Before you do anything else,
read this page completely.

We protect people who report corporate tax fraud. But we can only protect you if you follow the method — and the method starts before you contact us. Nothing in this guide is difficult. It takes patience, pocket change, and the discipline to do things in the right order. That's all.

Stop. This is the most important part.

Do not photograph anything. Do not copy any files. Do not email anything to yourself. Do not search for whistleblower, IRS, tax fraud, or anything related on any device connected to your name. Do not tell anyone.

We know you want to act — that's why you're here. But the information you've seen at work will still be there next week and next month. The only thing that is urgent is not making an irreversible mistake right now. Read this page. Follow the steps. Then we'll tell you exactly what we need and how to get it to us safely.

Section 01 — Why this matters

Your company monitors more than you think.

Most corporate networks log web browsing, email content, file access, USB connections, print jobs, and application usage. Many use Data Loss Prevention software that flags keywords and attachment types in real time. Some monitor personal devices connected to company wifi. This is standard enterprise IT — not special surveillance. It's running right now.

The logs are typically retained for years. Nobody reads them routinely. But if an IRS audit begins and your company suspects an internal source — and good companies with good lawyers always consider the possibility — they will search those logs retrospectively. They will look for anyone who accessed unusual files, searched unusual terms, or emailed unusual attachments in the months before the audit began.

Your goal is simple: when they look, there is nothing to find. Not because you hid it well. Because you never used any system they can see.

The techniques companies use to trace internal sources are well-documented and predictable. The method we give you is built to defeat every one of them. Follow it and there is nothing to find.

Section 02 — What never to do

These are the mistakes people make. Every one is irreversible.

Never search for anything related to whistleblowing, the IRS, or tax fraud on a work device. Not even once. Not in an incognito window. Incognito hides history from the browser, not from the network. Your company's proxy server logs the request regardless.

Never search for these topics on your home computer or personal phone. Search history syncs across devices through Google, Apple, and Microsoft accounts in ways most people don't understand. If your employer ever obtains a court order — unlikely but not impossible — personal devices could be examined. Don't create something to find.

Never email documents to your personal address. This is the number one mistake. Corporate DLP systems are specifically built to catch this. Even if it isn't flagged immediately, the record exists permanently in sent items, the company email archive, and the recipient server's logs. It is the first thing a forensic investigator looks for.

Never copy files to a USB drive. Most corporate systems log USB connections by device serial number. Some disable USB storage entirely. The log entry persists whether you notice it or not.

Never print documents you don't normally print. Print jobs are logged by user, filename, timestamp, and sometimes content. Worse: many colour printers embed invisible tracking dots — microscopic yellow dots encoding the printer's serial number, date, and time on every page. A printout can be traced to the exact device and the exact minute.

Never access files you don't normally access. If your role involves AP reconciliation and you suddenly start opening transfer pricing agreements, that anomaly is visible in access logs. Use only what comes across your screen in the normal course of your work. We will tell you exactly what we need — and if it's not something you'd normally see, we'll find another way to get it.

Never discuss this with anyone. Not your partner. Not a trusted colleague. Not a friend. People talk — not out of malice, out of human nature. The only people who know are you and us, and we don't know who you are. Keep it that way.

If you've already done any of these things, don't panic. Contact us and tell us. We can work with situations where mistakes were made early. It changes the approach but it doesn't necessarily end the process. What matters is that you stop now and follow the method from here.

Section 03 — Your clean device

One phone. Eighty pounds. Cash. That's the whole toolkit.

This phone does two things: it photographs documents on your screen at work, and it connects to our secure channel. It never does anything else. It is never connected to any account or service associated with your name. It is the only piece of equipment you need, and the only thing standing between you and complete invisibility.

The spec — keep it simple

Device Any basic Android smartphone. Samsung, Nokia, Motorola — doesn't matter. £60–100 range. It needs a camera and wifi. Nothing else.
Where A high-street shop or supermarket. Pay cash. Not online, not with a card, not from a store where you have a loyalty account.
SIM Don't put one in. No SIM means no phone number, no carrier record, no cell tower logs, no traceable identity. The phone works on wifi alone — that's all it needs. A SIM of any kind makes the device traceable. Without one, it's just an anonymous object on a public network.
Setup Don't activate at home. Go somewhere with public wifi — a café, a library. Create a throwaway Google account with no real information. Don't install any personal apps. Don't sign into anything you use on other devices.
Settings Turn off location services. Turn off automatic wifi connection. Turn off cloud photo backup. Turn off voice assistant. Five minutes in the settings menu.
Storage When not in use, turn it off. Keep it somewhere not associated with you — a locker, a trusted friend's drawer. Not your home, not your car, not your office.

