Contact

Email

If you have an idea to improve your workplace and are looking for support, or if you have a press inquiry, you can reach us at info@coworker.org.

Twitter

You can also DM us on Twitter at @teamcoworker.

SecureDrop

Coworker.org is committed to helping employees share information about workplace policies, conditions, and the terms of employment when it serves the public interest. We believe this kind of information-sharing is vital to holding employers accountable.

To this end, we operate a SecureDrop instance. SecureDrop is an open source platform built for anonymity through the Tor network and using strong encryption.

Because of the power imbalance between workers and employers, as well as the culture of secrecy across many industries around discussing terms and conditions of employment, there is a strong need for a high-security platform for employees to share information.

Before using our SecureDrop, please read our privacy policy first. Note that we will never ask you to provide any personally identifying information when you submit materials through SecureDrop. You can block out any personally identifying information on anything you send. Never contact us with sensitive documents over insecure channels like email or Twitter.

How to submit documents

1. Download and install the Tor Browser.
2. With the Tor Browser open, copy and paste the URL— no4gurk7efg4abwv.onion —into the address bar. The page contains further instructions for uploading documents.
3. You will be assigned a randomly generated, unique code name. Do not lose this code name. It is the only way we will be able to contact you, and you will need it to check for messages from us.

After you upload to us, we will review your submission.

Know your rights

If you are a W2 employee, you have the right to act with or on behalf of your coworkers to improve terms and conditions of employment.

Keep in mind that certain information such as trade secrets, intellectual property, or other confidential information about your employer’s business may be subject to confidentiality or non-disclosure agreements. Before uploading, please check your employer’s handbook or policies, or the terms of your employment contract.

Practice good security hygiene

Do not use an employer-provided computer. We recommend using a computer you are confident has not been compromised.

Only access SecureDrop from Wi-Fi networks that are not associated with your usual locations; do not use your home or work Wi-Fi.

For additional security, we recommend downloading and using Tails. Tails is a live operating system that runs on a thumb drive, leaves no trace on your computer, and routes all connections through the Tor network.

Additional information

Please include in your submission any requests you might have. We will respect your requests. If you have multiple submissions or a large submission, you may need to break it up into several uploads.

SecureDrop privacy policy

Last updated: May 15, 2018

SecureDrop was installed at Coworker.org with the help of the Freedom of the Press Foundation.

Please read this privacy policy carefully. It explains what information SecureDrop does and does not collect and why.

Collection of information from sources

We will never ask you to provide any personally identifying information when you submit materials through SecureDrop. You can block out any personally identifying information on anything you send.

The system does not record your IP address, information about your browser, computer, or operating system. Furthermore, the SecureDrop pages do not embed third-party content or deliver persistent cookies to your browser.

Our server will only store the date and time of the newest message sent from each source. Once you send a new message, the date and time of your previous message is automatically deleted.

Coworker.org staff decrypt and read each message offline. We delete messages from the server on a regular basis.

The date and time of any message will be securely deleted from the server when the message is deleted.

Please keep in mind that the actual messages you send and receive through SecureDrop may include personally identifying information. For this reason, once you read a message from Coworker.org, we recommend you delete it. It will then be securely deleted from the file system.

Metadata

Please note that when you submit certain types of files through SecureDrop, you may be sending us metadata associated with that file.

For example, if you submit a photo through SecureDrop in JPEG format, the file may include information about the date, time, and the GPS location of where it was taken, and the type of device used to take the photo. Similarly, if you submit a Word file (.doc or .docx) through SecureDrop, it may include the identity of the document’s author, the author’s operating system, GPS data about the author’s location, and the date and time when the document was created.

Our policy is to scrub metadata from the files we receive through SecureDrop before publication. If you don’t want to send us metadata, please use the Metadata Anonymization Toolkit to scrub the file before you submit it.

Data security

Coworker.org works diligently to protect the identities of our sources and keep the information they give us confidential.

SecureDrop servers are always under the physical control of Coworker.org. However, no one can guarantee 100% security of any system. Like all software, SecureDrop may contain bugs. Ultimately, you use the SecureDrop service at your own risk.

Changes to this policy

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our collection and use of personal information and will always be at https://home.coworker.org/contact. If we make changes that we believe are major, we will prominently display a notice on our site after we we make those changes.

Contact

Coworker.org welcomes questions, concerns, and feedback about this policy. If you have suggestions for us, feel free to let us know at info@coworker.org. Never use this email address to contact us about a SecureDrop submission.