The short answer is stark: 0% of the contact-form implementations we could assess demonstrated every control in our observable security standard.

The practical answer is more specific: most forms were not failing one exotic cryptography test. They were failing ordinary intake hygiene that a non-expert can understand.

• 19 of 20 forms gave other-domain JavaScript access to the form frame. This does not prove those scripts collected the message, but it means they had the technical position to read what a person typed.
• 9 of 20 forms failed the full submission-route check. Every form page used HTTPS, but only 11 also submitted to an HTTPS destination with POST.
• 1 of 20 forms sent typed data before submit. MediaTek’s form sent the synthetic email address to HubSpot’s forms.hsforms.com/emailcheck/v1/json-ext endpoint before we clicked send. We did not observe the synthetic message body, name, or phone number sent cross-site before submit.
• 17 of 20 forms avoided required high-risk identity fields. Three required fields such as phone number or detailed business identity before a user could complete the form.
• 0 of 20 forms published specific evidence of browser-side or end-to-end message encryption. HTTPS is useful, but it does not prove ciphertext storage or recipient-only access.
• 3 of 20 forms surfaced retention or deletion language on the assessed page.

Hush Line exists for moments when a person needs to disclose sensitive information without being exposed by the tool that was supposed to protect them. That changes how crypto modernization has to be designed and described. The goal is not to chase new primitives for their own sake. The goal is to preserve the whistleblower's path to a trusted recipient while reducing the harm caused by database exposure, key-management mistakes, migration failure, or unclear security claims.

This whitepaper updates the May 28, 2026 crypto modernization paper. The original version correctly separated shipped work from planned work at that time, but it is now out of date. The current implementation completes the encrypted-field modernization scope: Hush Line has a production-capable AES-256-GCM encrypted-field envelope for new writes, a code-owned AAD contract, dual-read compatibility, schema readiness checks, migration tooling, rehearsal evidence, release gates, and test coverage.

An independent journalist, public-interest lawyer, or organizer does not always need to self-host a tip line. In many cases, the easier path is the better one: create an account, finish setup, and publish the address. But some independent recipients have a different requirement. They want a reporting system that they control more directly because trusting shared third-party infrastructure is itself part of the risk.

That is the narrower job Hush Line's Personal Server is built for. The device gives one recipient the full Hush Line platform as a self-hosted, Tor-only tip line that runs locally. For someone handling sensitive outreach from a smaller but higher-risk community, that changes the deployment model in a concrete way: the system is no longer just an account on a shared service. It becomes a dedicated device on the recipient's own network, with end-to-end encrypted, anonymous, 100% local intake.

Small law offices often do intake when the office is effectively closed. A potential client sends a sensitive message after midnight, a paralegal reads it the next morning, and an attorney may not decide until later whether the matter fits the practice, needs a faster response, or should be directed elsewhere. That creates a coordination problem as much as a communications problem. If intake lives in a shared mailbox or a loose chain of texts, it becomes easy to lose track of what has already been reviewed and what still needs a decision.

Hush Line fits that kind of work because it gives the office a dedicated inbox for incoming messages and lets the team organize them by status. The docs also describe custom replies tied to statuses such as accepted or declined, so the office can send a clear one-way response with next steps when needed. That is useful for legal intake because many firms do not want to run prospective-client screening as an open-ended chat inside the intake tool.

For journalists, lawyers, and administrators, the hardest part of launching a secure intake channel is often not deciding to do it. It is getting the recipient account ready before the first message arrives. If encryption setup feels fiddly on day one, people delay launch, postpone testing, or publish the link before the account is fully prepared.

Hush Line reduces that friction during onboarding by letting recipients import a Proton public key directly from Proton instead of manually exporting and pasting a PGP key. That keeps the setup path shorter while preserving the strong default that messages should be end-to-end encrypted before a tip line is shared publicly.

When people evaluate secure reporting tools, they usually talk about encryption, anonymity, or whether a service supports Tor. Those things matter. But organizers and activists often run into a different problem first: if the interface is uncomfortable, confusing, or hard to use on a phone, people stop using it when the pressure is on.

A board committee or ethics office can do a lot of internal preparation before launching a public reporting channel: decide who monitors it, review policy language, and agree on escalation paths. But the first practical test often happens earlier. A whistleblower opens the page and has to decide, in a few seconds, whether this is the right place to report and whether the organization behind it looks prepared to receive a serious message.

That is why launch work should not stop at creating an account. Hush Line gives recipients a shareable public tip line, profile setup fields for identity and supporting links, support for custom onboarding and whistleblower guidance, and custom branding that can make the page feel like an official part of the reporting program. Together, those features help employers, boards, and ethics offices set expectations clearly before the first message is typed.

Investigative reporting often starts with imperfect source material. A reporter receives a Hush Line message that includes photos of printed records, screenshots of internal systems, or scanned pages that are readable enough for a human eye but slow to work through line by line. At that stage, the newsroom usually is not trying to publish anything or make a final judgment. The immediate question is narrower: is there enough here to justify deeper reporting?

Hush Line's Vision Assistant fits that first-pass review well. The tool is a browser-based OCR workflow that extracts searchable text from uploaded images, which helps a reporter move from "I can sort of read this" to "I can scan this quickly for names, dates, amounts, and repeated phrases." Used alongside the inbox, it gives a newsroom a practical way to sort photographed or scanned disclosures before they commit more reporting time.

For lawyers, secure intake is only the beginning of the problem. A matter that starts with one sensitive disclosure may stay active through internal review, negotiation, regulatory contact, or litigation planning for a long time after the first message arrives. As that timeline stretches, the office needs more than a safe place to receive the initial report. It also needs a reliable way to preserve its own operational records and move them when internal systems, staffing, or case files change.

Hush Line's documented data-download feature is useful in exactly that situation. The platform lets the account holder download a complete copy of account data as a ZIP archive from Settings > Advanced, without waiting for approval or opening a support request. For a law office using Hush Line to receive sensitive outreach, that makes the reporting record more portable over the life of a matter instead of leaving it trapped inside one web session.

Universities rarely have just one kind of sensitive report to receive. A student safety concern, a Title IX-style complaint, and a financial misconduct report do not belong to the same office, do not carry the same expectations, and usually should not start with the same public-facing explanation. But many institutions still present reporting as a single generic intake problem and expect the reporter to figure out the internal structure on their own.

Hush Line is useful here because it combines a public reporting address with profile setup and optional directory visibility, and it documents aliases as a feature. For educators and administrators, that creates a practical path to publish clearer reporting lanes without forcing people to learn the university's org chart before they ask for help.