I currently serve as a Senior Technology Advisor at the Federal Trade Commission, in their Office of Technology. I use my prior expertise in software, technology, and investigative journalism, to support agency investigation and litigation efforts, policy and research initiatives, and public engagement work. While much of my work is non-public, I have co-authored or contributed to agency blog posts relating to privacy enhancing technologies, open-weights AI models, digital security vulnerabilities and ways to prevent or mitigate security risks.

I previously spent ten years at ProPublica, as a self-described “hacker-journalist.” My work touched on many parts of the organization's mission, and I worked in several roles to support the organization's investigative journalism work.

I spent several years as a News Applications Developer (read: programmer-journalist), working on news applications, data analyses, and investigative reporting. I covered topics such as pharma payments to doctors, election security, healthcare data breaches, wasteful military spending, and spyware technology.

I later served as Lead Product Developer, an engineering role centered around site infrastructure/reliability, internal workflows and tools, digital security strategy, journalist source protection, and providing new ways to keep our readers safe.

I’m also a volunteer core contributor to the Tor Project. I was the original developer of Onion Browser, the open source Tor-powered web browser for iOS. I don’t actively work on mobile application development these days, but I continue to publish Onion Browser with the help of a great team, and I remain active in the censorship circumvention / online anonymity / digital privacy / cybersecurity spaces. As alluded to above, I helped deploy ProPublica’s onion service, and have helped other organizations deploy their own.

I’m a core developer of several open-source tools that help people stay safe and private online, or help citizens use public data and help governments work more transparently.

Besides Onion Browser, the most notable other one is probably Tabula, a tool to extract data tables from PDF files. The project was launched in 2013 and it continues to be used by data analysts and journalists around the world. As of 2022 it’s also available as a plugin for the DocumentCloud platform.

I share a lot of my work: I open-source a lot of code at 0xacab and GitHub. I was formerly an adjunct instructor at the New York University Studio 20 digital journalism program. (In 2018, my students won a Regional Emmy award for their semester multimedia project.) I also participate in conference panels, talks, and workshops, where I teach people about threat modeling, encryption tools, and journalistic data analysis.

Other bits:

  • Sometimes I take pictures.
  • I’m an FCC-licensed amateur radio operator (callsign: NX3S), though I’m not active at the moment. Some info is over on my QRZ profile.
  • I used to do autocross & other motorsports activities with a Volkswagen Golf R, but have since sold the car and moved onto other pursuits. I used to post car stuff on Instagram and YouTube.
  • I like to buy up weird old stamps in bulk and use them (rather than collect them). I send a fair bit of snail mail, including postcards. (Send me mail!)

Elsewhere: You can find more work & snippets at 0xacab, GitHub, or my old ProPublica staff page. Other work updates are on LinkedIn.

If we're friends, you can find me socially on a few networks like: Bluesky, Mastodon/the Fediverse, Strava, Instagram, or others. Please reach out directly if you can't find my account. (Note that most of these profiles are private, and I reject requests from people I do not know personally.)

Talks, Panels, Sessions, Workshops

A small subset of events I’ve participated in, since 2013:

Full list:

