That is the narrower job Hush Line's Personal Server is built for. The device gives one recipient the full Hush Line platform as a self-hosted, Tor-only tip line that runs locally. For someone handling sensitive outreach from a smaller but higher-risk community, that changes the deployment model in a concrete way: the system is no longer just an account on a shared service. It becomes a dedicated device on the recipient's own network, with end-to-end encrypted, anonymous, 100% local intake.

When A Shared Service Stops Matching The Threat Model​

Imagine an independent investigative journalist reporting on local corruption, a lawyer taking retaliation-related intake, or an organizer documenting abuse against a targeted community. Each person may receive a relatively low volume of tips compared with a large newsroom or institution. But the consequences of infrastructure trust can be higher for them.

In that situation, the question is not only whether the tip line is usable. It is also whether the recipient is comfortable depending on third-party infrastructure for the intake path at all.

Hush Line's Personal Server is for the case where the answer is no, or at least "not for this work." The product docs describe it as a self-hosted device that gives you the entire Hush Line platform just for you. The earlier Hush Line blog guidance frames it even more plainly: if your threat model is one in which you cannot trust third-party infrastructure, this is the best option.

That makes the personal-server path a fit for high-risk independent recipients who want more direct control over where the reporting system lives and how it is deployed.

What More Control Looks Like In Practice​

The phrase "self-hosting" can sound abstract until it becomes operational.

With Hush Line's Personal Server, more control means the tip line is a physical device that you set up yourself. The documented setup is intentionally simple: connect ethernet, connect power, wait for boot, scan the QR code shown on the e-paper display, and save the Onion address. Before sharing that address publicly, create the first account on the server, because that first account becomes the administrator account.

That matters for independent recipients because it changes what they personally control:

• where the device physically lives
• which network it plugs into
• when the Onion address gets shared
• who creates and holds the first administrator account
• whether the device passes tamper checks before first use

Those are not cosmetic differences. They give the recipient a more direct role in the deployment chain than a shared hosted account does.

The hardware details reinforce that purpose. The Personal Server specs say Wi-Fi and Bluetooth are disabled for security, USB ports are disabled for security, and the case leaves access only to ethernet and power. The device also ships with tamper-evident tags and a matching code card so the recipient can verify the seals before trusting the hardware.

For a high-risk independent user, that combination is the point: fewer exposed interfaces, fewer decisions deferred to someone else's environment, and a deployment path that stays local from the start.

The Tradeoffs Start Before The First Tip Arrives​

Extra control is not free. It changes what the recipient has to own.

The hosted Hush Line path is easier because it removes self-hosting from the equation. The Personal Server deliberately adds that responsibility back. Even with a straightforward setup flow, the recipient now has to think about practical issues that a shared service largely absorbs:

• where the device will be kept
• how it will stay connected to ethernet and power
• when to perform the tamper check and first boot
• how to handle the administrator account before the address is distributed
• how to share the Onion address intentionally once the system is ready

Those are manageable tasks, but they are real tasks. The right question is not whether they are impossible. It is whether they are justified by the recipient's risk profile.

This is why the Personal Server should not be treated as the default recommendation for every solo journalist, lawyer, or organizer. If the main priority is launching quickly with less setup overhead, the easier hosted path may still be the better fit. A personal server makes more sense when the recipient is choosing infrastructure control on purpose, not out of vague instinct that self-hosting is always more serious.

A Better Fit For Smaller, Higher-Risk Intake Work​

The Personal Server is especially suited to an independent recipient with a focused but sensitive reporting lane.

Consider an investigative journalist working a corruption beat in one city, a lawyer known for whistleblower retaliation matters, or an organizer receiving reports tied to one campaign or vulnerable community. These are not necessarily mass-intake operations. They are often smaller, trust-heavy channels where the recipient may value tighter control over the deployment environment more than they value the convenience of a shared service.

Hush Line's Personal Server supports that style of work well because the recipient still gets the full platform, including the paid features unlocked on the device, but the deployment stays tied to a dedicated local box and Tor-only address. The device's e-paper screen also gives a simple way to retrieve the Onion address by QR code and save it for later use.

That does not remove every operational burden. It narrows the setup to something an independent person can plausibly manage while keeping the trust boundary tighter than a shared hosted account.

The Right Question Is Not "Is Self-Hosting Better?"​

For high-risk independent recipients, the better question is narrower: does this reporting channel justify taking on more infrastructure responsibility in exchange for more direct control?

If the answer is yes, Hush Line's Personal Server is a practical option. The documented setup is not a general-purpose server build or a complicated software install. It is a dedicated Hush Line device with hardened hardware choices, local deployment, a Tor-only tip line, and a short path from unboxing to first boot.

If the answer is no, that is useful clarity too. Not every secure reporting workflow needs a self-hosted box on a desk or shelf. But for the independent journalist, lawyer, or organizer whose threat model makes third-party infrastructure the harder compromise, the Personal Server is exactly for that edge case: fewer shared trust assumptions, more direct operational control, and a tip line that lives with the recipient instead of beside them.

Hush Line fits that kind of work because it gives the office a dedicated inbox for incoming messages and lets the team organize them by status. The docs also describe custom replies tied to statuses such as accepted or declined, so the office can send a clear one-way response with next steps when needed. That is useful for legal intake because many firms do not want to run prospective-client screening as an open-ended chat inside the intake tool.

When A Sensitive Intake Message Arrives At 11:40 PM​

Imagine a two-lawyer office that handles employment and retaliation matters. Late at night, someone submits a message describing pressure from a supervisor, possible termination, and a fear that office devices are being monitored. The person needs a secure way to reach out, but the firm still needs to handle intake carefully. Not every message becomes a case. Some need a conflicts check first. Some need more information. Some should be declined promptly and pointed toward a better contact path.

That is where Hush Line's structure matters. The message lands in the firm's Hush Line inbox instead of disappearing into a general contact form or getting mixed into ordinary email. The inbox is specifically documented as the place that helps recipients stay organized, and status changes can then be used to filter messages by their current state.

For a law office, that means the first operational question is easier to answer: what is new, what has already been reviewed, and what still needs a decision from counsel?

Status Changes Help A Small Office Triage Like A Small Office​

Legal intake is rarely linear. A receptionist or paralegal may see the message first. An attorney may review it later. Someone may need to confirm whether the matter falls inside the firm's practice area before any substantive follow-up happens.

Hush Line's message statuses support that reality better than a chat-style workflow does. The office can review a message, change its status, and then use the inbox filters to see all messages with that status. Even that simple capability matters when intake arrives at odd hours or when multiple people touch the same queue across a day.

In practice, that supports a workflow like this:

1. A new message arrives in the Hush Line inbox overnight.
2. Staff reads it in the morning and flags it through the available status workflow so it is no longer just another unread intake.
3. An attorney reviews the substance when available and decides whether the office is interested, needs to decline, or wants the person to move to another contact method.
4. The updated status keeps the inbox organized so the message does not have to be rediscovered from scratch later.

That is a better fit for real intake operations than pretending every submission should immediately become a live back-and-forth conversation.

One-Way Replies Are Useful When The Office Needs Control Over Next Steps​

The Hush Line docs describe custom replies for statuses and give examples such as Accepted and Declined. They also note that those replies can include additional contact details, and they recommend Signal for direct two-way communication.

For a law office, that is a practical distinction.

The intake channel can stay focused on secure initial outreach and basic triage. Then, when the office changes the message status, the person who wrote in can see an updated message on their unique Hush Line page. If the firm wants to move forward, the acceptance reply can explain the next step clearly, such as contacting the office on Signal or using another firm-approved path for follow-up. If the firm declines, the decline reply can say so cleanly and avoid leaving the person guessing.

That one-way model is often preferable during intake because it reduces ambiguity:

• the office acknowledges what decision has been made
• the reply can point to the right next channel
• the team is not committing to a chat-style exchange before it is ready

For lawyers, that matters. Early intake frequently needs structure, not conversational sprawl.

Filtering The Queue Matters More Than It Sounds​

Small firms do not usually have a dedicated intake operations team watching one dashboard all day. The same people who review new matters are also handling court deadlines, client calls, drafting, and filings. A secure reporting tool only helps if it makes that reality easier to manage.

Hush Line's inbox and status filters support that practical need. Once statuses are being used consistently, the office can separate messages that still need attorney review from messages that already reached a decision. The value is not just tidiness. It is reducing avoidable mistakes, such as forgetting that a message was already declined, overlooking an item that still needs counsel review, or forcing staff to reread the same submissions because the queue has no structure.

That is especially important when sensitive outreach comes in outside business hours. Overnight intake tends to create handoff problems. By the time the office is fully staffed, the person who saw the message first may be doing something else, and memory is already a weak tracking system. Status-based organization gives the office a more reliable handoff than "I think I looked at that one already."

A Better Intake Shape For Legal Work​

Law firms usually do not want an intake tool to behave like a messenger app. The first stage of contact often needs screening, prioritization, and a controlled transition into whatever communication method the firm uses next.

That is the useful angle in Hush Line's documented feature set here:

• the inbox gives the office a dedicated place to receive sensitive outreach
• message statuses help organize and filter the queue
• status-based replies let the office communicate next steps in one direction without turning Hush Line into ongoing chat

For a small law office, that combination is operationally realistic. A sensitive message can arrive at an inconvenient hour, sit securely until the right person reviews it, move into a clearer status once the office has made a decision, and give the sender an appropriate response about what happens next.

The Practical Takeaway For Law Office Intake​

When a law office handles sensitive outreach, the problem is not only how to receive the first message securely. The office also needs a way to triage it without losing track of who reviewed it, what decision was made, and whether the person received direction on next steps.