This is the method that works. It is built on how source-tracing actually operates in corporate investigations — the techniques are known, documented, and predictable. This approach defeats every one of them.

Section 04 — The sequence

Do these things in this order. Not before. Not in parallel.

The most common mistake isn't a technical one — it's impatience. The impulse to act immediately is natural. Resist it. The information isn't going anywhere. The intercompany agreements will still exist next month. Doing this safely matters infinitely more than doing it quickly.

You're here. Finish reading this page.

Save it as a PDF if you want — use the button at the top. Read it again tomorrow. Be certain you understand the method before anything else.

Get the clean phone.

Follow Section 03. Take your time — a week, two weeks, it doesn't matter. Buy it when you happen to be near the right kind of shop. Don't make a special trip that shows up in your travel patterns.

Set it up away from home.

A café you don't regularly visit. Not the one next to your office. Disable the settings listed above. Install only the secure messaging app specified on our contact page. Nothing else.

Now make contact.

From the clean phone, on public wifi. Tell us about the company and the transactions. We know what questions to ask. We'll guide everything from here.

Now — and only now — we tell you what to gather.

We will tell you precisely what to photograph, when, and how. We know what the IRS needs to see and we know what will make them act. Don't freelance this part. Work with us, over the secure channel, and do it right.

Section 05 — When we ask for photographs

We'll tell you what we need. Here's how you'll do it.

You'll photograph your computer screen at work with the clean phone. Not print, not copy, not email — photograph. This leaves no trace in any corporate system because no corporate system is involved. The camera never lies, and it never logs.

Only photograph documents you encounter in the normal course of your work. If you routinely see intercompany schedules, fee allocations, or transfer pricing reports — those are what we'll ask for. If you don't normally access something, we won't ask you to start. We'll find another route. That's our problem, not yours.

Why screen, not paper

Many colour laser printers embed microscopic yellow dots on every page — invisible to the naked eye, encoding the printer's serial number, date, and time. A printout can be traced to the specific device and the exact minute it was produced. A photograph of a screen contains none of this. This isn't paranoia. It's a known, documented tracking technology that companies have used to identify sources.

Photo metadata

Digital photos carry hidden data — device model, GPS coordinates, timestamps. You've already turned off location tagging in the phone's settings. As a second layer, we automatically strip all metadata from every image we receive before it goes anywhere. Belt and braces.

Photograph at a moment that looks natural. During normal working hours, at your normal desk, while the document is on your screen for a reason your job explains. Not at midnight. Not from a colleague's workstation. Then put the phone away. You're an employee looking at a screen. That's all anyone sees.

Section 06 — Then you wait

We handle everything from here. You go back to your life.

Once we have what we need, your active involvement is over. We construct the case and our licensed tax advocate files the Form 211 with the IRS Whistleblower Office. The advocate manages the legal process through to resolution. That takes time — typically three to seven years. The IRS is thorough and it moves slowly. That's a feature, not a bug — it means distance between your information and the eventual audit.

During that time, you do nothing different. Go to work. Do your job. Don't watch for signs of the investigation. Don't check news about your company any more than you normally would. Don't revisit this website. There is nothing to connect you to anything, and the longer that remains true, the safer you are.

We'll keep you informed through the secure channel. When there's something to tell you, we'll tell you. When there isn't, silence is normal. Don't worry about it.

When the case concludes and you've been paid: factory reset the phone. Dispose of it in a public bin somewhere you don't normally go. There is now no physical object connecting you to any of this. There never was a digital one.

Before you make contact

Confirm each of these. Then you're ready.

This checklist runs in your browser only. Nothing is transmitted. Nothing is stored.

I have not searched for any related terms on any device connected to my name
I have not emailed, copied, printed, or removed any documents from work
I have not discussed this with anyone
I have a clean phone purchased with cash, not linked to my identity
Location services, cloud backup, and voice assistant are off on the clean phone
I am on the clean phone now, on public wifi, not at home or work
I understand this process may take years, and I'm prepared for that

Careful people don't get caught.
You're already being careful.

The method is simple. The discipline is what matters. If you've read this far, followed the steps, and ticked every box — you're ready. We'll take it from here.

Open secure channel Back to main site