Full Report
Amber Scorah and Psst are building a “digital safe” to help people shine a light on the bad things their bosses are doing, without getting found out.
Analysis Summary
# Main Topic
The development of "Psst," a technological initiative co-founded by Amber Scorah, designed to function as a secure, digitally anonymous platform for whistleblowers, primarily within the tech industry and government, to expose malpractice by their employers without fear of identification.
## Key Points
- Psst functions as a non-profit organization focused on enabling secure information sharing.
- The core offering is a "digital safe"—an anonymous, end-to-end encrypted text box hosted on Psst.org.
- The platform is intentionally limited to accepting text entries only, explicitly excluding document uploads to increase operational security (OpSec) and make tracing the source more difficult.
- The motivation stems from observed "playbooks" used by powerful entities to discredit and ostracize individuals who expose negative information.
## Threat Actors
- **Adversaries/Subjects of Exposure:** Powerful entities within the tech industry or government institutions that engage in actions warranting exposure by insiders.
- **Attribution/Analysis:** Amber Scorah notes a recurring playbook used by powerful entities attempting to suppress information and discredit informants.
## TTPs
- **Exfiltration Technique:** Anonymous, end-to-end encrypted submission via a web-based text box.
- **Constraint TTP:** Prohibiting document uploads to prevent metadata analysis or forensic tracing via attached files.
- **Response TTP (Observed Post-Exposure):** Discrediting the whistleblower and leveraging community pressure (ostracization).
## Affected Systems
- **Whistleblower Systems:** General workplace systems within the tech industry and government sectors where employees feel compelled to report wrongdoing.
- **Reporting Mechanism:** Psst.org web interface (anonymous end-to-end encrypted text box).
## Mitigations
- **For Organizations Being Exposed (Defensive Countermeasure):** Scorah's observation suggests that organizations attempt aggressive reputational damage and internal/community isolation against informants.
- **For Whistleblowers (Protective Measures):** Utilizing Psst for secure, anonymous communication; leveraging features that allow specification of anonymity levels and information usage rights.
## Conclusion
Psst represents a novel defensive mechanism against organizational suppression, providing structured anonymity for whistleblowers targeting powerful entities in the tech and government spheres. The threat intelligence focus here is proactive security for potential source disclosure, mitigating the established adversary tactic of discrediting sources through controlled input formats (text-only submissions).