Hush Line supports that workflow with a dedicated inbox, message-status filtering, and one-way status replies such as accepted or declined. For lawyers and law offices, that makes the tool a better fit for real intake work: organized enough for careful triage, but not built around the assumption that every new contact should become an immediate chat.

Hush Line reduces that friction during onboarding by letting recipients import a Proton public key directly from Proton instead of manually exporting and pasting a PGP key. That keeps the setup path shorter while preserving the strong default that messages should be end-to-end encrypted before a tip line is shared publicly.

The Real-World Scenario​

Imagine a small newsroom editor, an intake coordinator at a legal aid office, or an administrator standing up a reporting channel for the first time. They want a public Hush Line page live quickly so people can start reaching them, but they also do not want to cut corners on message security.

This is exactly where manual PGP setup can slow things down. If the recipient has to stop and figure out key export steps before they have even finished basic account setup, launch gets pushed back. In practice, that means more time spent in configuration and less time getting a working intake channel in front of the people who need it.

During onboarding, recipients can search for a Proton email address and import the public key without leaving the setup flow.

Where Proton Key Lookup Helps​

Hush Line's documented account setup flow includes a Proton-specific shortcut in Settings > Encryption > Proton Key Import. Instead of manually pasting a public key, the recipient can enter their Proton email address and click Search Proton.

That matters because it removes a fragile early step from onboarding:

• the recipient does not need to manually export a key before continuing
• the encryption step is easier to complete during the initial setup flow
• the account is more likely to be ready before the tip line is shared

For teams trying to launch quickly, that is a practical improvement, not a cosmetic one. The easier it is to finish encryption correctly, the less temptation there is to "come back to it later."

The same Proton key import flow remains available later in Settings, so recipients can finish or revise encryption setup after onboarding.

A Practical Fast-Launch Workflow​

For a new recipient who wants to get a secure Hush Line page live quickly, the shortest documented path looks like this:

1. Complete the onboarding flow, or return to it later from the Account Setup link in the header if it was skipped.
2. Add profile details so the public page clearly identifies who the line is for.
3. In Settings > Encryption, use Proton Key Import, enter the Proton address, and click Search Proton.
4. In message forwarding, use that same Proton email address so messages are delivered to the inbox tied to the imported key.
5. In Settings > Authentication > Two-Factor Authentication, enable 2FA before treating the account as fully operational.

That sequence keeps setup focused on the essentials: identity, encryption, delivery, and account protection.

Faster Setup Still Supports Strong Defaults​

Speed only helps if it does not weaken the baseline. Hush Line's setup guidance does not frame Proton lookup as a shortcut around encryption. It is a faster way to complete the encryption step that recipients already need.

That distinction matters for operational teams. A lawyer or newsroom administrator may need to get a tip line online quickly, but they still need messages delivered securely and the account protected with 2FA. Faster key setup reduces launch friction without changing those requirements.

It also makes onboarding easier for people who are not PGP experts. A recipient can get through the initial configuration with fewer opportunities to make mistakes, while still ending up with an account that is prepared to receive encrypted messages.

Why This Matters On Day One​

The first day of a secure intake channel is usually messy. People are still writing profile copy, deciding who monitors messages, and testing whether forwarding works. That is precisely when unnecessary setup friction does the most damage.

Proton key lookup helps new recipients get to a working state faster:

• encryption is easier to finish during onboarding
• forwarding setup stays aligned with the same Proton address
• the account can be secured with 2FA before launch
• the public tip line can be shared with fewer unresolved setup tasks

For journalists, lawyers, and administrators, that is the real benefit. Hush Line makes it easier to launch a secure intake page quickly without treating secure defaults as optional.

Hush Line gives teams a practical way to handle that first pass inside the same environment they already use for message intake. A message can land in the inbox, the team can review the submission, and then move to the email validation tool under Hush Line's Tools area to analyze raw headers for sender-authentication context before deciding what happens next.

The Real-World Scenario​

Imagine a bug bounty triage team that receives a Hush Line submission from a researcher claiming that a suspicious message impersonated the company's security team. The submitter includes the suspicious content and, importantly, the raw email headers.

At that point, the team usually does not need a full incident response process yet. They need a better first-pass answer to a narrower question: does the message look authentic, merely misconfigured, or likely forged?

That is where Hush Line's email validation workflow is useful. Instead of jumping straight into ad hoc header parsing or escalating the report to multiple internal stakeholders, the team can paste the raw headers into the email validation tool and review the structured results first.

What The Tool Adds To Triage​

Hush Line's email validation tool is designed to analyze available authentication artifacts in raw headers. It checks:

• SPF, DKIM, and DMARC results present in the headers
• domain alignment signals between sender-related headers
• DKIM signing-key DNS lookups when selector and domain data are available

For a security team, that matters because the tool does not just output a pass or fail. It breaks the review into sections that are useful during triage:

• Validation Summary explains whether the message looks valid, appears inauthentic, or likely forged
• Header Context compares the From, Return-Path, and Reply-To domains and highlights alignment issues
• Authentication-Results surfaces the parsed DKIM, SPF, and DMARC outcomes
• DKIM Signatures and DKIM Key Lookup show what signing data was present and whether a matching key is currently advertised in DNS
• Warnings highlights conditions that should reduce confidence

That structure is a better starting point than forwarding a raw header block around and asking everyone else to interpret it from scratch.

A Practical First-Pass Workflow​

For software developers or a bug bounty team handling suspicious forwarded material, a practical Hush Line workflow looks like this:

1. Open the message in the inbox and confirm whether the submitter included raw headers, not just a screenshot or copied body text.
2. Use Hush Line's email validation tool in the Tools area and paste the headers into the validator.
3. Read the Validation Summary first to see whether the message currently looks valid, inauthentic, or likely forged.
4. Review Header Context, Authentication-Results, and any Warnings to understand whether the visible sender aligns with the underlying authentication signals.
5. Change the message status in the inbox so the team can filter and revisit messages according to the outcome of that first pass.

That last step is easy to underrate. Hush Line's inbox is built around message organization, and status changes make it possible to separate "needs more review" work from items that are clearly low quality, clearly actionable, or already being handled elsewhere.

Why This Helps Bug Bounty And Security Intake​

Bug bounty and security teams rarely want every suspicious email report to trigger the same response. Some reports deserve escalation to internal security, legal, or IT. Some need follow-up questions. Some are useful but incomplete. Some are noise.

Hush Line helps with that sorting problem in two ways.

First, the message arrives through a dedicated intake channel instead of getting lost in a shared mailbox or chat thread. The inbox gives the team a place to read the submission and organize it with statuses.

Second, the email validation tool gives analysts more context before they escalate. If the results show strong reasons the message appears inauthentic or likely forged, the team can move faster and package the issue more clearly for the next internal owner. If the results are mixed or incomplete, the team has a concrete basis for asking the submitter for better header data instead of escalating a vague concern.

When a report does need to move beyond initial triage, the tool's downloadable ZIP package is useful operationally. Hush Line documents that the package can include a PDF report, structured JSON output, raw headers, DKIM lookup artifacts when available, and checksums for integrity verification. That gives the next reviewer more than a screenshot or pasted summary.

This is especially useful when the suspicious email claims to come from a security contact, bug bounty alias, or other trusted internal identity. Those are exactly the cases where domain alignment and authentication details matter, and exactly the cases where a quick glance at the visible From line is not enough.

Better Context Before Internal Escalation​

Hush Line's own documentation is careful about the limits here: header analysis can improve confidence, but it cannot prove authenticity on its own. Forwarding, mailing lists, partial headers, and key rotation can all affect the result.

That is the right framing for incident intake work. The goal is not to pretend one tool closes the case. The goal is to make the first pass better.

For software developers and bug bounty teams, that means Hush Line can help answer practical questions earlier:

• does this report include enough header data to investigate properly?
• do the visible sender details align with the authentication signals?
• do the parsed results suggest a likely forgery, or just an ambiguous message that needs more context?
• should this move forward as an internal escalation now, or stay in triage until the team asks for more detail?

The Practical Takeaway​

When a Hush Line submission includes suspicious forwarded email material, the first job is usually not a full incident response. It is better triage.

Hush Line supports that workflow by combining message intake, inbox status organization, and an email validation tool that turns raw headers into a more readable analysis of authentication and alignment signals. For developers and bug bounty teams, that means less guesswork in the first review and better context before the report gets escalated internally.

That sounds minor until you think about what real reporting conditions look like. Someone may be checking a disclosure late at night, on a dim screen, while traveling, or in the middle of a tense situation where attention span is already low. In those moments, usability is part of operational safety. A workflow that feels fragile or exhausting gets abandoned quickly, even if the underlying security model is solid.

Desktop submitter view: a public tip line should be readable and straightforward before someone sends a sensitive message.

Stress Changes What “Good UX” Means​

In calm conditions, people tolerate a lot. They will click around, reread labels, and hunt through settings if they have time. Under stress, that patience disappears.

For organizers and activists, reporting work can happen in irregular bursts. A message might arrive during an event, after a confrontation, or while someone is already juggling encrypted chats, travel, and other urgent tasks. If the recipient has to fight glare from a bright interface, mentally reconstruct where messages live, or delay setup because security steps feel too heavy, that friction accumulates fast.

This is why small details matter more than teams sometimes admit:

• readable screens in low light
• a mobile-friendly submission flow
• a path that does not force extra setup before someone can ask for help

Those are not “nice to have” details. They determine whether secure reporting becomes part of someone’s routine or something they postpone.

Dark Mode Is About Endurance, Not Aesthetic Preference​

Hush Line supports dark mode automatically based on the operating system setting. That means if someone already configures their device to shift into dark mode in the evening, Hush Line follows that choice instead of forcing another manual toggle.

