've already potentially exposed themselves. Offer a safer channel:

``` "Thank you for reaching out. For your protection, I suggest we communicate via Signal. My number is [Google Voice number, not your real phone]. Delete this email after noting the number." ```

**When source uses temp email:** - Respond promptly (temp email expires) - Don't push for real identity - Offer secure alternatives - Save key info offline before email expires - Verify they are who they claim (carefully)

**The handoff:** Temp email → Signal/encrypted email → In-person if possible

**Never:** - Ask source to email sensitive docs - Store source identity in any email - Discuss investigation specifics via temp email - Assume temp email is source-protecting (it's not encrypted)

Investigation OPSEC Examples

**Investigating a company:** ``` 1. Create temp email via Tor 2. Sign up for company services 3. Research as normal user 4. Never use from your IP 5. Never connect to journalist identity 6. Document findings securely 7. Let temp email expire ```

**Verifying a scammer:** ``` 1. Temp email for initial contact 2. Use persona, not real identity 3. Record communications 4. Verify claims through back-channels 5. Never expose real identity until publish ```

**Requesting public records:** ``` - Official requests: Use your real identity - Preliminary research: Temp email OK - Sensitive requests: Consider timing - Some agencies require verified identity ```

**Research on extremist groups:** ``` 1. Fresh VPN/Tor connection 2. New temp email per group 3. Plausible persona 4. Never cross-contaminate identities 5. Assume you're being watched 6. Document everything securely ```

Limitations and Alternatives

**When temp email isn't enough:** - Ongoing source relationships (use encrypted email) - Sensitive document transfer (use SecureDrop) - Communications that could be subpoenaed (use Signal) - High-value source protection (use all measures)

**Better alternatives for different needs:**

**For ongoing source contact:** - Signal (encrypted, disappearing messages) - ProtonMail (encrypted, based in Switzerland) - SecureDrop (institutional, designed for sources)

**For investigation communication:** - Separate work email from personal - Don't use employer email for sensitive work - Consider country-specific legal protections

**For document receipt:** - SecureDrop (anonymizes sources) - Signal (encrypted, can verify) - In-person (most secure)

**The layered approach:** ``` Temp email: Initial contact, research signups Encrypted email: Ongoing text communication Signal: Real-time, sensitive discussions SecureDrop: Sensitive document receipt In-person: Most sensitive matters ```