Our server strips CF-Connecting-IP, X-Forwarded-For, and every other header that could identify your network before any code reads the request. The server has no path to disk for that data — even if our database were stolen, it would not contain a single source IP.

Our web server logs are off. Our application logs are off. We do not run analytics. We do not load Google Fonts or any third-party script that could fingerprint your browser. We use Referrer-Policy: no-referrer so the page you came from is not passed to us either.

Your message and your files are encrypted to an operator key the moment they arrive. They live at rest only as ciphertext.

Reading the contents requires the operator’s private key. Operators decrypt either on their own workstations using a local decryption daemon (key never leaves their machine) or, when working from a phone or tablet, through an authenticated session on our operator console (key held on a hardened server, only released to an operator who is signed in via passkey).

What this means for you: if the public-facing server were seized or stolen at rest, the contents would still be ciphertext. A determined adversary who fully compromised our operator console could read past material. We disclose this honestly because the alternative is a promise we can’t keep with a small team working from multiple devices. If you require the absolute strongest protection, mention it when you write to us and we will handle your material from an offline machine only.

You don't sign up. You don't pick a password. You receive a session code (format: BL-XXXX-XXXX) that's yours to use for seven days. After that the code expires automatically. No account means no credentials to leak, no recovery flow to compromise, no identity for anyone to subpoena.

Photos, videos, and PDFs carry hidden metadata: GPS coordinates, device serial numbers, timestamps, the user account that created the file. We can't see that data inside an encrypted blob, but anyone we eventually share the file with might. On a Mac: right-click → Get Info → look for "More Info." On Windows: right-click → Properties → Details → "Remove Properties." For PDFs: exiftool -all= file.pdf if you have it. If unsure, mention it in your message — we'll handle it before any publication, but it's safer if it never leaves your device.

The strongest protection is silence. Don't tell colleagues, family members, or partners. Don't write about it in a journal that could be subpoenaed or seized. Don't search for it on a personal device. If you must discuss the situation, do so verbally and in person, with someone who has no professional connection to the institution involved.

When you submit, you'll see a code like BL-7K2P-QXM4. Write it on paper somewhere not connected to your devices. Don't put it in a notes app, password manager, or anywhere it could be backed up to the cloud. The code is the only key — if you lose it, the thread is gone to you.

The United States has whistleblower protection statutes for many categories: federal employees (Whistleblower Protection Act); financial-sector employees (Dodd-Frank, Sarbanes-Oxley); state and local government employees in many states; protections against retaliation for reporting violations of public-record laws. Black Lamp is not your lawyer. If your disclosure has legal complications, consider speaking with a whistleblower attorney before submitting. The Government Accountability Project, the National Whistleblower Center, and the Lawyers' Committee for Civil Rights Under Law all offer initial consultations.