A self-hosted, anonymous tip line

Hey everyone, I’m excited to share a project we’ve been working on called Hush Line. We started this at Science & Design this year, aiming to provide a platform for secure, anonymous communication. It uses public PGP keys, Tor, HTTPS, and SMTP to encrypt messages and keep the sender’s identity a secret.

We’ve designed Hush Line to be versatile and user-friendly. It’s great for journalists who need anonymous tips, employers who want confidential feedback, and educators looking for a safe communication line for students. Plus, it’s super important in places where free speech isn’t always a given. It provides a secure channel for sharing sensitive information without the fear of compromising your identity.

What sets Hush Line apart is its simplicity. We’ve chosen to make it a message-only service, which helps avoid the security risks that come with file transfers. There’s no need for senders to download software, generate keys, or create an account. For the receiver, installation is a cinch with a setup wizard that takes care of everything from Nginx configuration to auto-renewing Let’s Encrypt certificates. I’d love to have more of you in the open-source community join us in making Hush Line even better, and helping to make digital communication safer and more secure for everyone.

Check it out at:

@scidsg ,
Hi Glenn,
I had a brief look.
My initial understanding is it automates sending of encrypted messages by email
Is that a correct impression?


I spent 15 minutes but could not find where the comments are listed. I posted a comment to see if I could find it, but I could not figure out how to see the comments.

There are issues on the Github site… only 2 entries by the owner.

Thanks for the feedback. You won’t be able to find the messages because they’ve been send to the owner of the tip line. I made an update to the UI last night to help address this. Now, the identity of the person sits on top of the text area, reinforcing the proximity relationship.

Does this help?

Perhaps more clarity can be added. The app allows someone to self-host a private tip line. The messages submitted are encrypted to the site’s owner and emailed to them.

1 Like

Right… that is what people need… a one-liner that says what it can do for them.

That’s interesting. Thanks for sharing.

How does it handle spam? Because if there is no spam protection, it will be flooded with bot messages in no time.

1 Like

The onion-only deployments are insulated from that, but yes, the public web forms can receive some spam. From the one that’s been running for over a month I’ve gotten 3-4 spam messages. I’ve thought of including a CAPTCHA or something similar, but haven’t decided the best route.

I updated the intro of the public site to mention that it’s a self-hosted product, and implemented a new feature to load a random heading from a predefined list.

1 Like

I think spam also depends on website traffic and stuff. Recently I put up a form without any spam protection and it got me thousands of bot messages.

1 Like

What did you use to help with the spam?

I changed the form plugin :wink:

But you can add the option to include hcaptcha vs turnstile in your product.