That behavior matters because it removes one more decision. A recipient does not have to remember to flip the interface every night or hunt through settings while tired. The screen simply behaves like the rest of the device.

For people writing or reviewing a disclosure in low-light conditions, that consistency helps with comfort and endurance. It is easier to stay with the task longer when the interface is not blasting a bright white screen into your face. For people who depend on their phones during travel or field work, that translates into something practical: less visual fatigue, fewer reasons to put the work off, and a lower chance that a secure workflow gets replaced by an easier but weaker one.

Mobile submitter view: after sending a message, the follow-up details still need to be legible and easy to keep.

Mobile Matters Because That’s Where Real Work Happens​

A lot of reporting tools still feel like they were designed around a desktop-first assumption. But people making a sensitive disclosure often need to act from a phone.

Hush Line’s public submission flow supports mobile use, and that changes the equation. If someone can open a tip line, understand where they are, and send a message without needing a laptop, they are more likely to follow through.

That matters for a few reasons:

• people can disclose information when they are away from a desk
• they can stay oriented without switching to an ad hoc chat workflow
• they can keep using the intended reporting channel instead of moving the work somewhere less appropriate

This is especially important when timing is unpredictable. A source may only have a few minutes of privacy to send a message. A mobile-friendly submission flow supports that moment without pretending everyone has time for a long setup process.

Low-Friction Access Protects The Workflow Earlier​

Usability is not only about reading text on a screen. It starts before the first message is sent.

If someone has to install an app, create an account, or tie the interaction to a phone number before they can even begin, the disclosure may never happen. Hush Line reduces that friction by letting people use a public tip line directly in the browser. For higher-risk situations, the Onion Service remains available without changing the basic idea: reach the reporting channel quickly, then decide how much more protection is needed.

That is the right kind of balance: a workflow that is simple to begin, without forcing people into the usual hurdles that make sensitive outreach feel risky or exhausting.

For organizers and activists, this balance matters. A system that is too loose is risky. A system that is too annoying gets ignored. Strong privacy protections only help if people are actually willing to start using the tool in the first place.

Secure Workflows Fail When They Feel Brittle​

One of the biggest design mistakes in privacy tooling is assuming people will tolerate discomfort forever because the stakes are serious. In reality, serious stakes make comfort and clarity more important.

If a person is tired, worried, or operating in an unstable environment, they are going to choose whatever feels manageable in the moment. That might mean checking messages later than they should. It might mean forwarding something into another tool just because it is easier to read there. It might mean abandoning a secure process because the interface feels like too much work on a phone.

Good usability reduces the temptation to break your own process.

That is why dark mode, mobile readability, and a low-friction way to begin a disclosure belong in the same conversation. Together, they make it easier for people to keep using the secure channel they chose in the first place.

The Practical Takeaway​

For organizers and activists, the right reporting tool is not just the one with the strongest technical claims. It is the one you can keep using when you are tired, rushed, and handling something sensitive from a phone.

Hush Line’s automatic dark mode, mobile-friendly submission flow, and low-friction browser-based access help close that gap. They do not replace the importance of encryption or anonymity. They make those protections easier to live with in the real world.

That is what good usability should do in a high-stress environment: remove excuses to leave the secure path.

Hush Line's Vision Assistant fits that first-pass review well. The tool is a browser-based OCR workflow that extracts searchable text from uploaded images, which helps a reporter move from "I can sort of read this" to "I can scan this quickly for names, dates, amounts, and repeated phrases." Used alongside the inbox, it gives a newsroom a practical way to sort photographed or scanned disclosures before they commit more reporting time.

First-Pass Reporting Usually Starts With Triage, Not Certainty​

Imagine a local accountability reporter receiving a disclosure through Hush Line about irregular contracting. The source has not sent a clean spreadsheet or a polished memo. They have sent phone photos of invoices, a screenshot of an internal budget table, and a scanned page with handwritten notes in the margin.

That kind of material is common in real reporting work. It may be important, but it is also inconvenient. Before anyone starts calling sources, comparing filings, or asking an editor for more time, the reporter needs to understand whether the documents appear substantial or merely fragmentary.

OCR is useful here because it changes the speed of the first review. Instead of repeatedly zooming into images and retyping fragments into notes, the reporter can extract text and inspect it more like working material. That makes it easier to spot whether the submission contains concrete leads such as:

• agency names or employee names
• invoice numbers, dates, or contract amounts
• repeated vendor names across multiple images
• language that suggests a policy exception, approval chain, or internal warning

The point is not that OCR proves a claim. The point is that it helps a reporter decide whether the images deserve a second pass from the reporting team.

Vision Assistant Is Useful Because The Input Is Often Messy​

Hush Line documents Vision Assistant as a browser-based OCR tool for uploaded images. It is intended for cases where disclosures include photos of screens, documents, or messages and the recipient needs searchable text.

That framing matters for journalists. In newsroom intake, the first problem is often not analysis in the abstract. It is format. A source may have access only to a phone camera. They may capture what they can quickly. They may not know which page matters most yet. The resulting submission can still be valuable, but only if the reporter can review it without wasting half the day manually transcribing it.

Because Vision Assistant extracts text for review and copy/paste, it supports a simpler first-pass question: what is actually in these images, and does it point to something worth pursuing?

A Practical Inbox-To-Tools Workflow For Document Review​

For a newsroom using Hush Line, a practical workflow looks like this:

1. Read the new disclosure in the inbox and identify whether the source included photographed or scanned material that is hard to review as raw images alone.
2. Move to Hush Line's Tools area and open Vision Assistant.
3. Upload the relevant image or images so Hush Line can run OCR in the browser and extract searchable text.
4. Review the extracted text for the specific signals that matter in first-pass reporting: names, dates, numbers, departments, recurring terms, and anything that suggests the material is more than anecdotal.
5. Return to the inbox and update the message status so the team can filter what needs deeper follow-up versus what can wait for a later review.

That last step is part of the reporting value. Hush Line's inbox is built around organization, and status changes make it easier to separate promising disclosures from items that are incomplete, lower priority, or still waiting for corroboration.

Searchable Text Helps Reporters Ask Better Follow-Up Questions​

The first OCR pass is often less about proving a document set than about sharpening the next question.

If extracted text shows a contract number, the reporter now knows what public records to request. If the pages mention a specific manager or office, that gives the newsroom a narrower line of inquiry. If the images contain only vague assertions and no concrete identifiers, the team learns that early too.

That is the operational value for investigative work. OCR does not replace document review, source verification, or reporting judgment. It shortens the time between receiving messy material and deciding what kind of follow-up the material actually supports.

For a busy newsroom, that matters. Editors do not want every photographed disclosure treated like a major project on arrival. They want a faster way to tell the difference between a loose allegation and a document set that contains leads worth assigning.

OCR Belongs In Intake When The Goal Is Better Triage​

It is easy to talk about OCR as a generic AI capability, but that misses the newsroom use case. In investigative reporting, OCR is most useful at intake, when a reporter is trying to make an early decision about a disclosure that arrived in an inconvenient format.

Hush Line helps with that by combining message intake in the inbox with Vision Assistant in the Tools area. A reporter can receive photographed or scanned material, extract searchable text from the images, and then use inbox status changes to keep the review queue organized. For journalists and newsrooms, that is the practical benefit: faster first-pass document handling without pretending the OCR result is the reporting outcome.

Hush Line's documented data-download feature is useful in exactly that situation. The platform lets the account holder download a complete copy of account data as a ZIP archive from Settings > Advanced, without waiting for approval or opening a support request. For a law office using Hush Line to receive sensitive outreach, that makes the reporting record more portable over the life of a matter instead of leaving it trapped inside one web session.

When A Case Outlasts The Original Intake Moment​

Imagine a small employment firm using a Hush Line account for sensitive first contact. A worker reaches out with records of retaliation concerns and the office decides the matter may turn into a longer engagement. Nothing dramatic has happened yet inside the tool. There is simply now a live matter that may require careful follow-up over many months.

That is where continuity becomes an operational concern.

The lawyer responsible for intake may need to preserve a copy of the reporting history before a staffing change. The office may want to store a matter file outside the app as part of its own recordkeeping. A disclosure that seemed preliminary in March may become important again in November when facts need to be reconstructed. In those situations, the practical question is not "did we receive the message securely?" It is "can we keep our own usable copy of the record as this case develops?"

Hush Line's export feature gives the office a direct answer. The docs describe the export as a complete account-data download, not a narrow summary or partial extract.

What The Download Gives A Legal Matter File​

According to the product docs, the ZIP archive includes:

• CSV files for all conversations associated with the account
• message metadata needed for independent review and auditing
• all stored PGP-encrypted messages in their original encrypted form

That combination is what makes the feature matter for long-running legal work.

CSV exports are useful because they are portable. A firm is not forced to treat the Hush Line inbox as the only place where the reporting history can be reviewed later. Metadata matters because operational records are often not just about message text. The office may later need a clearer audit trail of what existed in the account. And keeping stored PGP-encrypted messages in their original encrypted form matters because the office may want to preserve what it received without converting everything into a less controlled format.

The docs also make an important promise here: the export is comprehensive, and records are not omitted, summarized, or modified. For a law office, that is a more useful posture than a convenience-only export because it supports the basic recordkeeping instinct that sensitive matters should be preserved as they were received.

Portability Helps When The Matter Keeps Changing Shape​

Long-running cases rarely stay in one neat lane. An intake may begin as a screening question, become a representation decision, then turn into a prolonged internal investigation or dispute that requires the office to revisit early records. Even if the legal strategy changes, the need for continuity does not.

