SecureDrop

Last updated
SecureDrop
Original author(s)
Developer(s) Freedom of the Press Foundation
Initial release15 October 2013;10 years ago (2013-10-15)
Stable release
2.8.0 [1]   OOjs UI icon edit-ltr-progressive.svg (12 March 2024;25 days ago (12 March 2024))
Repository
Written in Python
Operating system Linux
Type Secure communication
License GNU Affero General Public License, version 3
Website securedrop.org OOjs UI icon edit-ltr-progressive.svg

SecureDrop is a free software platform for secure communication between journalists and sources (whistleblowers). [2] It was originally designed and developed by Aaron Swartz and Kevin Poulsen under the name DeadDrop. [3] [4] James Dolan also co-created the software. [5]

Contents

History

After Aaron Swartz's death, the first instance of the platform was launched under the name Strongbox by staff at The New Yorker on 15 May 2013. [6] The Freedom of the Press Foundation took over development of DeadDrop under the name SecureDrop, and has since assisted with its installation at several news organizations, including ProPublica, The Guardian , The Intercept , and The Washington Post . [7] [8] [9]

Security

SecureDrop uses the anonymity network Tor to facilitate communication between whistleblowers, journalists, and news organizations. SecureDrop sites are therefore only accessible as onion services in the Tor network. After a user visits a SecureDrop website, they are given a randomly generated code name. [6] This code name is used to send information to a particular author or editor via uploading. Investigative journalists can contact the whistleblower via SecureDrop messaging. Therefore, the whistleblower must take note of their random code name. [3]

The system utilizes private, segregated servers that are in the possession of the news organization. Journalists use two USB flash drives and two personal computers to access SecureDrop data. [3] [6] The first personal computer accesses SecureDrop via the Tor network, and the journalist uses the first flash drive to download encrypted data from the SecureDrop server. The second personal computer does not connect to the Internet, and is wiped during each reboot. [3] [6] The second flash drive contains a decryption code. The first and second flash drives are inserted into the second personal computer, and the material becomes available to the journalist. The personal computer is shut down after each use. [3]

Freedom of the Press Foundation has stated it will have the SecureDrop code and security environment audited by an independent third party before every major version release and then publish the results. [10] The first audit was conducted by security researchers at the University of Washington and Bruce Schneier. [11] The second audit was conducted by Cure53, a German security firm. [10]

SecureDrop suggests sources disabling JavaScript to protect anonymity. [12]

Prominent organizations using SecureDrop

The Freedom of the Press Foundation now maintains an official directory of SecureDrop instances. This is a partial list of instances at prominent news organizations. [13]

Name of organizationImplementation date
The New Yorker [14] [3] 15 May 2013
Forbes [14] [15] [16] [17] 29 Oct 2013
Bivol [14] [18] 30 Oct 2013
ProPublica [14] [19] [20] 27 Jan 2014
The Intercept [14] [21] 10 Feb 2014
San Francisco Bay Guardian [14] [22] 18 Feb 2014
The Washington Post [14] [23] 5 Jun 2014
The Guardian [14] [2] 6 Jun 2014
The Globe and Mail [14] [24] 4 Mar 2015
Radio-Canada20 Jan 2016
Canadian Broadcasting Corporation [14] [25] 29 Jan 2016
Committee to Protect Journalists [26] 12 May 2016
Associated Press 18 Oct 2016
The New York Times [14] [27] 15 Dec 2016
BuzzFeed News 21 Dec 2016
USA Today [14] [28] 22 Feb 2017
Bloomberg News Unknown
The Wall Street Journal Unknown
Aftenposten Unknown
Australian Broadcasting Corporation [29] 28 Nov 2019

Awards

See also

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

<span class="mw-page-title-main">Kevin Poulsen</span> American computer hacker

Kevin Lee Poulsen is an American former black-hat hacker and a contributing editor at The Daily Beast.

A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social networks, and anonymity proxy networks such as Tor via an anonymized series of connections.

<span class="mw-page-title-main">Aaron Swartz</span> Computer programmer and internet/political activist (1986–2013)

Aaron Hillel Swartz was an American computer programmer, entrepreneur, writer, political organizer, and Internet hacktivist. As a programmer, Swartz helped develop the web feed format RSS; the technical architecture for Creative Commons, an organization dedicated to creating copyright licenses; the website framework web.py; and the lightweight markup language format Markdown. Swartz was involved in the development of the social news aggregation website Reddit until he departed from the company in 2007. He is often credited as a martyr and a prodigy, and his work focused on civic awareness and activism.

