[VexXtreme]

That's a very good point. Perhaps being overseas is not an option. In that case, I guess the best she could do is use a disposable OS (Tails) and VPN at the time of posting sensitive information online, and never use her whistleblower identity/handle outside that very narrow context.

Some newspapers (correct me if I'm wrong, I think it was NY Times) have even started running an .onion website where people can leave so called "dead drops".

[monochr]

>VPN

Are a terrible idea. You need to trust the operator that they won't screw you by keeping logs. Since these are centralized they are always at the whims of cartels and the like. Just stop and think for a second if you won't give everything you have to them if they took your children hostage as an extreme example.

The only way to deal with a situation like the one in Mexico is to get the whole community to use something like Tor. The cartels already are so they can't kill all such connections, and if everyone uses it all the time then you can't target anyone for using it. The reporters are protected by the crowd they hide in.

This is the same reason why tor isn't blocked in the first world. It gives all the alphabet soup agencies proper anonymity that doesn't raise red flags when used in other countries which might not be friendly.

[VexXtreme]

Yes, I agree with everything you said. When I said VPN, I actually meant Tor (and even mentioned it in my original post), because the concept seems to go over some people's heads.

[blorgle]

If the ISP is compromised by the cartels as you say, then this would just leave her open to correlation attacks (e.g. "who was using Tor at time X in city Y?").

Opsec is not a simple matter, as the death of this woman shows and people like the grugq try to explain.

You need serious technical nous to get it right.