This is where self-serve export matters more than it first appears. Hush Line does not require the account holder to ask support for a copy of the data or wait for a manual process. The office can go to Settings > Advanced and download the archive when it makes operational sense to do so.

That is useful in practical moments such as:

• before reorganizing how a firm stores active matter materials
• before a handoff in who is responsible for the Hush Line account
• when a disclosure needs to be preserved alongside other case records
• when counsel wants a portable copy for later independent review

None of those situations is exotic. They are ordinary consequences of legal work lasting longer than the original intake window.

Account Protection Is Part Of Record Continuity Too​

Portability is only half the story. If a law office expects a Hush Line account to remain useful over a long period, the account itself needs to stay protected.

The Hush Line getting-started docs are straightforward on this point: recipients should enable two-factor authentication in Settings > Authentication > Two-Factor Authentication. Setup uses an authenticator app and then logs the user out so they can sign in again with the new code.

For long-running matters, that is not just general security hygiene. It is part of continuity.

If an office is relying on a Hush Line account over time, the account should not be treated like a temporary launch detail that was configured once and forgotten. The same account may remain tied to sensitive reporting history for months or years. Enabling 2FA helps the office protect access to that record while the matter stays open and while the firm decides when to export or review its data.

That pairing is the practical account-management point:

• protect the live account with 2FA
• use the built-in export when the office needs a portable record

Those are simple controls, but they map well to the way legal matters actually age.

Optional PGP Encryption Makes The Export Easier To Store Or Transfer Safely​

The export feature also includes an option that matters for offices already using PGP with Hush Line. If the recipient has uploaded a public PGP key, export encryption is enabled by default. The ZIP archive is then encrypted with that public key, and only the matching private key can decrypt it.

That is useful when the office wants to store or transfer the exported package more carefully. The docs are explicit that Hush Line never receives or stores the private key, which keeps the decryption capability with the recipient side of the workflow.

For a long-running legal matter, that means the export is not only portable. It can also remain protected during storage or movement, assuming the office already has its PGP setup in place.

A Better Fit For Matters That Stay Open​

Law offices do not just need secure reporting tools to accept the first disclosure. They need those tools to remain operationally useful after the intake moment has passed.

Hush Line's documented feature set supports that narrower, very practical need. The account holder can protect the account with 2FA, then use Download My Data to retrieve a complete ZIP archive containing conversations, metadata, and original encrypted messages. If a public PGP key is configured, that archive can also be encrypted by default for safer storage or transfer.

For lawyers and law offices, that matters because long-running cases create recordkeeping obligations of their own. Continuity is not abstract. It means the office can preserve what it received, keep that material portable, and avoid treating a live web inbox as the only durable home for an important disclosure.

That is why launch work should not stop at creating an account. Hush Line gives recipients a shareable public tip line, profile setup fields for identity and supporting links, support for custom onboarding and whistleblower guidance, and custom branding that can make the page feel like an official part of the reporting program. Together, those features help employers, boards, and ethics offices set expectations clearly before the first message is typed.

A public tip line can carry recipient-specific guidance so reporters see context before they begin a submission.

Start With The Questions A Reporter Will Ask​

When someone lands on a board or ethics reporting page, they usually want immediate answers to a short list of questions:

• Who is receiving this?
• What kinds of concerns belong here?
• What details will help the recipient act on the report?
• Is this an official channel, or just an unattended form?

If the page does not answer those questions up front, the reporter has to guess. That creates avoidable hesitation at exactly the wrong point in the process.

Hush Line's support for custom onboarding and whistleblower guidance matters here because it gives organizations a way to put instructions on the public-facing tip line itself. For a board or ethics office, that guidance can be used to explain the intended scope of the channel before someone starts writing. In practice, that might mean clarifying that the line is for fraud, conflicts of interest, harassment, retaliation, procurement concerns, or other issues the office is responsible for reviewing.

That does not replace internal policy. It makes the public entry point easier to understand.

Profile Setup Is Part Of Launch, Not Decoration​

The profile is where a recipient can add a clear bio and extra links. In the getting-started flow, Hush Line explicitly prompts new users to add information about themselves so their community has context before reaching out.

For employers and boards, this is more than a credibility detail. It is how the public page signals that the reporting channel belongs to a real office with a defined purpose.

Useful profile details for this kind of launch can include:

• the name of the board committee, ethics office, or reporting function
• a short explanation of what the channel is for
• links to a public governance page, code of conduct, or reporting policy
• contact references that help confirm the page is official

Those details make the tip line easier to trust. Combined with Hush Line's custom branding, they help the public page look intentional rather than improvised. They also reduce vague or misdirected submissions because people can see, before sending anything, whether they are in the right place.

During onboarding, recipients are prompted to add identifying profile information before treating the account as launch-ready.

A Shareable Tip Line Only Helps If The Page Is Ready​

Hush Line's sharing guidance is straightforward: once the account is prepared, copy the public profile URL and add it to places people already look for contact information, including a website, email signature, and social media. Recipients can also opt in to the public user directory so whistleblowers can find them there.

For a board or ethics office, that means the launch sequence should be deliberate:

1. Complete the profile so the page identifies the recipient clearly.
2. Add public guidance so the tip line explains what the office wants people to know before reporting.
3. Decide whether the public user directory supports the organization's discovery needs.
4. Only then publish the shareable URL across the channels where employees, vendors, or members of the public will encounter it.

This order matters because the shareable link is not just a technical endpoint. It is the public front door to the reporting process. Once it appears on a governance page or in an email footer, people will judge the seriousness of the channel by what they see there.

Why This Matters Operationally​

Boards and ethics offices often focus on what happens after a report arrives: routing, confidentiality, triage, and follow-up. Those are important questions. But the launch page shapes report quality before any of that begins.

If the page is specific, a reporter has a better chance of choosing the right channel and providing useful context. If the page is generic, the organization creates unnecessary ambiguity on day one.

Hush Line helps close that gap in a practical way:

• the profile gives the recipient a clear identity
• custom guidance lets the office set expectations before submission
• custom branding helps the page read as an official channel
• the shareable public URL makes it easy to publish the channel once the page is ready

For employers and boards, that combination is what makes a tip line feel operational instead of merely available.

The Practical Takeaway​

Before a board or ethics office launches a Hush Line publicly, it should treat the tip line page as part of the reporting program itself. The page should identify the recipient, explain the channel's purpose, and give reporters enough guidance to start well.

Hush Line's profile setup, public guidance, and shareable tip line make that possible without requiring a separate app or account from the person reporting. That is the practical value before launch: the first screen already does part of the intake work.

Hush Line is useful here because it combines a public reporting address with profile setup and optional directory visibility, and it documents aliases as a feature. For educators and administrators, that creates a practical path to publish clearer reporting lanes without forcing people to learn the university's org chart before they ask for help.

One Campus, Multiple Real Reporting Paths​

Consider a university that needs to accept at least three kinds of reports:

• student safety concerns
• Title IX-style reporting
• financial misconduct

Those are distinct lanes, even if campus leadership thinks of them as part of one broad compliance program. The person making the report usually does not. They just need a clear place to start.

If the university publishes one generic reporting address for everything, the burden shifts to the reporter. They have to guess whether their concern belongs with student affairs, an equity office, compliance staff, or finance leadership. That guesswork can delay reporting, produce thin submissions, or send people to the wrong channel entirely.

Aliases Make The Public Entry Point Easier To Understand​

Hush Line lists aliases as a core feature. In a school setting, the practical value is straightforward: aliases make it possible to present separate reporting addresses for separate concerns.

That matters because public intake works better when the language matches what the reporter already recognizes. A student should not need to understand how the institution divides responsibility between conduct, safety, and compliance teams before choosing where to send a message. A staff member reporting accounting irregularities should not have to begin from the same page used for interpersonal safety concerns.

Separate Hush Line reporting addresses help a university publish simpler choices such as:

• report a student safety concern
• report sex-based misconduct or a Title IX-related concern
• report financial misconduct or fraud

That is a better intake design than asking people to enter one broad channel and trust the institution to sort it out later. The first choice becomes easier because the labels reflect the problem, not the bureaucracy.

Profile Setup Gives Each Reporting Lane Credibility​

Clear addresses only help if the page behind them looks official and understandable. Hush Line's onboarding and account setup guidance both tell recipients to add profile information, including a bio and extra links, so the community has context before reaching out.

For a school or university, that profile setup should do practical work:

• identify the office, program, or reporting function behind the address
• explain in one or two sentences what kinds of concerns belong there
• link to the relevant campus policy, office page, or reporting guidance
• include supporting details that help the page read as an official university channel

This is especially important when different reporting lanes may sound similar to someone outside the institution. If the public page clearly identifies who receives the message and what the address is for, the reporter has less reason to hesitate or second-guess the choice.

Directory Visibility Should Be A Deliberate Choice​

Hush Line also lets recipients opt in to the public user directory. That matters for educators and administrators because discovery needs are not always the same across campus reporting functions.

Some reporting addresses benefit from being easier to find in the directory, especially if the institution wants broad public discoverability for a general reporting channel. Other addresses may be better shared directly on university-controlled pages, policy documents, email signatures, or student resources, where the surrounding context explains when to use them.

The important point is that directory visibility is optional. A university can decide where discovery should happen instead of treating every reporting address the same way.

A Practical Campus Setup​

For the university in this scenario, a practical Hush Line rollout would look like this:

1. Create separate public reporting addresses for the major intake lanes people already understand.
2. Complete profile setup for each public-facing reporting path so the page identifies the responsible office and links to the right supporting material.
3. Decide which reporting paths should be discoverable through Hush Line's public directory and which should be distributed through campus-owned channels only.
4. Share those addresses in the places people already look for help, such as university websites, reporting policies, student resources, and staff communications.

