Avoid using company devices for any of that effort. 

Even something that might seem small — for example, using work resources like Slack or other collaborative messaging platforms — it’s best to avoid using these tools, even if just to plan a time and place to meet with colleagues to discuss things. While it may be tempting to use business resource groups or affinity groups as a place to voice concerns and vent issues, it’s best to separate the workplace-provided services from where you vent or organize.

It’s also important to educate yourself on the basic tradecraft of whistleblowing. The things that will keep you safest involve discipline and consistency. Basic checklists are very helpful, hence the format of this guide.

Be aware that all laptops leave a log of external devices (USB drives, fobs, etc.) that are plugged into them. Printers keep records of document names and who printed them, and when. “Endpoint” security tools may measure the size and time data is moved off or onto work devices.

One of the best ways to capture a chat or email is to take a photo or even video of it onto a personal device such as a mobile phone. When taking a photo or video of a computer screen, be sure to limit reflections off the screen which may reveal your face or things around you. Taking the photo or video in a neutral place helps; so does using a privacy screen that limits reflections. If information must be captured off a device, consider using encrypted and private web tools like standardnotes.com, wire.com, and send.tresorit.com. When visiting these sites, note that work networks and computers often log all sites you visit.

Once some electronic evidence is captured, it helps to get an irrefutable “receipt” or fingerprint of the file. To do this, use hashing software like Quickhash. Quickhash creates a fingerprint of any written text or files (image, video, etc.). Any change to the text or file would create a different hash. The hash looks something like “AAF4C61DDCC5E8A2DABEDE0F3B482CD9AEA9434D” and can be posted on a public website, personal email to a friend or yourself, etc. You can even drop it on social media with no explanation. In the future, this can be used to prove the file or written text was in your possession as of a certain date, thus verifying its authenticity. 

On the personal front, one important thing is to avoid paranoia. Repeat a mantra reminding yourself why you are doing this, and breathe to center yourself. It’s about trusting your gut, and following up on things while staying mindful and calm. It’s easy to make human errors with your technology when you are stressed or anxious. Some tips to keep your mind clear and stay calm are to practice “box breathing” (or “square breathing”). Also, some find the “333” approach helpful: look at three things near you and focus on them, listen to three sounds near you and focus on them, then move three body parts (an example is, if you are physically able to, tapping your forehead, wiggling your toes, and then moving your arms).

There is a fair amount of “gaslighting.” Defend against retaliation by being prepared. There have been cases when an employer/corporation realized actions were taking place but took many business quarters to retaliate, reacting when it’s no longer expected. Stay vigilant, as there can be a “delayed response” to employee activism or whistleblowing. When a claim is made by a worker, it often triggers an investigation. Even if it’s about someone or something else — for example, if you noticed something between two coworkers, all three of you may be investigated. It’s all about what policies investigators follow. 

• If planning to meet with coworkers, form your own meeting groups and times, places, in locations outside of the workplace. Don’t think in terms of departments, business resources, or affinity groups.

• Documentation is key. Learn how to export Whatsapp messages, Signal backups, and screenshots.

• Practice making a hash to generate a unique fingerprint of text you type or files you have.

• All emails are warehoused and can be scanned for keywords, profanity, or emotional sentiment.

• All email subject lines are easily searchable and a copy is often stored indefinitely, depending on the corporate data retention policy.

• Avoid using collaboration platforms (e.g., Slack) owned or paid for by your employer, especially when voicing grievances or organizing with like-minded colleagues.

• Avoid plugging external drives and USB flash drives in work computers if you intend to move evidence of wrongdoing onto them.

• Take photos or videos of incriminating evidence with your personal mobile phone. 

• When accused of wrongdoing, some employers will contract groups skilled in poking holes in your reputation and credibility. It’s okay to clue in friends, ex-partners, and family (all common targets) to be cautious with whom they share information, once/if you go public.

• Not all colleagues are in the same place on their journey to shed light on abuses that they witness. Be patient and compassionate with co-workers.

• Fragment communication between what’s typed, what’s spoken, and what’s written even in the same conversation to foil audio bugs, CCTV cameras, and some forms of laptop surveillance.

• For anonymity when organizing from a laptop or phone, use a VPN. It also makes sense to use a public wi-fi network (electronic store, mall, coffee shop, park, etc.) Avoid your home internet connection and never use work internet.