Create a Tipbox

About Tipbox

Fill out this form and we will send you a unique and private URL that you can share to start collecting anonymous feedback and tips.

To enable end-to-end PGP encryption, make sure that the public PGP key associated to your email address has been published to a public key server.

Tipbox created

Your tipbox has been created

The unique and private URL for your Tipbox has been sent to you by email.

#protip: Put your unique URL in your Twitter Bio or in your email signature to let people know how they can reach you anonymously. Or share it within closed communities (e.g. LinkedIn, Facebook groups or forums) to increase the quality of the tips.

Browser Not Supported

Please use a modern browser to use Tipbox.

The browser that you are currently using does not support advanced cryptographic features that Tipbox is using to encrypt the content of your tip before sending it through the network.

Supported browsers: Safari or Chrome on your iPhone or Android, or Internet Explorer 11 or later, Google Chrome, Apple Safari or Firefox on your computer.

TipBox
  • About
  • FAQ
  • Security
  • Terms of Service
  • Privacy Notice
  • Donate
  • Transactions
  • Artboard 1

TipBox

 ☰

Share a URL to collect anonymous feedback

Create a Tipbox

TipBox in Action

  1. Enter your E-Mail
  2. Enter a Subject Line
  3. Get a Unique URL that you can share to start collecting anonymous feedback

Features

  • Artboard 1

    Anonymous

    The person sending you a tip doesn't need to provide any information about them. We don't keep any logs, we don't store any data. There is no way for you to know who sent you the email (unless the person explicitly decided to provide contact information in the body of the email).

  • Artboard 1

    Nothing to install, just open a link

    Make it easy for people to send you tips. Don't require them to install anything. They just have to click on the unique URL of your Tipbox and they are good to go. It's that easy.

  • Artboard 1

    End-To-End encryption

    If you have a PGP key associated to your email address, you can turn on End-To-End encryption. In that case, our server will never be able to read the content of the tips that are sent to you.

About

Tipbox is a free open source service to receive anonymous tips via email.

Ideal for journalists to receive tips or to collect testimonials from certain communities, or for managers to get direct and honest feedback from their team.

Tips are encrypted using PGP on the client side. We don't keep any logs and we don't store any data. Only the recipient gets the email.

This service has been developed with ease of use first and as such doesn't require installing any software. Therefore, we are relying on the security model of your browser. That means that we can't technically make any guarantee that you are running an untampered version of this software. If you care about high level of security, please read our security section very carefully.

See our FAQ for more information.

F.A.Q.

How does it work?

Just provide your email address and a subject line of your choice and we will send you a secret and unique URL that you can share wherever you like. When someone opens that URL, a familiar email interface will invite them to send you an anonymous email (the recipient and the subject line of that email will be already prefilled with what you have defined). If you have a PGP key associated to your email address on a public key server, we will use it to encrypt the email end-to-end.

What is this for?

If you are a blogger or a journalist, you may want to use this to get information from insiders. Create a tipbox and share the link within the appropriate LinkedIn or Facebook group. Remember, "News Is What Somebody Doesn't Want You To Print. All The Rest Is Advertising Or Public Relations."

If you are a manager, you may want to use this to get feedback from your team. You would be surprised of the quality of the feedback that you could get if you can guarantee their anonymity. It’s also very important to give your employees an easy way to voice their opinion internally.

Why building this?

Today, there isn’t any easy tool for journalists to gather anonymous tips. As a result, most of them rely on non-encrypted emails and their sources have to basically create a new email address which takes time (especially now that most email providers require a phone number). So we thought that we could come up with a very easy tool to use that would remove the need for the tipster to create a new email address.

How secure is this?

For the tipster, it is as safe as creating a new email address and sending an email with it through a web interface and removing it right after from the “Sent” folder.

For the journalist, it is as safe as receiving an email. But if have a PGP key associated to your email address, you can opt-in to receive a PGP encrypted email which is definitely safer to keep in your inbox than a non-encrypted email.

That said, since Tipbox doesn’t require the tipster to download any piece of software, it relies -like any other webmail service- on the security of the browser which is not full proof. That’s why we advise against using Tipbox for NSA level leaks. For very important leaks, you should better use SecureDrop which has been especially engineered for that purpose.

What about the metadata?

While we don’t keep any logs, there are many intermediaries between the end user and our server. Each of those could keep the logs to identify which IP addresses connected to our server. That’s why we strongly advised against using Tipbox while being connected to the Wifi network of your company. Just use it on your phone with your data plan. For increased anonymity, you could also connect to our server via Tor: tipboxtdf3ydy5xq.onion.

However, Tipbox has been engineered in such a way that intermediaries can’t identify the recipient, subject or content of the tip. Intermediaries can’t distinguish between visitors who come to create a new Tipbox and those who use it to submit a tip to person A or to person B.