That approach keeps the intake experience simple for the reporter while still letting the institution preserve clearer internal boundaries between offices.

The Practical Takeaway​

Schools and universities do not need a more complicated public intake system. They need reporting lanes that make sense the moment someone lands on the page.

Hush Line's aliases, profile setup, and optional directory visibility support that goal in a practical way. Instead of teaching reporters the institution's internal structure first, a university can publish separate reporting addresses with clear public context so people can choose the right lane faster and report with more confidence.

That first-contact problem is exactly where Hush Line's public user directory, verified accounts, and shareable profile links matter for journalists. Together, they give newsrooms a clearer public path: make the profile discoverable, make the identity legible, and make the official link easy to repeat everywhere a source might look.

When A Source Has To Guess, Trust Drops Fast​

Imagine a local newsroom covering city contracts and police oversight. A source wants to send documents to the investigations team, but they are not sure whether the newsroom's official Hush Line belongs to the publication, to one individual reporter, or to an unrelated copycat profile using a familiar name.

That uncertainty is not a small usability issue. It affects whether a source makes contact at all.

If the newsroom has opted into Hush Line's public user directory, the source has a place to look for the account instead of relying on a secondhand screenshot or an old social post. If the newsroom has also completed its profile carefully and secured account verification, the source gets stronger signals that the profile is legitimate before writing a first message.

For newsrooms, that means discovery and authenticity should be treated as part of tip-line operations, not as optional polish.

Directory Discovery Helps Sources Find The Public Entry Point​

Hush Line lets recipients opt in to the public user directory from Settings > Profile > Public User Directory. The practical value for a newsroom is straightforward: it gives sources another direct path to the right public profile when they do not already have the URL handy.

That matters in real reporting situations. A source may remember the newsroom name but not the exact link. They may have heard that a reporter uses Hush Line but not know whether the account is still active. They may arrive from a podcast mention, an email signature, or a colleague's recommendation and need to confirm the account before they proceed.

Directory visibility does not replace a newsroom's own website or contact page. It reduces friction when the source starts from Hush Line itself or needs an extra way to confirm they have found the right destination.

For a local newsroom, a practical setup is to opt in the main public-facing account that should be easiest for sources to discover, then make sure the profile clearly identifies the newsroom or reporter behind it.

Verified Accounts Reduce First-Message Doubt​

Discovery only solves part of the problem. A source who finds a profile still needs to decide whether it is authentic.

Hush Line's account verification guidance is built around visible identity details. Recipients are told to set a stable display name, add additional URLs such as a newsroom website, LinkedIn, or other professional profiles, and then contact Hush Line to begin verification. The docs also note that changing the display name later removes verified status, which reinforces the idea that verification depends on a consistent public identity.

For journalists and newsrooms, that has a practical benefit. The Hush Line profile can point back to the newsroom's existing public presence, while verification gives the source a clearer reason to trust that the account belongs to the person or organization it claims to represent.

In the local-newsroom scenario, that can mean the difference between:

• a source wondering whether "CityHallWatch" is an official newsroom account
• a source seeing a profile that matches the newsroom name, links back to the newsroom site, and carries verified status

That is not abstract branding work. It reduces doubt at the exact moment the source is deciding whether to begin contact.

Shareable Profile Links Work Best When The Profile Already Looks Official​

Hush Line's sharing guidance is simple: once the account is ready, copy the profile URL from the browser and put it where people already look for contact information. The docs specifically call out a website, email signature, and social media.

For a newsroom, that shareable profile link should become the canonical public address for secure outreach. The same link can appear:

• on the newsroom's contact page
• on reporter bio pages
• in newsletter footers
• in social profiles
• in email signatures for editors or investigations staff

Repeating one official profile link across those places helps sources cross-check what they are seeing. If the directory listing, the newsroom website, and a reporter's professional profile all point to the same Hush Line address, the source has less reason to second-guess the destination.

This is where the three features reinforce each other. The directory helps someone find the profile. Verification helps them believe it. Shareable links help them confirm it across channels they already trust.

A Practical Rollout For A Local Newsroom​

If a newsroom wants sources to find the right public tip line without guessing which profile is legitimate, the rollout sequence should be deliberate:

1. Complete the Hush Line profile with a clear display name and supporting links that tie the account back to the newsroom's public identity.
2. Request account verification once the identity details are stable and ready for review.
3. Opt in to the public user directory if the newsroom wants sources to be able to discover the account directly within Hush Line.
4. Copy the shareable profile URL and reuse that same link everywhere the newsroom invites confidential outreach.

That sequence keeps the public-facing experience coherent. The source does not have to decode an internal org chart, compare conflicting links, or wonder whether a familiar name belongs to an official account.

Trust Starts Before The First Message​

Newsrooms often think about trust in terms of source handling after a message arrives. But the public tip-line profile shapes trust earlier than that. It affects whether a source believes they have found the right person, whether they feel confident enough to start, and whether their first contact reaches the intended newsroom account.

Hush Line helps with that first step in a practical way. The public user directory improves discovery. Verified accounts strengthen authenticity. Shareable profile links make it possible to repeat one official address wherever sources already look. For journalists and local newsrooms, that combination lowers first-contact friction before any reporting relationship has even begun.

When people in tech talk about whistleblowing security, the conversation usually starts with modern encryption tools and so-called best practices. Redbull worried whether having the wrong app on his phone could place him in physical danger.

WIRED reporter Andy Greenberg told the story of Redbull’s escape from a scam compound in Laos. After reading that, I talked to Redbull to get his take on the tech: what he used, how he found it, what fell apart when things got bad, and what “usable security” actually means when people are always watching.

TL;DR​

• Redbull never heard of Signal before he reached out and only learned about after a journalist replied to him.
• For him, just installing an app or having to use a real phone number could put him in danger.
• His baseline toolkit was Proton Mail/VPN, Tor Browser, and Brave.
• He said coworkers were questioned over VPN use: “He was using a VPN on his personal device, and when the bosses asked him, he gave them an excuse.”
• He didn’t try legal channels.
• Hush Line’s browser-first model (no app install required, optional Onion access) matched his need for low-friction, low-exposure messaging.

The Operating Conditions​

Redbull described life in narrow time windows. Phones were returned after office hours. Dorm checks happened at night. Office machines were monitored. Social accounts were logged in on the leader machines. Personal phones were periodically searched.

"They track all our online activity," he said. "They check us physically."

Privacy Conscious, But Still Not Safe​

Redbull studied computer science in India. Before contacting any journalist, he was already using Proton Mail, Proton VPN, Tor Browser, and Brave.

“I have always been privacy conscious,” he told me. Then he added the part most security teams miss: “But not everyone has this type of knowledge.”

I asked, “So that kind of software wasn’t suspicious to the people who would search your phones?” Redbull answered, “Yes, but sometimes it happens to one of the guys. He was using a VPN on his personal device, and when the bosses asked him, he gave them an excuse.”

Hint: Signal Isn't Ubiquitous​

Redbull found Andy through Google after contacting many outlets and authorities.

He described the outreach this way: “Many people, including everyone from the FBI, Interpol, Indian authorities, other news outlets, and many other journalists, I sent them, but only Andy responded to me.”

He had not used Signal before that.

“Actually Andy introduced me to Signal in an email. I was not aware.”

In this case, discovery and response determined what happened next. He did not know Signal until a reporter introduced it, and most of the institutions he contacted did not reply. When replies are slow or absent, people in danger have fewer choices and end up taking bigger risks.

“Install the App” was a Risk​

Once Signal entered the workflow, the setup itself became dangerous.

Redbull told me he installed Signal on an office device, linked it, then removed it. He described hiding it by making it look like a system drive shortcut.

“It would have been dangerous if they had known,” he said.

His critique of Signal was operational:

• Phone-number registration was a liability in his context.
• Disappearing messages protected him but also erased useful context too quickly.
• A compromised endpoint could expose everything anyway.

“Signal is good,” he said, “but it still doesn’t provide enough privacy in our current situation.” The SIM requirement was a core part of that concern. He told me, “we need simcard to access signal application.” In a setting where device checks were conducted and the communications infrastructure was controlled around him, acquiring and using a number-linked account was a potential point of exposure.

Legal Pathways as a Nonstarter​

I asked whether he contacted lawyers: “If I contact any lawyer or any Laos authority, they would definitely put me in danger and might even kill me. You understand, when a very, very big authority does not respond to my email, at that time I had limited time and was also in a rush.”

He also said he did not know where to start legally while he was still inside the compound, and that his immediate priority was getting any trusted response from outside. In practice, he first contacted journalists, NGOs, and law enforcement channels.

Trust was another factor. He described actively vetting the one reporter who replied before speaking in depth, and said he feared that reaching out to the wrong person locally could expose him. In his words, contacting a Laotian lawyer or authority felt like something that could “put me in danger.”

From a design perspective, this matters because many “best practice” disclosure flows assume stable access to counsel. In extreme environments, that assumption can fail.

Cost and Aftermath​

Redbull estimated around $800 USD in direct costs tied to disclosure and exit planning. He also described continued impacts to his mental health, “My mind is not working well right now. I forget everything.”

In other words, the burden is not only digital. Housing, transport, food, medical care, and mental health determine whether someone can keep cooperating safely after first contact.

What he Noticed About Hush Line​

When I walked him through Hush Line, the features that stood out were not novel crypto claims. They were friction reductions:

• works in a browser
• no required account for sources
• no mandatory app install
• clear-net and onion access

"It seems very easy to use and share whatever, and then exit," he said.