<span class="mw-page-title-main">Jacob Appelbaum</span> American computer security researcher and journalist (born 1 April 1983)

Jacob Appelbaum is an American independent journalist, computer security researcher, artist, and hacker.

<span class="mw-page-title-main">Tor (network)</span> Free and open-source anonymity network based on onion routing

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide volunteer overlay network that consists of more than seven thousand relays.

<span class="mw-page-title-main">Tails (operating system)</span> Linux distribution for anonymity and privacy

Tails, or "The Amnesic Incognito Live System", is a security-focused Debian-based Linux distribution aimed at preserving Internet privacy and anonymity. It connects to the Internet exclusively through the anonymity network Tor. The system is designed to be booted as a live DVD or live USB and never writes to the hard drive or SSD, leaving no digital footprint on the machine unless explicitly told to do so. It can also be run as a virtual machine, with some additional security risks.

Internet censorship circumvention, also referred to as going over the wall or scientific browsing in China, is the use of various methods and tools to bypass internet censorship.

GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives.

The Associated Whistleblowing Press (AWP) is a not-for-profit information agency based in Brussels, Belgium, dedicated to the defense of human rights by promoting transparency, freedom of information and speech, whistleblowing and investigative journalism, conceived as a global network made up of cooperative local platforms and actors. According to its website, the initiative aims to work in a decentralized network structure, with local platforms that deal with local information, contexts and actors in a "from the roots upward model". The stories produced will then be published on the project's multilanguage newsroom under a Creative Commons license. The team consists of collaborators spread all around the world, led by two editors, Pedro Noel and Santiago Carrion.

Freedom of the Press Foundation (FPF) is a non-profit organization founded in 2012 to fund and support free speech and freedom of the press. The organization originally managed crowd-funding campaigns for independent journalistic organizations, but now pursues technical projects to support journalists' digital security and conducts legal advocacy for journalists.

<span class="mw-page-title-main">Tor2web</span> HTTP proxy for Tor hidden services

Tor2web is a software project to allow Tor hidden services to be accessed from a standard browser without being connected to the Tor network. It was created by Aaron Swartz and Virgil Griffith.

<span class="mw-page-title-main">The Tor Project</span> Free and open-source software project for enabling anonymous communication

The Tor Project, Inc. is a 501(c)(3) research-education nonprofit organization based in Winchester, New Hampshire. It is founded by computer scientists Roger Dingledine, Nick Mathewson, and five others. The Tor Project is primarily responsible for maintaining software for the Tor anonymity network.

<span class="mw-page-title-main">Roger Dingledine</span> American computer scientist

Roger Dingledine is an American computer scientist known for having co-founded the Tor Project. A student of mathematics, computer science, and electrical engineering, Dingledine is also known by the pseudonym arma. As of December 2016, he continues in a leadership role with the Tor Project, as a project Leader, Director, and Research Director.

Cure53 is a German cybersecurity firm. The company was founded by Dr. Mario Heiderich, a security researcher.

<span class="mw-page-title-main">Truth & Transparency Foundation</span> Whistleblowing organization

Truth & Transparency Foundation was a whistleblowing organization inspired by WikiLeaks, which focused on exposing documents from the leadership of the Church of Jesus Christ of Latter-day Saints. Founded in December 2016 and ceasing operations in April 2022, Truth & Transparency was a nonprofit newsroom dedicated to religious accountability through impact journalism.

James S. Dolan was an American computer security expert who, with Aaron Swartz and Kevin Poulsen, co-developed SecureDrop, a widely used secure digital platform for sources to anonymously submit materials to journalists.

<span class="mw-page-title-main">Runa Sandvik</span>

Runa Sandvik is a Norwegian-American computer security expert and founder of Granitt. She is noted for her extensive work in protecting at-risk civil society groups, including human rights defenders, lawyers, and journalists. Sandvik was previously the Senior Director of Information Security at The New York Times, helping launch the company’s confidential tips page in December 2016.

