For journalists + newsrooms

Sources should be able to trust you. Your tools should too.

Source confidentiality is your most binding obligation, and the threat model is real. We build infrastructure for newsrooms whose adversaries include state-level actors, well-resourced corporate counsel, and routine credential phishing. Same posture, sized to your team.

What good infrastructure looks like for a newsroom

Most IT vendors treat newsrooms like any other small business: a Microsoft 365 tenant, a help desk, occasional patching. That's not enough. Your threat model includes targeted phishing tuned to specific bylines, supply-chain attacks on commodity collaboration tools, lawful and unlawful demands for source identification, and the very real risk of a former staffer's laptop becoming a source-list disclosure.

We start somewhere different. We design assuming compromise is possible and bound the blast radius accordingly. The result tends to look unfamiliar to general-purpose IT shops — and like a relief to editors who've been doing this work in their head.

What we cover

Concrete capabilities where small newsrooms most often need help.

Encrypted source channels

Self-hosted secure dropbox alternative — without the SecureDrop operational overhead. End-to-end encrypted intake routing to specific journalists, key rotation discipline, anonymous-tip workflows that don't depend on Tor literacy from the source.

Newsroom-aware access discipline

Per-story / per-investigation access scopes. An investigative team's working files are visible to that team only — not to the metro desk, not to legal until it's time. Onboarding/offboarding scripts that don't leave a former freelancer with stale source access.

Document handling with metadata discipline

Workflow that strips metadata before publication, preserves it for verification audit trails, and treats document-level access as a first-class concept. Designed for the moment a leaked PDF needs to be cleaned without losing the chain-of-custody record.

Endpoint hardening sized to your staff

Threat-modeled laptop + phone configurations: full-disk encryption, application allowlists, USB policy, DLP. Tuned to your reporters' actual workflows — not enterprise theater that gets disabled the first time it blocks a deadline.

Tor + onion publishing

Secondary publication channel via Tor onion service. Submitted as part of standard infrastructure, not a side project. Your readers in countries where the clearnet site is blocked still reach you.

Subpoena-ready records discipline

Logs, retention policies, and access trails organized for the moment legal calls. Documentation that survives a subpoena response, a 230-c-2 takedown demand, or a Pulitzer-side records request. We know which evidence each reviewer wants because we have prepared this kind of dossier before.

Why newsrooms come to us

Source confidentiality is a property of the architecture, not a promise.

Most vendors say they take source confidentiality seriously and ask you to take their word for it. We design pipelines where the promise is verifiable from the architecture — where the answer to "could this system have leaked the source list?" is sometimes "no, by construction" instead of "let me check the logs."

When something goes wrong — and infrastructure eventually does — your incident response is shorter because the blast radius was bounded by design. When legal calls, you have answers your IT vendor can defend in writing.

Engagements scope-limited to what we agreed to touch — no roving access to your source list or working files.
Configuration changes proposed in writing before they ship; nothing changes silently.
Documentation that survives a personnel change at our shop or yours.
Plain-English explanations of every choice, so editorial leadership understands what's in place and why.

How an engagement starts

There's no template. Every newsroom we work with starts with a different bottleneck — a recent phishing campaign, a pending subpoena, a beat that suddenly needs onion publication, a Slack workspace that became a de-facto source list. The intake conversation is short; the proposal that follows is specific.

  1. 1

    Threat-model conversation (no commitment)

    A 45-minute call about your beat, your sources' adversaries, your current pain. We sign a mutual NDA before; we leave with enough to write a real proposal.

  2. 2

    Written proposal

    Specific scope, specific deliverables, specific price. We adjust to grant cycles where applicable.

  3. 3

    Implementation + handoff

    We do the work; you get documentation that lets your next vendor (or in-house technologist) run it without us. Optional ongoing retainer for monitoring + incident response.

Ready to talk?

Tell us what's on your plate — even if you're not sure whether it's an IT problem yet. The first conversation is free, the NDA is mutual, and we'll tell you if we're not the right fit.

Or write to team@plausiden.com · 978-351-6495