He also reacted positively to not requiring app-store installs tied to personal identifiers.

That feedback tracks with what his threat model demanded all along: minimal steps, minimal trail, fast exit.

Why a Whistleblower Fund Matters​

I told Redbull that I want Hush Line to start a whistleblower fund to cover practical costs that software alone cannot solve: emergency travel, temporary housing, phone and data bills, basic living expenses, and mental-health support.

His response was immediate: “That’s great, but I know a whistleblower gives too much sacrifice to reveal the truth.” He also told me, “you are doing so many great things that no one else is doing.”

When I asked what a “perfect world” looks like for future whistleblowers, he said: “If whistleblower is somehow connected with you and your organization, then I think he has a good future and he has no need to think about anything, only focus on his work.”

What Software Teams Should Take From This​

Redbull’s case is extreme, but the design lessons are broadly relevant to high-risk reporting tools.

• Design for discovery, not just secure transport.
• Assume installation can be the most dangerous step.
• Treat persistent identifiers as potential hazards.
• Automated deletion of messages can create workflow issues.
• Assume endpoints may be compromised.
• Reduce cognitive load for people operating under stress and sleep loss.

Most importantly, don’t mix up technical elegance with what actually works in real life.

A whistleblower in crisis is not evaluating your architecture diagram or protocol’s white paper. They are evaluating whether a single wrong tap has human consequences.

Redbull didn’t ask for, nor did he need, a perfect system, just one that didn’t make a dangerous situation worse. When I asked if I could write this article about his tech journey, he said, "Yes please you can. It's necessary."

Qubes OS is widely regarded as one of the most secure operating systems available. Its strength comes from virtualization: instead of one system running everything, Qubes divides your tasks into isolated virtual machines.

Consider how this concept applies to your daily life. You may have a work laptop, a personal computer, and a school-issued Chromebook. Each device is kept separate for a reason—you don't want to job hunt on your work computer, or risk school monitoring on your personal device. In some cases, people handling sensitive information even keep an "air-gapped" machine that never connects to the internet, used only for opening files that pose a risk.

Qubes consolidates all of this into a single system. Work, personal, school, or air-gapped-style machines become separate virtual workstations, compartmentalized through their Xen-based architecture. These can run different operating systems, such as Fedora, Debian, Whonix for Tor, or even Windows, all at the same time.

Let's Begin​

For this guide, we’ll use a Dell Latitude 7280, a fully supported laptop on the Qubes hardware compatibility list and available for under $200 (at the time of this writing) and convert it into a hardened, compartmentalized laptop.

First, go to the QubesOS site and download the latest stable ISO of the operating system. It’s a little more than seven gigabytes, so it may take a few minutes.

Once finished, download and open BalenaEtcher, an application that allows you to write your .iso file to a USB drive.

Once you finish flashing the drive, boot up the laptop where you'll install Qubes. For the Dell Latitude 7280, when the machine starts, press the F2 key rapidly to enter BIOS setup.

In Settings, navigate to General > Boot Sequence. You'll see a list of drives for the laptop to prioritize; since we're installing Qubes from a USB drive, move USB Storage Device to the top. Apply the settings, plug the USB drive into the computer, then click Exit. Your laptop will reboot and use the USB drive containing the Qubes installer.

After rebooting, you'll see the Qubes installation options. It'll automatically select Test media and install Qubes OS [Rx.x.x], but you can press ENTER to select it manually.

When the installer begins, you'll choose your language. Next, click Installation Destination. Review the information and click Done in the top left corner to create the disk encryption password. Ensure you use a password manager and create a strong, random password or passphrase. In the next dialog titled Installation Options, click Reclaim Space to free up the necessary space for installation.

In the following dialog, click Delete all, then the Reclaim space button in the bottom right of the window.

Next, create a user. Use a different, strong password from your Disk Password. Finally, click Begin Installation.

Finishing Up​

The initial installation process typically takes around 15 to 20 minutes. When complete, click Reboot System and remove the USB drive.

After rebooting, you'll be prompted to enter your disk password. Next, you'll see another installer screen. This time, click QubesOS on the first screen. The next screen gives options for configuring Qubes. The most important option here is to check Enable system and template updates over the Tor anonymity network using Whonix.

This next installation can take 45 minutes to an hour. When complete, you'll log in with the user you created in the first half of the process.

🎉 Congratulations, you now have one of the most secure computers in the world, for about the cost of a trip to the grocery store.

I've talked to many, many whistleblowers over the years, and the story typically goes like this: see something, say something, become the problem, lose your job, face legal and financial issues, struggle to find another job. It's the paradox of whistleblowing; we valorize doing the right thing, and then attack the people who speak up. So here's another way to blow the whistle without risking everything.

Know Your Values​

It's important to remember that in the hodgepodge of the office culture, there's a diversity of every kind of belief system. You aren't going to be in line politically with everyone, and that can't be a blocker for your performance. While on one hand, you must place your personal beliefs aside in some cases, in others, such as those involving legal or ethical disagreements, it's important to know where your line is.

A recent example that comes to mind is of an executive who became aware of extensive fraud within his company. Being in a leadership position, he wanted to fix the issue, but found that he was the only one willing to even talk about it. Things got uncomfortable, and realizing he couldn't make the progress he wanted, he resigned. Once the legal barrier was breached, he valued his freedom over loyalty to a company that could lead to prison.

Takeaway: It's better to leave a bad job.

Keep It To Yourself​

We're social animals after all, so this may go against your best instincts, but if you're concerned about significant legal or ethical violations, you shouldn't confide in anyone but a lawyer with privileged conversations. Gossip is the most efficient force in an office, so if you don't want people labeling you as a risk (even the ones you're aligned with), you need to keep it to yourself.

Takeaway: Loose lips sink ships.

What About Internal Legal and HR?​

An early lesson that everyone should learn before entering the job market is that your employer's legal and HR work for the company, not the employees. These offices are there to identify risks to the business and to eliminate liabilities. There's not much more to it than that. So even if you just got a new General Counsel or "Chief People Officer" who is young, hip, and garners trust, you are not their client or priority, no matter what they tell you.

Takeaway: HR is not your friend.

It's Easy To Get Caught​

Are you reading this article as a concerned employee interested in blowing the whistle, and you're on your work computer? You've already misstepped. Workplace networks are almost always monitored, and the level of visibility is down to not only the website you visit, but also the web services that site uses. So if you visit nytimes.com, your employer will see that, as well as Google Analytics, or any other service the Times uses for their site. And for good reason; if you ever visit a seemingly benign site that uses a CDN in a "high-risk" country, you may be putting that network at risk.

Below is an exmaple of basic DNS monitoring. You can see different devices automatically making network calls, with full transparency about their activity.

Takeaway: Never use a work computer, VPN, or network to do anything whistleblowing-related.

Document Everything, But Don't Take Documents​

A key piece of information you'll need to support your concerns is your own documentation. Were you in a meeting where you were asked to do something you and the room knew to be illegal? Take note of the date and time of what you were asked to do, and who was present. Use a personal, non-work-issued phone with disk-encryption enabled (iPhone does this by default) and a strong passcode to keep notes. If you use an iPhone, make sure Advanced Data Protection is enabled so your notes and backups are end-to-end encrypted.

While it may be tempting to use your phone's camera to take photos of your work computer, you should avoid this, since that can still be considered stealing company information. In fact, DO NOT take any documents from your workplace. You don't want to break the law trying to do the right thing. Wait until speaking to a lawyer before taking anything, including forwarding emails.

Takeaway: Taking documents, including photos of documents, can land you in jail.

Talk To a Lawyer​

You don't need a year's worth of notes before you can talk to a lawyer, and you don't need a lot of money, either. Many lawyers work on contingency, meaning they only get paid if you win. So, once you have a reasonable amount of information to support your concerns, reach out to someone who can help, ideally in your state, province, or area, who knows your local laws. You can find lawyers in the US on Hush Line's User Directory.

You don't have to show up perfectly to have a productive conversation, but when you speak to the legal professional (who can legally provide attorney-client confidentiality), make sure you sign a contract establishing that person as your legal representation.

Takeaway: It likely won't cost you anything to consult with a lawyer.

Be Prepared To Drop It​

Not everything concerning is illegal or unethical. If you learn that there's not a case to be made, be prepared to walk away. If you're going to risk your career, it should be for a slam dunk, not a reaching claim. And if you can't produce hard evidence, you may find lawyers hesitant to take your case.

Takeaway: It's better to live to fight another day.

Ready? Now, Resign​

It may be a shock to hear, but if you have a strong case, you should immediately start looking for another job. "Difference in company vision" can be an adequate reason to give to your next employer for leaving your last role. Why resign? Once you're outted as someone behind a lawsuit targeting your company, everyone around you will now see you as a risk to their livelihoods. You've become a problem, and if the law keeps you in your job, it may be social ostracism and a dead-end career ladder that makes you finally leave.

The greater risk than simply being the office pariah is the stress that blowing the whistle can bring into your life. There are many stories of people spiraling into drug use, depression, and even suicide. Imagine having a career you've dreamed of your entire life taken from you because you wanted to do the right thing. Think it'll be easy to find a job after the fallout? Most whistleblowers change careers entirely because they're wearing the scarlet letter of Liability.

Many lawsuits can take years, and lawyers have methods of keeping you anonymous, at least through the most sensitive stages of the process. By the time your name comes out, you'll be in a different role at a different company, and will have more safeguards than you would from inside the organization you're in litigation against.

Takeaway: Fight from the outside to protect yourself and your career.

Eh, Let's Just Drop It​

It's never a bad decision to take time to assess whether you want to go through with the process of disclosure. If you have a family, valued career, a high-paying job, or something else keeping you at your job, you're going to feel a strong sense of protectionism to guard what's yours, and that's good.