References

  1. "Release 2.8.0". 12 March 2024. Retrieved 25 March 2024.
  2. 1 2 Ball, James (5 Jun 2014). "Guardian launches SecureDrop system for whistleblowers to share files". The Guardian .
  3. 1 2 3 4 5 6 Kassner, Michael (20 May 2013). "Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works". TechRepublic . Archived from the original on 29 July 2013. Retrieved 20 May 2013.
  4. Poulsen, Kevin (14 May 2013). "Strongbox and Aaron Swartz". The New Yorker .
  5. Timm, Trevor (9 January 2018). "A tribute to James Dolan, co-creator of SecureDrop, who has tragically passed away at age 36". Freedom of the Press Foundation .
  6. 1 2 3 4 Davidson, Amy (15 May 2013). "Introducing Strongbox". The New Yorker . Retrieved 20 May 2013.
  7. "Strongbox". The New Yorker. Archived from the original on 13 April 2017. Retrieved 15 November 2013.
  8. Biryukov, Alex; Pustogarov, Ivan; Thill, Fabrice; Weinmann, Ralf-Philipp (2013). "Content and popularity analysis of Tor hidden services". arXiv: 1308.6768 [cs.CR].
  9. Davidson, Amy (15 May 2013). "Introducing Strongbox". The New Yorker. Retrieved 26 December 2013.
  10. 1 2 Timm, Trevor (20 January 2014). "SecureDrop Undergoes Second Security Audit". Freedom of the Press Foundation. Retrieved 13 July 2014.
  11. Czeskis, Alexei; Mah, David; Sandoval, Omar; Smith, Ian; Koscher, Karl; Appelbaum, Jacob; Kohno, Tadayoshi; Schneier, Bruce. "DeadDrop/StrongBox Security Assessment" (PDF). University of Washington Department of Computer Science and Engineering. Retrieved 13 July 2014.
  12. Source Guide SecureDrop
  13. ssteele (6 December 2016). "Tor at the Heart: SecureDrop". Tor Blog.
  14. 1 2 3 4 5 6 7 8 9 10 11 12 "The Official SecureDrop Directory". Freedom of the Press Foundation. Retrieved January 29, 2017.
  15. Kirchner, Lauren. "When sources remain anonymous". Columbia Journalism Review. Retrieved 28 January 2014.
  16. Timm, Trevor (29 October 2013). "Forbes Launches First Updated Version of SecureDrop Called SafeSource". Freedom of the Press Foundation. Retrieved 28 January 2014.
  17. Greenberg, Andy. "Introducing SafeSource, A New Way To Send Forbes Anonymous Tips And Documents". Forbes. Retrieved 28 January 2014.
  18. Chavkin, Sasha (21 October 2013). "Initiatives seek to protect anonymity of leakers". The International Consortium of Investigative Journalists. Retrieved 28 January 2014.
  19. Tigas, Mike (27 January 2014). "How to Send Us Files More Securely". ProPublica. Retrieved 28 January 2014.
  20. Timm, Trevor (27 January 2014). "ProPublica Launches New Version of SecureDrop". The Freedom of the Press Foundation. Retrieved 28 January 2014.
  21. "How to Securely Contact The Intercept". The Intercept. Retrieved 9 February 2014.
  22. Bowe, Rebecca (18 February 2014). "Introducing BayLeaks". San Francisco Bay Guardian . Retrieved 20 February 2014.
  23. "Q&A about SecureDrop on The Washington Post". The Washington Post . 5 June 2014.
  24. "The Globe adopts encrypted technology in effort to protect whistle-blowers". The Globe and Mail . 4 March 2015.
  25. "CBC adopts SecureDrop to allow for anonymous leaks". 29 January 2016.
  26. "How SecureDrop helps CPJ protect journalists". Committee to Protect Journalists. 12 January 2016.
  27. Timm, Trevor [@trevortimm] (December 15, 2016). "Nice. The @NYTimes launched @SecureDrop today, along with a really useful secure tips page" (Tweet) via Twitter.
  28. "USA TODAY launches secure whistle-blower site". USA Today . 22 February 2017.
  29. "ABC launches SecureDrop for whistleblowers to securely and anonymously contact journalists". ABC News. 28 November 2019.
  30. Sullivan, John (25 March 2017). "SecureDrop and Alexandre Oliva are 2016 Free Software Awards winners" (Press Release). Free Software Foundation .
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.