If security is very important to you, please read more about security.

Who is behind this?

Xavier Damman (@xdamman), Mark Percival (@mdp), @tgouverneur, @montogeek, @evilrabbit_
with the financial support of the Knight Foundation.

Follow this project

We will post updates to our Twitter account @GetTipbox.

You should also star/watch our public repo https://github.com/xdamman/tipbox. This is an open source project. Contributions are welcome!

Security

There is always a tradeoff between ease of use and security (that's why you don't live in a bunker). By not requiring your potential sources to install an app, there is a risk that a hacker could tamper with the files served to them to include a key logger.

To do that though, the hacker would have to know before hand who is going to send a tip through Tipbox. They will also have to find a way to get in between that user and our server just before the source loads the Tipbox website. Not easy to pull off especially over HTTPS but not impossible.

That’s why you need to think of Tipbox as a U-lock for your bike: perfect for everyday use but not full proof. Given enough dedication, time and appropriate tooling, adversaries could tamper with it if they know before hand who are your sources. Depending on your threat model, this may or may not matter. It’s all about finding the appropriate tool for the job. That’s why we don’t recommend using Tipbox with sources that are already under active surveillance.

However, once a tip is sent (and if you use the end-to-end PGP encryption option of Tipbox) it's NSA proof. At best, an investigator could trace back who visited the Tipbox website if they can access the logs of the ISP (Internet Service Provider) or the logs of the network that your source used to connect to the Internet (don't use Tipbox on your company computer/network!). But they couldn't prove if the user sent a tip and to whom, and they certainly can’t find out the content of the tip without your private PGP key.

If you need a higher level of security, you should require your source to install an app (such as Signal for iPhone or TextSecure for Android) or use SecureDrop.

Technology

This site is using the latest SSL cryptography standard. We don't keep any logs and we don't store any data. The tips are directly sent to the email address of the recipient. If the recipient has a PGP key associated to their email address on a public key server, we will use it to encrypt the email end-to-end. If there isn't one, we will still use PGP to encrypt the email from the browser of the user to our email server to avoid man-in-the-middle attacks (as the French government did to spy on its own users).

The unique and private URL of a tipbox has the following format: https://tipbox.is#email/subject/[fingerprint]/signature

Since all the information that identifies a tipbox is in the hash, it is never sent to the server. The frontend client reads it and encrypts it with the PGP key of the server before sending it with the content of the tip. This way, even in the case of a man-in-the-middle attack, the attacker won't be able to tell which Tipbox the user was trying to send a tip to.

Potential risks

Any intermediary between the end user and this server (such as your ISP) could record the IP addresses that are connecting to this server. To be clear, that would only reveal who accessed this server, not the actual Tipbox, recipient or content of the tip. This could be mitigated by connecting to this site through Tor at tipboxtdf3ydy5xq.onion.

Sophisticated attackers who could monitor the requests coming in and out of our server to do statistical analysis of the traffic based on the size of the requests. To mitigate this, we add padding to the requests sent to our server. That way, whether your tip is short or long or contains an attachment or not, its size won't reflect its real size and observers can't make any assumption on its content. We also add a random delay between the request to our server and sending the tip to the recipient so that observers can't easily synchronize logs.

Another potential security risk would be someone hacking into our server and changing the html/javascript code being served to our users. To mitigate this, we invite you to make sure that the html page and javascript file served by this server are the same than what is available on our public repo. That way an attacker would have to hack both our server and our Github repo which has 2-factor authentication.

For all those reasons, while Tipbox is making a lot of effort to make it very hard for attackers or any government to spy on who is sending you tips, we can't make any guarantee and you should use this service at your own risk. For high risk whistleblowing, you should better use SecureDrop or you should require your source to install an app such as Signal for iPhone or TextSecure for Android.

Terms of Service

TL;DR;

Tipbox is not a funded company. It’s an open source project with contributors from all around the world who want to help you collect anonymous emails in an encrypted way. Use at your own risk. Thank you, love, - Xavier & Mark, founders of Tipbox on behalf of all Tipbox contributors.

Acceptance of Terms.

This is a binding contract (“Terms”) between you and TipBox, (“we,” “us,” “our,” “TipBox”). By using TipBox, you agree to be bound by these Terms. If you use TipBox on behalf of an organization, you agree to these terms on behalf of that organization. If you do not agree to these Terms, you may not use TipBox. We may update or alter TipBox features and functionality at any time, and these Terms will still apply.

Eligibility.

TipBox is provided to individuals who are at least 18 years old or to minors who have parental consent to use the service.

Changes to these Terms.

If we make changes to these Terms that are material, we will let you know by posting a notice on our home page. The notice will designate a reasonable period of time after which the new Terms will take effect. If you disagree with our changes, then you should stop using TipBox within the designated notice period. Your continued use of TipBox will be subject to the new Terms.