If you decide to walk away from the issue you identified, AND you haven't raised any alarms internally - talking to coworkers, HR, legal, or using your computer to research the crimes you're investigating - you can safely go back to your normal life. And if you find yourself in a workplace with ethics you don't align with, it's okay to look for a new job, even if the company has a name that looks great on a resume.

Takeaway: Don't raise alarms, and you can make decisions without stress.

[This article is a draft and subject to update.] It's tough out there. Grants seem harder and harder to come by, and the cost of maintaining software services is ongoing. We were honored to receive a grant from the Data Empowerment Fund for $100k; it enabled us to reach a stable, robust, production-ready state, enabling our first paying customers and many more free users. But another grant we were crossing our fingers for fell through, and it's a reminder that this cannot be our primary funding source for stable, long-term infrastructure.

This realization is not new - I understood the scarcity of funding compared to the for-profit world. It was a lesson learned quickly, and as someone with a career as a product designer, SaaS seemed like an obvious solution to a ubiquitous problem in my new industry. This is not only an obvious solution but also one with a significant monetary upside that, and combined with our 501(c)(3) structure, offers a compelling model for self-sustainability and community empowerment.

The Consumer Non-Profit Software Landscape​

If you work outside the tech or tech-adjacent industries, you'll be hard-pressed to name a single non-profit or open-source piece of software, let alone one you use. You'll probably be able to name a lot of consumer alternatives - Google, Apple, Dropbox, Outlook, Slack - though all of these use open-source software to drive their closed-source development, their model is to charge a lot, make it expensive to leave, and lock you into a system to which you become dependent.

The Problem With For-Profit Software​

The astronomical profits Big Tech companies make create new record levels of wealth inequality that allow Big Tech CEOs to displace communities and businesses for their private use. At the same time, the dream of home ownership is a fading reality for most people.

Hawaii has long been a place where the world's elite has flocked. And tech billionaires are now among the newest cadre of migrants to buy land in the islands. Amazon founder Jeff Bezos owns a sprawling beach mansion in Maui. Facebook co-founder Mark Zuckerberg has plans to build a bunker on his land in Kauai, according to Wired. Benioff's former boss, Oracle co-founder Larry Ellison, owns 98% of Lanai. And the list goes on.

What's different here is that rather than focusing on coastal mansions in gated communities, Benioff is buying property in a rural residential town. In the majority of instances, he's paid more than current market value, according to public records. For example, the longtime Mamane Bakery — known for its lilikoi cheesecake and mango-guava hot cross buns — shuttered after he purchased the land for more than 50% above the current market value.

Shifting The Profit Model​

The most important part is that the upside for making money is so great that a successful application of it in the non-profit sector could create generational, self-funded charities that are legally required to do good. What if instead of buying for-profit, billionaire-making CRM software, you had an alternative whose profits went to reforming corruption in business? Instead of fighting for $100,000, what if an organization could organically make 100x that and give a large portion away?

This is our opportunity with Hush Line. Anonymous reporting is a cross-industry need, legally mandated in some sectors and countries. Open-source software is our development model, enabling community review of our source code and other organizations and individuals to use our software for free. Even though anyone can install our platform themselves, we understand that most people and organizations are non-technical and cannot operate and maintain their own software infrastructure. Additionally, if you're buying security software, it's imperative to know that the code treats your data the way the makers say it is.

Monetization & Distribution Model​

Software​

SaaS​

If you visit hushline.app to create an account, you're using our software as a service (SaaS) platform. A free tier offers most people everything they need for a secure, anonymous tip line. We have a low-cost paid tier or licensed managed single-tenant instances for businesses or professionals who require more features. For developers, hobbyists, or businesses with technical proficiency, anyone can freely install and use all of Hush Line's features.

PaaS​

Some organizations may want their own independent app and infrastructure instead of using hushline.app. In this case, we offer managed single-tenant instances that are perfect for all sizes of business. We can rapidly deploy to the same infrastructure that the core Hush Line platform uses, or tailor any deployment to the needs of the organization. Costs are similar to ours, but end up being cheaper since only the main service uses a staging infrastructure.

Hardware​

For high-risk tip line owners who do not want to trust any third-party services, we offer a hardware device that runs Hush Line locally as an Onion Service; higher security and anonymity are critical for their work for a smaller audience — human rights defenders, investigative journalists, or high-profile lawyers. We offer devices for $500 that are fully self-contained, Tor-only Hush Line instances. If your threat model is one in which you cannot trust any third-party infrastructure, this is your best option.

The Opportunity​

If successful, the market opportunity will be $238m in 2025, growing to over $300m in 2032. Even on the very low end, becoming profitable is possible. It only takes about $3,000 to operate Hush Line's software annually. Once we surpass the point of platform financial stability, we will have money that will go toward more than making a few people rich.

Whistleblower Fund​

As with any charitable cause, people are the point, and the folks we're helping are whistleblowers. These individuals often lose their careers and life savings and can suffer from significant mental health issues. To address this, we're starting a new whistleblower fund that will directly support whistleblowers' pragmatic needs, with a small portion reserved for the development and maintenance of the Hush Line platform.

Governance​

Though the specifics are undecided at the moment, the fund may be a new independent non-profit, governed by former whistleblowers, whistleblower lawyers, and others. 

Funding Goals​

If we chose a 70/30 distribution model, we would need recurring $1,000/mo donations, combined with sales, to "keep the lights on."

Ideally, we could afford ~10 hours/mo for an engineering contractor, around $2,000. To get to this amount, we'd need to raise or earn around $7,500/mo with the same 70/30 distribution for Hush Line to earn enough to cover everything needed. Eventually, as the fund grew in popularity, we could even sustain a full-time team.

In a perfect world, we can have a full team, which would require about 6-12 people, requiring $6,000,000 ARR (annual recurring revenue), giving Hush Line a $150,000 monthly budget, and providing $350,000 every month for direct whistleblower support!

Financial Support With a 70/30 Distribution​

Obstacles​

While it seems straightforward, we face significant obstacles. The new organization governing the fund still needs to be formed. Will a 501(c)(3) be approved that explicitly supports whistleblowers? Federal staff have been laid off in record numbers, and the regulatory situation in the US government is tenuous at best.

Adoption is the largest barrier to success. While we don't need much, we're the new kid on the block, and as a non-profit with exactly $0 for advertising or sales as of writing this, it's a slow game. Large non-profits like Wikimedia, Signal, or Tor have a large and loyal donor-base. We're entering the industry during difficult economic and political times, and asking working people for their limited funds is a delicate thing.

There always seems to be more than one top priority when building software, but security is among the most important. Offering a centralized service makes you a target, and if we ever experience a data breach, it could cause significant reputational damage. Security is a moving target requiring constant vigilance and proactivity. Our engineering team is made up of security experts and industry leaders, but nothing is perfectly secure, and people are fallible.

How We Get There​

This year, we'll start the formation of the new fund and assemble a governing board that will ensure the funds are used as stated in our mission goals.

The individuals who oversee the fund will have a first-hand understanding of the battles people who speak up face: whistleblower lawyers, former whistleblowers, journalists, or others who support the needs of people engaging in responsible disclosure.

Do you know someone who should be on the Board? Reach out to me on Hush Line!

Whistleblowing software adoption is on the rise. Legislation requiring companies to have internal and external methods of confidential reporting is active in the EU, and states in the US, including California, require companies to publicize the State's Attorney General's Office hotline phone number. At the same time, federal whistleblower protections are eroding at breakneck speed.

If you work at a larger organization, you've probably been asked to fill out "anonymous" surveys about team and company health, ways to improve, etc. Laughably, many times, these anonymous forms are actually logged-in Google Forms that are in no way anonymous.

DNS Monitoring​

For remote workers, you're probably familiar with using VPNs to access work servers, email, or other internal-only things. VPNs for work allow you to operate as if you were in the office on an internal network. Here's an example from my home network's DNS logs:

Since I've given my computer a custom hostname, instead of seeing an internal IP address, which could tell you a lot, I can easily find my computer with a human-readable name. Now, if someone runs a company and receives a report of serious allegations of wrongdoing, they can do one of a few things: 1. take the tip, act on it, and save lots of money, or, 2. find the person who submitted the report and "fix" the problem. Most of the time, companies choose option 2. If I access the network using a VPN, the logs are no different.

So, if on March 16th at around noon, a company receives a tip that threatens to go to the press if action isn't taken, all they need to do is look back through their network logs to see who visited the tip line then. "But the system is anonymous because I didn't have to log in to submit a message!" No, sorry. "But it's end-to-end encrypted!" That only means that only the intended recipient can read the message, but in this case, I don't need to know the contents of the message; I just need to know who sent it.

The Dangers of MDM and EDR Software​

Some employers ask employees to install MDM (mobile device management) software on their personal devices. DO NOT DO THIS! MDM software enables monitoring of the contents of your phone, including the ability to add or remove apps, check your contacts, monitor your location, view browsing history and network connections, and see a full list of the applications you have installed. It's basically an administrator account run by your company. Does any app your company offers have a custom keyboard? These can log your keystrokes, so switch back to a system keyboard if possible. If your company uses EDR (endpoint detection and response) software, it can log keystrokes for forensic analysis, including texts sent over any application, including Signal.

What to do Instead?​

It's best to use a personal device on a private network or that you own, including your phone. Again, no corporate MDM or EDR software should be present on your device. One way to check if anything is installed currently is to check for "Profiles" in your phone's settings. Nothing from your company or anything else you don't recognize should be there.

