Comment by LeifCarrotson

I don't want to sound like a tinfoil hat wearer, but there's a lot of trivial data that a leaker could/should guard against. Multi-layer PDFs and their metadata. Microsoft Office metadata. Photograph EXIF data. Tracking cookies. File access logging. Print job logging. Printer microdot steganography. Traffic and license plate cameras. Cell tower connections logs. Email headers. Windows event logs.

Many of these can be circumvented through the use of tech like VPNs, Tor, or GPG, and through careful behavior such as scrubbing metadata and the use of burner phones/laptops, cash, and public internet connections. And we're not even getting to the level of wireless carrier, home ISP, or NSA web activity tracking, NSA Tor exploitation, or zero-day exploits. Furthermore, this assumes that the documents themselves are not themselves subject to punctuation, word replacement, typesetting, or other content steganography. Should The Intercept be responsible for ensuring that its sources adhere to safe leaking behaviors? They probably should, at some level.

But what if - as I'm reading here - The Intercept got an email from reality.winner@nsa.gov, subject "NSA Report on Russia Spearphishing.pdf", body "Hey, I was browsing some stuff out of curiosity in our SCIF and thought this study might be useful to you. I printed it off and smuggled it out in my purse, then scanned it and attached it to this email. Please publish it so the American people can know what's really going on. Hope this helps! -- Reality". There's not really any point to worrying about printer steganography, protecting your IP address, or GPG at that point.