Psst Safe FAQ

A: The Psst Safe is a secure vault into which insiders can safely and securely deposit non-public information or concerns they believe to be in the public interest. 

It is not necessary to have a full picture when depositing in the Safe. You may have only a small piece of information – not the whole story – or you may not know if your concern is valid. Should the public be concerned? Is this even legal? Are we being asked to do stuff we shouldn’t be doing? When you deposit the information or concern into the Psst Safe, it is encrypted. If you choose to seek legal advice, a Psst Legal team member can contact you after you make your deposit (the conversation will be legally privileged). Alternatively,  you can request that you are only contacted by a lawyer for advice if there is a Psst match – someone else who may have a similar concern.

As we say: when you see something, save something.

A: The most important thing is to ensure you are not on a work computer or work-issued phone or other device, and that you are not on a work network or VPN. If you are using a personal computer or phone which has a workplace app or software on it, you could also be vulnerable to your employer spying on what you are doing.

Once you know your device and network is not connected to your employer, visit safe.psst.org. Once you are there, you will follow the prompts which will walk you through how to enter your information into the safe securely. 

If you have any questions or run into any problems, you can always reach out at psst@psst.org.

A: At Psst, we believe there is safety and power in numbers. Psst Safe is set up to encourage collective whistleblowing and storytelling. Matching occurs when there is more than one deposit of related information submitted to the Safe. In Version 1.0 this matching is done through company name and area of work, which are left unencrypted for the Psst Legal team. If and only if a depositor has indicated they would like to receive advice when there is a match, does the Psst Legal team unencrypt matched entries and contact the depositors separately (and confidentially).

In this situation, all conversations are privileged and confidential. There is a firewall between depositors, so that one depositor does not learn the identity of the other depositor with whom they’ve matched. A depositor may never learn who they “matched” with, or later in the  process, they may decide to form a collective. It is entirely up to them.

A: The Safe is a tool for anyone within a company or organization or government who has nonpublic information or concerns that they believe are in the public’s interest. Currently, the Psst team is prioritizing depositors who are working in tech or US-based governmental entities.

A: If you are concerned that activities within your workplace are illegal, unethical, or possibly could cause harm to the general public, you should deposit your concern or information. If you are concerned, there is a chance someone else is too – and the Safe is designed to become a hub to collectively report these concerns so that the public can, where appropriate, be made aware of the bigger picture, while keeping the people who flag concerns safe and protected.

A: Deposits in the Safe are end-to-end encrypted using OpenPGP.js for client-side encryption and TLS encryption for data in transit. Deposits are stored encrypted in our database and only our legal team has access to the PGP key used to decrypt. This means if someone were to gain access to the database, all they would see would be garbled code.

Psst will not willingly turn over any deposits and will legally fight any attempts to force it to do so.

A: Deposits in the Safe are end-to-end encrypted using OpenPGP.js for client-side encryption and TLS encryption for data in transit. Deposits are stored encrypted in our database and only our legal team has access to the PGP key used to decrypt. This means if someone were to gain access to the database, all they would see would be garbled code.

Psst will not willingly turn over any deposits and will legally fight any attempts to force it to do so.

A: Initial consultations with Psst Legal are pro bono. Psst Legal maintains a large network of lawyers who we tap for specific needs; additionally, Psst is currently raising funds to offer a longer term legal defense fund directly to insiders, a major need right now. Additionally, Psst offers other services for insiders or whistleblowers, including media relations, storytelling, psychosocial support, physical and virtual security and more. When an insider comes to us for help, we conduct a triage specific to the unique circumstances of the person and information, to figure out if and how we can help.

A: No, you do not have to wait to be matched. The Safe gives you the option to request an immediate legal consult with Psst Legal. We aim to respond and set up a meeting with you within five days. If it is more urgent than this, you can reach Psst Legal on Signal at JGibson.01.

A: Yes. All conversations with Psst Legal are privileged and confidential. This means we cannot share your identity or anything you tell us with anyone else. If you decide to proceed with sharing your information - either with regulators and/or with the public - there are ways to keep your identity anonymous. We can help you develop a plan for how to do this. In fact, many of the people we support choose this option.

The Psst Safe also allows you to deposit anonymously, which means, even if you request an initial consultation with Psst Legal, we will not know your identity . For this option, you will need to provide contact information that is unidentifiable. We need contact information, even if anonymous, in order to do anything with your deposit and to ensure legal privilege when we contact you. You can set up a free, safe and encrypted email address using Proton.me.

A: Whether you are on your own or have information as part of a collective who want to come forward together, where applicable, Psst will work with you to come up with a strategy that gives you the best protection possible while creating the maximum impact possible for your disclosure.

There are many forms that can take, but one of the first steps is to vet your story and gather the appropriate documentation. From there, we will conduct a triage of sorts that often involves a multi-prong strategy. We may help you file legal submissions with regulators, talk to Congress and/or pair you with a trusted journalist to help provide further investigative resources. In some cases, whistleblowers may want to publish a first-person account in their own voice to be disseminated on our channels in partnership with a reported piece in a traditional media publication. In other cases, we will keep the source anonymous and help provide information to a journalist to get the story out there without you. Whichever route we take for your circumstances, you are in the driver’s seat at all times. Should you decide to go forward, we will do our best to ensure you have the legal, media, psychosocial and security support you need from start to finish. If you decide you want to walk away without taking any further action at any point, you are in control.

A: Yes, should you decide to make a public disclosure, where appropriate (and only with your approval), we will bring information to a journalist in our trusted network and support you to work safely with them for any potential story. We will provide you with media training and strategy, and legal help that will keep you as safe as possible as you share information and tell your story. We will also help you navigate how to remain anonymous while working with the journalist, if you want to keep your identity protected. 

If you are already working with a journalist, Psst can still help provide you with independent advice and provide you with support that journalists ethically cannot. For example, we can legally advise you on steps you can take pre-publication that might provide protection; we can act as a sounding board for decisions; and we help ensure you have digital and physical security, as well as any media support needed post publication. Where possible, we’ll figure out how we can help.

A: A good gauge of whether your information is in the public interest is whether it connects to some larger financial, government, societal, social or cultural issue. Does it involve fraud? Illegal activity? A public safety issue? These are good questions to ask. Another gauge is whether it is already public. If it is, then the your information would need to significantly add to the public knowledge in order to be relevant. 

Workplace disputes, a toxic manager, discrimination if not on a systemic level are often more appropriately dealt with by an employment attorney or worker advocacy group. In these cases, we try to help with referrals to trusted attorneys and organizations where we are able. 

If you are unsure, we encourage you to deposit the information into the Safe and/or request to speak to our legal team to get a gut check. 

A: The most important thing is to ensure you are not on a work computer or work-issued phone or other device, and that you are not on a work network or VPN. If you are using a personal computer or phone which has a workplace app or software on it, you could also be vulnerable to your employer spying on what you are doing.

Once you know your device and network is not connected to your employer, visit safe.psst.org. Once you are there, you will follow the prompts which will walk you through how to enter your information into the safe securely. 

If you have any questions or run into any problems, you can always reach out at psst@psst.org.