Low Threat Scenarios​

In most situations, people want to report non-sensitive information. Using your personal device on a non-work network is perfect for this scenario. App owners could add IP address logging, but in this case, your IP will only show general location information. If that IP address becomes caught up in illegal activity elsewhere, law enforcement could subpoena the issuing ISP for customer information.

Medium to High Threat Scenarios​

Non-Onion Services​

When someone does have reason to worry about using a tip line, including when disclosing serious issues of governmental corruption, national security, or other ethical or legal concerns, they may use our native Onion services. Using Tor Browser with an Onion service enables the highest levels of protection, because connections never leave the Tor Anonymizing Network.

Onion Connections​

When you connect to a normal website on Tor Browser, it uses a volunteer computer to exit the network and connect to that website. Theoretically, the exit computer could be compromised, and the originating requester could be deanonymized. This isn't possible using a .onion address because there is no exit connecting to the normal internet.

Hush Line is a general-purpose anonymous reporting tool that can be used across a range of industries. In this article, we'll explore how journalists and newsrooms can quickly get started with a Hush Line account that'll enable anyone with an internet connection to reach you without downloading a new app or creating an account.

I've been working on private messengers for a while. In 2016, I worked on Signal's first desktop app redesign. Around the same time, I started working on OnionShare. This peer-to-peer file transfer tool uses the Tor Network to create ephemeral anonymous connections for leaking sources to journalists. The work led me to contribute to CalyxOS, a de-Googled Android OS, for a few years and eventually join the Board of Advisors for Distributed Denial of Secrets. This non-profit publishes and archives public interest hacked and leaked documents.

I love usability. My career has been as a product designer and user researcher for a Big Tech enterprise organization, where I worked on many exciting projects, including search, identity and authentication, voice, and more. But my passion for public interest work outweighed enterprise software, and I left to start Science & Design and then create our first product, Hush Line.

What is Hush Line?​

Hush Line is a SaaS (software as a service) platform where anyone who needs a tip line can easily sign up for free. We already have journalists from ABC News, Mother Jones, Reveal, BBC, and more, and the service enables anyone in the public to reach them anonymously. Communications are end-to-end encrypted, and whistleblowers do not need to create an account or download any apps, including Tor Browser, in order to send a secure and private message that only the tip line owner can read.

We're different from other tools familiar to journalists, including SecureDrop and GlobaLeaks, because these options are self-hosted, meaning you need to run your own software or hardware infrastructure to use them. Conversely, Hush Line enables anyone to sign up for an account on a centralized service, eliminating the need for self-hosting. We're also free. Other solutions mean paying developers, buying specialized hardware, training staff, and following prescriptive workflows.

How to Use Hush Line​

After signing up, you only need to add an encryption key to start receiving messages. If you use Proton Mail, it's as simple as entering your Proton address, and we'll import your public key into Hush Line! Now, when you receive rich notifications back to that same email address, your tips will seamlessly and automatically be decrypted in your inbox!

Add Information About Yourself​

Include a descriptive bio and additional links in your profile details that point to your profiles on your newsroom websites, personal social media accounts, Signal username, or anything else that'll act as social proofs to help your community confirm authenticity.

Self-Authenticating URLs​

Adding a self-authenticating or verified URL is easy and helps us fast-track your account verification process. Just add a link to your Hush Line profile on your website, and include rel="me" in the anchor tag. Then, add your website to your profile details on Hush Line, and you'll see a checkmark appear. Here's a full tutorial on adding verified URLs.

Request Account Verification​

We offer free verified accounts to journalists and newsrooms. Once your account is ready, send a message to the Hush Line Admin account, including your Hush Line profile and a way to contact you if it's not already in your profile details.

Publicize Your Address​

In order for people to know they can send you messages on Hush Line, they have to know you use it! The easiest and best way to share your tip line to ensure plausible deniability for sources is to share widely. Add a link to your Hush Line profile on your social media accounts, in your email signature, on your personal and professional websites, or anywhere else someone might go to attempt to contact you.

We already have received reports that users have received helpful messages from places with censored internet access.

Add to Your Social Profile​

Fun fact: I started contributing to OnionShare because I found Micah Lee's Signal contact on his Twitter bio and reached out, and we've continued collaborating on it for years. With Hush Line, the person sending a message doesn't need to be a user of the platform or download an app, as in the case with Signal.

Paige St. John, a Pulitzer-awarded investigative journalist at the Los Angeles Times, adds a link to her Hush Line account on her LinkedIn profile:

Joshua Byrd, a journalist at ABC News, adds a link to his Hush Line account on his Mastodon profile:

Add Yourself to the User Directory​

If someone comes to the Hush Line User Directory looking for someone who can help make your profile discoverable, there can be a difference between success and failure for them. Just toggle the option in your Profile settings, and you'll be listed where visitors can find you.

Daniel Schulman, deputy editor for news and politics at Mother Jones and the Center for Investigative Reporting, has opted into the directory so anyone can send him an anonymous, end-to-end encrypted message!

Conclusion​

Setting up Hush Line is so easy you'll wonder why you haven't done it sooner. If you need assistance, you can contact us on Hush Line at https://tips.hushline.app/to/admin!

One of Hush Line's strengths is offering free Verified badges to tip line owners who want to prevent phishing attacks by adding an additional measure of authenticity to their accounts...

Step 1: Link To Your Hush Line Account​

On a website that you own, or if you're a legal representative of a business on a site you have control of, add a link to your Hush Line profile. It can be located anywhere, but must include rel="me" in the link. For example:

<a href="https://tips.hushline.app/to/myaccount" rel="me">Message me on Hush Line</a>

Note that your link doesn't have to say Message me on Hush Line, it just must contain rel="me" and point to your profile.

Step 2: Update Your Bio​

In your Hush Line settings, from the Profile tab, scroll to find Profile Details. You'll see four fields in which you can add any information that helps your community trust that your profile belongs to you. One of those fields should be to the website whose link you just added to your Hush Line address.

When you click Update Bio we will automatically verify that the code from Step 1 exists, and you'll see a new checkmark!

Step 3: Check Your Profile​

Once you verify a URL, anyone who visits your profile will see a checkmark, demonstrating that you own or control the listed website.

🎉 Congratulations! You now have a verified URL on your Hush Line Profile!

I love Signal. I was almost their first full-time designer when the team was only four people with a physical office back in the Mission in San Francisco. I turned the offer down because I was too junior in my career to feel like I could be as effective as I knew I could be with more time at the Big Tech company I worked for...

...I volunteered, rejecting even being paid for my time since I had a job that paid enough. And I personally use Signal almost exclusively, so there’s no shade when I say emphatically (especially looking at you, journalists), “Signal is not enough!” Below, we’ll look at internet and messaging usage data in the United States to inform a data-informed tip line strategy.

The Data​

There’s a particular bias against anything but Signal if you’re a journalist in the US, but this bias seriously hurts your potential impact. When I worked with the team, adoption was one of the biggest problems to solve as they were hovering around 100K users, even with the stamp of approval from Snowden. Now, the app has had a nearly 700x increase in users at around 70M globally! It’s excellent news for the team at Signal — a foundation was created (just for Signal), a billionaire is their chairman, and their future is all but guaranteed.

Signal Users Globally from 2019–2024 However the total number of internet users in 2025 is ~5.5B worldwide, and Signal is but ~1.3% of that total share.

Total Internet and Social Users in 2025 Okay, so Signal might have a modest share of the total pie, but people in the US must get it, right? Looking at the top messaging apps, it doesn’t seem so. In fact, Signal isn’t in the top 10.

Top Messaging Apps in the United States Here’s a personal story that I think about all the time. When I was working with the team, Moxie traveled down to Menlo Park to personally work with the WhatsApp team to integrate the Signal Protocol. It was a normal, slow morning when he said that it was done and deployed, almost as an “oh, by the way,” kind of thing, and it was at that moment, my mind exploded. Just like that, 1,000,000,000 (one billion) WhatsApp users worldwide had the strongest encryption on the market. Now, it’s used by two of the top four most-used messaging apps in the world, so by all counts, the scale of their positive impact deserves a Nobel Prize, in my opinion. Having said that, Signal itself isn’t among the top 10 most used apps in the United States. A more recent story: I was visiting one of my besties, whose son I’m the godfather of, who is now 19 years old and studying cybersecurity. Since my career has been in software, and most recently in the security and privacy space, I was eager to introduce him to influential people I know and to try to give him real-world experience, maybe with work on Hush Line. “If I’m going to intro you to ppl, let’s move to Signal” I said. “What’s Signal?” was the reply to which I had to put my phone down and take a breath before replying, “Oh, young one…”

Your Tip Line Strategy​

Should you abandon Signal? Absolutely not. But it can’t be your only solution for people to reach you. Other solutions like Proton Mail have emerged as great, lower-friction options, but as of 2023, even they only have 100M users, less than 2% of all internet users. On the other hand, email is used by ~4.5B users worldwide. But what’s better than ~4.5B users? What about everyone? Now, let’s talk about Hush Line.

Anyone internet user can send a message Hush Line is our anonymous reporting platform that doesn’t require internet users to create an account or download any apps to use. Tip Line owners can have messages forwarded to their email service of choice, and messages are end-to-end encrypted. Someone submitting a message with an elevated threat model can use our Onion Service to access Hush Line anonymously using Tor Browser.

Get Going​

The best news? We’re free, open-source, and non-profit managed. Our team has worked on the most ubiquitous secure messaging platforms in the world, and we deeply care about making it easy for whistleblowers to find help. Are you making it harder than it needs to be for vulnerable people who need help? If you’re only using Signal, the answer is yes. Sign up for Hush Line at https://tips.hushline.app/register.