If you intend to submit information to New York Times’s SecureDrop, we recommend that you compare the .onion address provided on the organization’s landing page to this one nyttips4bmquxfzw.onion and verify that the addresses match before continuing. This provides a strong layer of defense against certain types of attacks that might try to trick you into visiting a malicious SecureDrop instance masquerading as a legitimate one. We recommend reading the Source Guide for more comprehensive documentation on SecureDrop usage and risks.
If you encounter a mismatch, make sure to report an error here. This could be evidence of an attempted attack, or it could be a simple failure to communicate between an organization running SecureDrop and Freedom of the Press Foundation. In either case, we will investigate the matter and establish a path to resolution.