I spent time having video calls with LEOs, intelligence agents and military folks over the course of the past 6-9 months. I saw how broken and disjointed and tribal power has become within the world of American authority.
I now know things about how the US government and military work that I feel the public should know.
I could write a book or make a YouTube video. But both of those are to inflexible and risky. I want to spill the beans in a much more permanent and effective way. I would like to help the public understand what is really going on behind the scenes, as best as I have seen.
Could also put it in the mail
A thumb drive in the mail, sure. Too many things can go wrong printing off the docs and mailing those.
SD card. Thumb drives are too easy to have malware. Nobody should plug in an unfamiliar thumb drive.
There’s zero functional difference between an SD card and a USB stick as far as malware. Don’t plug in any unfamiliar data storage device.
Not true. A USB device can emulate a keyboard and execute almost anything with no user action, just plugging it in. A bare SD card can’t do that.
Most SD card readers are just USB adapters. Even inside of most computers, they are just attached to an internal USB header.
Yes. Thats a trusted device that you already have. The data on the card cant change the behavior of your card reader. However a new unfamiliar UBS device could contain malicious hardware.
Anyone with half a brain that receives an unknown data storage device is going to plug that in to an air gapped computer, preferably running a linux distro, and a base install with basic tools and AV software to look at a potentially damaging device and hopefully clean it. If it does contain malware that successfully wrecks the computer, just wipe and reinstall. Better yet if it has a CD drive so no malware can infect the reinstallation media/live install.
Generally news orgs and the like who have a real reason to receive a thumbdrive with important docs from random people will have a method of mitigating the risk. For example, a former client who was a tax preparer had a dedicated laptop which was firewalled off from the network and could only access a document web portal to upload files from the flash drive as their mitigation strategy
Turn it into a waveform and sing it to a pigeon?
My preference would be to upload to SecureDrop (thanks @quick_snail@feddit.nl I forgot the name of the service) and be done with it.