WHISTLE

Anonymous AI whistleblower pipeline. Ephemeral Ed25519 keys, layered redaction (TRIPWIRE secret-scrub + k-anonymity floor + stylometric refusal), routing to ProPublica / Bellingcat / 404Media / EFF Press. SecureDrop for the AI era.

Anonymity is best-effort, NOT absolute

The ephemeral key + redactor protect against trivial deanonymization (key reuse, accidental secret disclosure, obvious stylometric leaks). They do NOT protect against:

timing / IP-layer correlation by a determined adversary even with Tor between you and the ingestion endpoint
stylometric attacks against truly small populations — a unique-enough phrase identifies a small-team source
file metadata / EXIF — the redactor does not strip those
US Computer Fraud and Abuse Act / UK Computer Misuse Act liability when the evidence comes from inside a vendor

Read the package README before submitting. Speak to a lawyer first when filing in the policy-violation or safety-incident categories with vendor-internal evidence.

CLI

pluck bureau whistle submit ./bundle.json --category training-data --routing "propublica,bellingcat" --manual-redact "phrase to remove"
pluck bureau whistle verify <rekor-uuid>
pluck bureau whistle route <submission-uuid> --add-target "https://desk.example/api/whistle" --add-id desk-example

Predicate URI

https://pluck.run/WhistleSubmission/v1