How to contact me
Updated 2/22/16 to add Ricochet and change a Jabber address
This page explains how to reach me privately, using the best
available security tools.
Best available does not mean perfect, but surveillance of these
channels is costly, difficult and far less likely than the usual
If you are a beginner, or if too many choices make your head hurt, I'm
happy to choose for you. Clear your browser. Find another computer,
away from home and work, perhaps at a library or cafe. Then browse to my SecureDrop page and follow
instructions there. A blank thumb drive may come in handy.
I do suggest you give some thought to what you want to keep private,
who might try to listen in, and how much you care. The Electronic
Frontier Foundation's Surveillance Self
Defense can help. If the risk you face is an angry boss, in an
ordinary sort of angry boss scenario, any of the channels here should
protect you. (Just make sure you do not use a device or Internet
connection controlled by said boss.) If someone's safety or freedom are
at stake, consider your options more carefully. Some risks are worth
taking. I hope you find a way to get in touch.
There are easier tools, but PGP (also known as OpenPGP, GnuPG and GPG)
is still the gold
standard for email encryption. The EFF guide or this one
My PGP key, as of July 10, 2015, is here
and on all the usual keyservers.
5FFB 9661 E80B EEAC F60A F439 9402 6C02 F396 3B70
There are other keys still listed for me, but I will use this one
exclusively from now on. I have no reason to think the old ones are
compromised, but I have marked them as expired. For now, I will
not revoke them.
That is all you really need to know, but experts can find the gory
All the tools on this list will encrypt the contents of your message.
SecureDrop, Ricochet and Pond will also keep you anonymous, concealing your
physical location and the Internet address of your device. Some of the
be used anonymously, but that adds a level of
complexity I will not try to cover here.
- For maximum protection, take a blank thumb drive to a public
computer located some distance from home and work. Download and install
Tails on the thumb drive.
Tails is a portable operating system that can start almost any
computer. It was central to the methods I used to communicate with
Edward Snowden. Many of the best privacy and
encryption tools are built in. Anything you do with Tails will be as
anonymous as technology can make you on the Internet.
- Using Tails is also the safest way to reach me on my SecureDrop,
a channel designed to shield your identity (even from me) as well as the content of your
message. Use Tails to boot a computer you do not usually use, at a location you do not
usually visit, and start here.
If Tails feels like overkill, you can just use a public library computer.
- For smartphone text messages and (when the audio works) voice
conversation, Signal Private Messenger for iPhone
is the best there is for encryption. No one else can read or hear what
we say. Be aware that with enough effort a government can probably
discover that we are in contact. If we decide to use Signal, we'll
exchange mobile phone numbers. Then you should verify my digital
fingerprint, so you know it's really me on the other end.
05 be 92 ac 93 49 d2 e2 22 bf c3 e0 56 d7 35 37 b5 ae 99 44 d3 b5 f3 b9 cc bf f9 da 15 95 8d a9 4f
- (New) I have discontinued use of Peerio, which I previously listed here.
- (New)For anonymous, encrypted live chat, I have become a big fan of Ricochet,
which is easy to use, very well designed and recently passed a security audit. To find me there, add this contact: ricochet:3zc7amugtgne3g6o
- A longer-established tool for secure (but not anonymous) live chat is Jabber, which uses a form of
encryption called OTR. It can be made anonymous, but that requires more steps and more advanced skills.
(Anonymity is built in to Ricochet.)
On Jabber I am (New handle)email@example.com or b.g.@dukgo.com.
Those look like email addresses, but they're not. Tails has a built-in
Jabber app called Pidgin. Here are how-to pages for using Jabber on Mac and Windows.
- Pond is strictly
for nerds. I barely qualify, but I can use it. The author, Adam
Langley, cautions that Pond is still in beta, and we should take that
seriously. Even so, Langley is the brains behind Google's web
encryption infrastructure. I'm inclined to trust his beta code more
than most people's version 2. We will need to exchange Pond addresses
in person, or on another secure channel.
THE OLD FASHIONED WAY
Postal mail can be a good choice for confidential material. The
government scans the outside of every envelope, but a warrant is
required to open and read what's inside. You can use a boring, fake
return address, or leave it blank. You can address it to me, or to
someone else at one of my places of business, with a second envelope
inside addressed to me. A postal address and people I work with are not
hard to find at tcf.org.
For an extra layer of protection, you could snailmail me the link to an
encrypted message on pastebin.com or the server of your choice.
If you are technically minded and control a server somewhere, you can
give me secure access to one of your directories by adding my SSH
public key to the remote host's .ssh/authorized_keys file. Here is my
WHY I CHANGED MY PGP KEY
Over the years I accumulated a drawer full of email addresses and keys.
It was time to consolidate. I took the opportunity to upgrade my
security, creating the new key on an offline computer and storing it on
a smartcard token. Two tokens, actually, as described below.
My new key is tied to the following email addresses:
- bart@gellman .us (my main address going forward)
- bart.gellman@washpost .com (for Washington Post business)
- gellman@tcf .org (for Century Foundation business)
- bgellman@princeton .edu (for Princeton University business)
If you have any other email address for me, please delete it. I have
either stopped checking it or will stop soon.
HOW DO YOU KNOW THE NEW PGP KEY IS REALLY MINE?
- I list the key on Keybase,
with multiple proofs of identity
- I link to this page in my verified Twitter profile, @bartongellman
- I signed the new key, and each subkey, with my previous keys
THE GORY DETAILS
I followed Tom
Lowenthal's admirable guide
, with minor adjustments, to generate
new keys and put them on smartcards. One card, in cold storage, holds
the master key. Another has my signing and encryption subkeys for
I screwed it up the first time, but it all worked out.
I settled on 3072 bit RSA keys because [UPDATE: I wrongly
thought] they were the maximum size supported by the OpenPGP
[UPDATE: As Kevin Gallagher reminds me,
I could have made 4096 bit keys because I used GPG2 to generate
them on my computer, not on the card itself. I'm content with RSA 3072
Fingerprints for the subkeys:
Encryption: 6DEE 1EA3 FADA 61B1 558C E1AB CA33 428B B052 42A2
Signature: 1635 3886 42FC 561E 07DE 98EE EA20 47BA 097E 4D40
Authentication: 3CE1 BD6A 1934 D10B 75AB C74B 59B5 79B5 2E9C B3DD
If you are comfortable with the command line, download my key with:
gpg --recv-key 0x94026C02F3963B70
Please protect my privacy, as well as yours. Don't give my email
address to a social network (Facebook, LinkedIn) or an invitation
service (Evite, Paperless Post).
If you want to share a link with me, send it yourself instead of
clicking the "email" button on the web site.
Write to me on one email account only. I get mail from all accounts
on every device. Nobody wants four copies of the same note.
No matter how good the cause, do not add me to any kind of mailing
list. These email addresses are for individual correspondence only. If
you put me on a list, I will probably nominate your domain for my
company-wide spam filters. I may make fun of you on Twitter.
Send an email to (only) one of the addresses above, or find me on