Intellectual Property:

TipBox is an open source project distributed under the terms of the MIT License. By using TipBox, you agree to abide by the terms of that license.

Responsibility for Content.

You are solely responsible for any content you transmit via TipBox. You agree that you will not use TipBox for any purpose that is unlawful. TipBox does not monitor content. You understand that you may be exposed to content that is inappropriate or illegal, and you assume all risks associated with your use of TipBox.

Feedback.

We appreciate any feedback, comments, or suggestions you may have for improving TipBox. If you have suggestions or wish to help make TipBox better and more secure, please contact us via our GitHub page.

Third Parties.

TipBox does not control, and is in no way responsible for, the acts or omissions of any third party, including but not limited to your ISP, email provider, or other intermediary. We strongly encourage you to carefully review the Terms of Service and Privacy Policies of any third party vendors you choose to use in conjunction with TipBox.

Termination.

You are free to stop using TipBox at any time. We also reserve the right to suspend or stop making TipBox at any time at our discretion and without notice.

Disclaimer of Warranties.

You expressly understand and agree that your use of the TipBox is at your sole risk. TipBox is provided on an "as is" and "as available" basis. TipBox, its founders, and its contributors expressly disclaim all warranties of any kind, whether express or implied, including, but not limited to the implied warranties of merchantability, fitness for a particular purpose and non-infringement. TipBox and its subsidiaries, affiliates, contributors, agents, and licensors make no warranty that (i) TipBox will meet your requirements; (ii) TipBox will be uninterrupted, timely, secure or error-free and (iii) the results that may be obtained from the use of TipBox will be accurate or reliable.

Limitation of Liability.

TipBox shall not have any liability for any indirect, incidental, consequential, special, exemplary, or punitive damages under any theory of liability arising out of, or relating to, these Terms or your use of, or inability to use, TipBox. As a condition of receiving access to TipBox, you understand and agree that our liability shall not exceed one satoshi.

Indemnification.

You will indemnify, defend, and hold TipBox, its founders, subsidiaries, affiliates, and contributors harmless from any and all claims, damages, losses, liabilities, actions, judgments, costs, and expenses (including reasonable attorneys’ fees) brought by a third party arising out of or in connection with: (i) any act or omission by you, in connection with your use of TipBox or (ii) your breach or alleged breach of any of these Terms. We may, in our discretion, elect to take over control of the defense and settlement of a claim subject to indemnification. You agree not to settle any such claim without our prior written consent.

Entire Agreement.

These Terms constitute the entire agreement between you and us regarding your use of TipBox.

Waiver and Severability of Terms.

ipBox’s failure to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. If any provision of these Terms is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties' intentions as reflected in the provision, and the other provisions of these Terms remain in full force and effect.

Governing Law.

You agree that these Terms, and your use of TipBox, are governed by California law, in the United States of America, without regard to its principles of conflicts of law. You and TipBox agree to submit to the personal and exclusive jurisdiction of the courts located in San Francisco, California.

Privacy Notice

We don’t store or share any data, of any kind, about users of TipBox. Period. Full stop. We keep no logs; we have no database. We literally don’t even know how many people use TipBox.

Personal Data We Require

In order to create a TipBox you must give us an email address, so the tips will know where to go. TipBox embeds your email address in the unique URL that is automatically generated for you. We do not store the email address you give us in any form -- as explained above, we don’t keep a database of TipBox URLs. It is up to you whether and how you decide to share the TipBox URL containing your email address.

Further Explanation of the Data We Do Not Collect

When you create a TipBox, we don’t require you to register for an account. We don’t ask for your real name, a username, or a password. We don’t collect your IP address, we don’t know where you live or what language you speak.

We also don’t read or store any of the data that is automatically sent to us by your browser, including information about your browser type, what operating system you run, or even whether you’re accessing TipBox via a mobile device.

We don’t set cookies, or any other technology that can track what you do on our site or across sites. No Google Analytics. We know nothing about you.

We Can’t Share What We Don’t Have

Whether it’s the NSA, a marketing company, or your ex, anyone who comes looking for your data from us is going to be out of luck. The most we’ll be able to give them is a polite explanation of how encryption works.

Security

You can find out about TipBox security here. While we work hard to keep tips anonymous, we do not guarantee perfect security. You use TipBox at your own risk.

Deleting a Tip

The only place a TipBox is stored is in your email inbox. We do not backup tips, so if you delete a tip we cannot recover it for you. Consider yourself warned.

