SecureDrop is a

free software Free software, libre software, libreware sometimes known as freedom-respecting software is computer software distributed open-source license, under terms that allow users to run the software for any purpose as well as to study, change, distribut ...

platform for

secure communication Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication ...

between

journalist A journalist is a person who gathers information in the form of text, audio or pictures, processes it into a newsworthy form and disseminates it to the public. This is called journalism. Roles Journalists can work in broadcast, print, advertis ...

s and

sources Source may refer to: Research * Historical document * Historical source * Source (intelligence) or sub source, typically a confidential provider of non open-source intelligence * Source (journalism), a person, publication, publishing institute ...

(

whistleblower Whistleblowing (also whistle-blowing or whistle blowing) is the activity of a person, often an employee, revealing information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe, unethical or ...

s). It was originally designed and developed by

Aaron Swartz Aaron Hillel Swartz (; November 8, 1986January 11, 2013), also known as AaronSw, was an American computer programmer, entrepreneur, writer, political organizer, and Internet hacktivism, hacktivist. As a programmer, Swartz helped develop the we ...

and Kevin Poulsen under the name ''DeadDrop''. James Dolan also co-created the software.

History

After Aaron Swartz's death, the first instance of the platform was launched under the name ''Strongbox'' by staff at ''

The New Yorker ''The New Yorker'' is an American magazine featuring journalism, commentary, criticism, essays, fiction, satire, cartoons, and poetry. It was founded on February 21, 1925, by Harold Ross and his wife Jane Grant, a reporter for ''The New York T ...

'' on 15 May 2013. The

Freedom of the Press Foundation Freedom of the Press Foundation (FPF) is an American non-profit organization founded in 2012 to fund and support free speech and freedom of the press. The organization originally managed crowd-funding campaigns for independent journalistic organ ...

took over development of DeadDrop under the name ''SecureDrop'', and has since assisted with its installation at several news organizations, including

ProPublica ProPublica (), legally Pro Publica, Inc., is a nonprofit investigative journalism organization based in New York City. ProPublica's investigations are conducted by its staff of full-time reporters, and the resulting stories are distributed to ne ...

, ''

The Guardian ''The Guardian'' is a British daily newspaper. It was founded in Manchester in 1821 as ''The Manchester Guardian'' and changed its name in 1959, followed by a move to London. Along with its sister paper, ''The Guardian Weekly'', ''The Guardi ...

'', ''

The Intercept ''The Intercept'' is an American left-wing nonprofit news organization that publishes articles and podcasts online. ''The Intercept'' has published in English since its founding in 2014, and in Portuguese since the 2016 launch of the Brazilia ...

'', and ''

The Washington Post ''The Washington Post'', locally known as ''The'' ''Post'' and, informally, ''WaPo'' or ''WP'', is an American daily newspaper published in Washington, D.C., the national capital. It is the most widely circulated newspaper in the Washington m ...

''.

Security

SecureDrop uses the anonymity network

Tor Tor, TOR or ToR may refer to: Places * Toronto, Canada ** Toronto Raptors * Tor, Pallars, a village in Spain * Tor, former name of Sloviansk, Ukraine, a city * Mount Tor, Tasmania, Australia, an extinct volcano * Tor Bay, Devon, England * Tor ...

to facilitate communication between

whistleblowers Whistleblowing (also whistle-blowing or whistle blowing) is the activity of a person, often an employee, revealing information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe, unethical or ...

, journalists, and news organizations. SecureDrop sites are therefore only accessible as onion services in the Tor network. After a user visits a SecureDrop website, they are given a randomly generated code name. This code name is used to send information to a particular author or editor via uploading. Investigative journalists can contact the whistleblower via SecureDrop messaging. Therefore, the whistleblower must take note of their random code name. The system utilizes private, segregated servers that are in the possession of the news organization. Journalists use two

USB flash drive A flash drive (also thumb drive, memory stick, and pen drive/pendrive) is a data storage device that includes flash memory with an integrated USB interface. A typical USB drive is removable, rewritable, and smaller than an optical disc, and u ...

s and two personal computers to access SecureDrop data. The first personal computer accesses SecureDrop via the Tor network, and the journalist uses the first flash drive to download

encrypted In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plain ...

data from the SecureDrop server. The second personal computer does not connect to the Internet, and is wiped during each reboot. The second flash drive contains a

decryption In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plai ...

code. The first and second flash drives are inserted into the second personal computer, and the material becomes available to the journalist. The personal computer is shut down after each use. Freedom of the Press Foundation has stated it will have the SecureDrop code and security environment audited by an independent third party before every major version release and then publish the results. The first audit was conducted by security researchers at the

University of Washington The University of Washington (UW and informally U-Dub or U Dub) is a public research university in Seattle, Washington, United States. Founded in 1861, the University of Washington is one of the oldest universities on the West Coast of the Uni ...

and

Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is an Adjunct Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman ...

. The second audit was conducted by Cure53, a German security firm. SecureDrop suggests sources disabling

JavaScript JavaScript (), often abbreviated as JS, is a programming language and core technology of the World Wide Web, alongside HTML and CSS. Ninety-nine percent of websites use JavaScript on the client side for webpage behavior. Web browsers have ...

to protect anonymity.Source Guide
SecureDrop

Prominent organizations using SecureDrop

The Freedom of the Press Foundation now maintains an official directory of SecureDrop instances. This is a partial list of instances at prominent news organizations.

Awards

* 2016:

Free Software Foundation The Free Software Foundation (FSF) is a 501(c)(3) non-profit organization founded by Richard Stallman on October 4, 1985. The organisation supports the free software movement, with the organization's preference for software being distributed ...

, Free Software Award, Award for Projects of Social Benefit

References

External links

* *
SecureDrop
at