  • 2023 NICAR Conference
    • Session: Security Research for Stories [slides]
  • 2020 NICAR Conference
    • Session: Digital security hygiene and threat modeling for journalists
  • SRCCON 2019
  • 2019 NICAR Conference
    • Panel: Tiplines today: Techniques for secure source communications
  • SRCCON 2018
    • Session: Preparing for security vulnerabilities if you’re an open source maintainer *or* user
  • 2018 NICAR Conference
    • Panel: Turning your documents into data
    • Workshop: CryptoParty
  • SRCCON 2017
  • 2017 NICAR Conference
    • Session: Security tools for Journalists
    • Session: Introduction to Security and Threat Modeling for Normal Humans
  • 2017 IRE New York Watchdog Workshop
    • Brownbag: Securing your devices and communication
  • Mozilla Festival 2016
    • Session: Off the Record: Introduction to Encrypted Communications for Journalists [notes]
  • Media Party Africa 2016
    • Lecture: Real-world digital security for journalists
    • Workshop: CryptoParty: a hands-on encryption and security workshop
  • SRCCON 2016
    • Session: The Ecology of Newsroom Software [transcript]
  • 2016 IRE Conference
    • Panel: Security - Bulletproofing the Digital Newsroom
  • 2016 NICAR Conference
    • Session: The Digital Dark Arts [slides: part 1, part 2]
    • Workshop: NICAR CryptoParty [slides]
  • 2016 Internet Freedom Festival
  • Boston College Law School, Forum on Philanthropy and the Public Good:
    Boot Camp for Journalists
    • Session: Accessing Nonprofit Data through ProPublica’s Nonprofit Explorer
  • Mozilla Festival 2015
    • Session: Disassembling the world’s worst data wrapper: PDFs
  • SRCCON 2015
  • 2015 Committee to Protect Journalists “Securing the Newsroom” Tech Summit
  • 2015 Al Jazeera Forum
    • Panel: The Struggle for Digital Freedom
  • 2015 NICAR Conference
    • Session: Data Alchemy: Turning Lead Into Data
    • Session: Defense against the dark arts: Security for you and your sources
    • Session: Amazon Cloud Basics
    • Workshop: NICAR CryptoParty
  • 2015 Circumvention Tech Festival
  • CryptoParty NYC: "CryptoParty for Journalists"
  • Freedom of the Press Foundation & RCFP #EncryptNews Conference
    • Hands-on workshop: OTR instant messaging encryption
  • Mozilla Festival 2014
    • Session: Data Alchemy: Turning lead into data
    • Session: Practical Threat Modeling for Journalists
  • Temple University, Center for Public Interest Journalism: Digital Security Workshop [slides]
  • Online News Association "dCamp: Digital Security"
  • 2014 Asian American Journalists Association Convention
  • 2014 IRE Conference
    • Panel: Docs! Docs! Docs!
    • Hands-on workshop: Liberating Data from PDFs
  • 2014 NICAR Conference
  • 2014 IRE New York Watchdog Workshop
    • Talk: Cyber Security for Journalists [slides]
  • NewsFoo 2013
  • Mozilla Festival 2013
  • Hacks/Hackers NYC Crypto Workshop
    • Hands-on workshop: PGP e-mail encryption, OTR instant messaging encryption, and Tor Browser. [GitHub]
  • Hacks/Hackers Buenos Aires’ Media Party 2013
    • Talk: Threat Modeling
  • 2013 MIT-Knight Civic Media Conference
  • 2013 IRE Conference
    • Talk: Introducing Tabula: A PDF data extractor
  • 2013 NICAR Conference
    • Panel: Covert Reporting Using Technology to Cover Your Tracks

Contact info

E-mail:
{first_name}@tig.as is my e-mail address. (It is obfuscated, but you should be able to figure it out.) If you wish, you can send me a PGP-encrypted e-mail:

  • Some PGP/GPG mail encryption software supports automatic key discovery (“WKD”). For example, if you use ProtonMail, your e-mails to me should automatically use encryption.
  • You can manually download my key (0x9090861B), for use with other PGP/GPG software.

Signal / WhatsApp / Telegram / Messenger / SMS / etc:
I greatly prefer using Signal. Please get in touch via other means and I can give you my Signal username.

For folks who have known me a while: Note that I’ve changed Signal/SMS phone numbers a few times over the years; since 2022 I am using my old (573) number as my primary number. Numbers at area codes (347) and (212) are no longer actively used.

Social media:
Please see the "Elsewhere" section above.

Postal Mail:
I happily accept postcards, letters, and other analog ephemera via postal mail. (I’m a Postcrosser and love sending & receiving snail mail.) Address your item to:

Mike Tigas
P.O. Box 47356
Chicago, IL 60647
United States

Tip Jar - Buy me a {coffee, beer, lunch}?

If you like Onion Browser and the other open-source software work I've done in support of privacy or data journalism, consider donating to the Tor Project or OpenNews directly.

If you truly want to send money directly to me in support of my open-source work, there are some options below.

  • PayPal: paypal.me/mtigas
  • Cryptocurrency: at this point, cryptocurrencies are just another speculation vehicle for the wealthy, cryptocurrencies are not accessible or usable as actual currency to the masses, and proof-of-work systems consistently show poor environmental impacts. But if you insist, I accept the following, in order of preference:
    • Ether (ETH), main Ethereum network: 
      0x7fb8C9aEEAAFD1023602147728c4D768d099d3d4
    • Bitcoin (BTC): 
      bc1qqaaevnjsq44r9mdsuu4twppex0t4d47zcav863
    • Bitcoin (BTC) legacy address (if you can’t send to a bc1 address): 
      1EW5CTQjT9JxvcEhCZEK5zDqMEQwGFh4YW
    • Zcash (ZEC), shielded z-address: 
      zs1hv9ux5erpemkcv3rq5e38m5ehhs3jrm7k07a2pkvckynej9hmwg8n0wd6ef7fq2ymar5jjdp924
    • Zcash (ZEC), t-address (if you can’t send to z-addresses): 
      t1eqUdGYdpurvJbE9xHf9EqSHYRxEdGDEdN
    • Monero (XMR): 
      8AhhYzXHW8a4MHjqFB7d1xdijjZk67zJEiz18pbb3CzgENMnLdi4a3ZbwwQsYSuu97A6FvypZcrk36Fc31PGW1wn5U2XpSf
  • (I used to have links to recurring platforms such as Patreon and GitHub Sponsors, but have sunset use of those as of 2023.)