What Other People Might See

Because we rely on in-browser security, there is a risk that a third party, such as your ISP or a malicious attacker, could find out that your IP address connected to a TipBox server (but – by design – they can’t tell which particular TipBox a user was trying to send a tip to). If this is important to you, we recommend you use Tor (you can connect to this server with this .onion url: tipboxtdf3ydy5xq.onion). We have no control over the logging policy of any third party intermediary, and are not responsible for any acts or omissions by third parties.

Changes

We may update this Notice to reflect changes in our product or applicable laws. If we make material changes that might impact you, we will notify you by placing a prominent notice on our home page.

$0
How should we credit you on our supporters page?. Pseudonyms are fine.
Where should we link your name to? Your profile page on Twitter/Facebook/Instagram or LinkedIn is fine.

Thanks for your donation!
The Tipbox Team.

There was an error submitting your donation.
Please try again.

Please check errors.

$0

Latest Activities

    Open Source Project made with ♥ by @xdamman, @mdp, @tgouverneur, @montogeek, @evilrabbit_
    with the financial support of the Knight Foundation. Hosted in Iceland by Orange Website, free speech hosting provider.

    • Artboard 1

    Security

    This site is using the latest SSL cryptography standard. We don't keep any logs and we don't store any email address or any tips. The tips are directly sent to the email address of the recipient. If the recipient has a PGP key associated to their email address on a public key server, we will use it to encrypt the email end-to-end. If there isn't one, we will still use PGP to encrypt the email from the browser of the user to our email server to avoid man-in-the-middle attacks (as the French goverment did to spy on its own users).

    The unique and private URL of a tipbox has the following format: https://tipbox.is#email/subject/[fingerprint]/signature Since all the information that identifies a tipbox is in the hash, it is never sent to the server. The frontend client reads it and encrypts it with the PGP key of the server before sending it with the content of the tip. This way, even in case of a man-in-the-middle attack, the attacker won't be able to tell which tipbox the user was trying to send a tip to.

    Potential risks

    There is always a tradeoff between ease of use and security (that's why you don't live in a bunker). By not requiring your potential sources to install an app, there is a risk that a hacker could tamper with the files served to them to include a key logger.

    To do that though, the hacker would have to know before hand who is going to send a tip through Tipbox. They will also have to find a way to get in between that user and our server just before the source loads the Tipbox website. Not easy to pull off especially over HTTPS but not impossible.

    That’s why you need to think of Tipbox as a U-lock for your bike: perfect for everyday use but not full proof. Given enough dedication, time and appropriate tooling, adversaries could tamper with it if they know before hand who are your sources. Depending on your threat model, this may or may not matter. It’s all about finding the appropriate tool for the job. That’s why we don’t recommend using Tipbox with sources that are already under active surveillance.

    Any intermediary between the end user and this server (such as your ISP) could record the IP addresses that are connecting to this server. To be clear, that would only reveal who accessed this server, not the actual tipbox, recipient or content of the tip. This could be mitigated by connecting to this site through Tor using this .onion url: tipboxtdf3ydy5xq.onion.

    Sophisticated attackers who could monitor the requests in and out of our server could make statistical analysis of the traffic based on the size of the requests. To mitigate this, we add fake weight to the requests sent to our server. That way, whether your tip is short or long or contains an attachment or not, its size won't reflect its real size and observers can't make any assumption on its content. We also add a random delay between the request to our server and sending the tip to the recipient so that observers can't synchronize logs.

    Another potential security risk would be someone hacking into our server and changing the html/javascript code being served to our users. To mitigate this, we invite you to make sure that the html page and javascript file served by this server are the same than what is available on our public repo. That way an attacker would have to hack both our server and our Github repo which has 2-factor authentication.

    For all those reasons, while Tipbox is making a lot of effort to make it very hard for attackers or any government to spy on who is sending you tips, we can't make any guarantee and you should use this service at your own risk. For high risk whistleblowing, you should better use SecureDrop which has been especially engineered for that purpose or you should require your source to install an app such as Signal for iPhone or TextSecure for Android.

    .

    Send

    New message

    About Tipbox and how it protects your anonymity
    loading...

    Tip sent

    The tip is in da box!

    Your email has been successfully sent. To protect your anonymity, it will be delivered to with a random delay of 10 to 20 minutes.

    You can now close this tab.

    For extra privacy,
    you may consider clearing your browser history.

    About Tipbox

    Tipbox is a free open source service to receive anonymous tips via email.

    We don't keep any logs and we don't store any data. Only the recipient gets the email.

    Ideal for journalists to receive tips or to collect testimonials from certain communities, or for managers to get direct and honest feedback from their team.

    Tips are encrypted using PGP on the client side with the recipient's PGP key if one exists and with the public key of the Tipbox server.

    While Tipbox is making a lot of effort to make this service as robust as possible, we can't make any guarantee. Use this service at your own risk.

     

    • Read more about security
    • Follow us on Twitter