Confidential contact via SecureDrop
If you would like to send us - the Investigation Department at NDR - messages or documents in confidence, you can use "SecureDrop" - a system developed to enable secure, encrypted exchange between informants and journalists. It is operated by ‘Freedom of Press Foundation’. Many prestigious media outlets around the world use it.
To use SecureDrop, you need to install a so-called TOR browser, which disguises your IP address - i.e. ensures that no one can trace which device you use to access the Internet. TOR browser can be found here:
https://www.torproject.org/de/download/
Then copy the following address into the TOR browser:
vxemae5nujorg6hicdba5dzz6kxooler5e5wffd4hymrqd26yapc4oqd.onion/
This is how you reach the SecureDrop mailbox of the NDR. This address only works through a TOR browser. You should also not try to open the page via other browsers, as you may leave traces.
When you are on NDR's SecureDrop page, you can send us messages or documents. The files must not exceed 500 MB in size. If you want to submit larger files, please send a message via Securedrop so we can set up another method of submission. You can log in again using an alias and receive any queries or other messages from the editorial team.
Exact information on how this works and technical details can be found on the SecureDrop page:
NDR has taken every precaution to ensure the highest possible security. The SecureDrop system is installed on its own servers, which are otherwise not used. The messages can only be decrypted with the help of an additional, specially set up computer that is not connected to the Internet. No data is stored in the process that would allow the source to be traced.
To protect yourself, you should not send sensitive information from your workplace or home. Highly frequented places (such as cafés) with a public WLAN are a good option. You should also make sure that no surveillance cameras are pointed at your screen.
SecureDrop is regularly checked by security experts. However, every system may still have previously unknown security vulnerabilities. You use SecureDrop at your own risk.