SecureDrop is a

free software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, n ...

platform for

secure communication Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication ...

between

journalist A journalist is an individual that collects/gathers information in form of text, audio, or pictures, processes them into a news-worthy form, and disseminates it to the public. The act or process mainly done by the journalist is called journalis ...

s and

sources Source may refer to: Research * Historical document * Historical source * Source (intelligence) or sub source, typically a confidential provider of non open-source intelligence * Source (journalism), a person, publication, publishing institute o ...

(

whistleblower A whistleblower (also written as whistle-blower or whistle blower) is a person, often an employee, who reveals information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe or fraudulent. Whi ...

s). It was originally designed and developed by

Aaron Swartz Aaron Hillel Swartz (November 8, 1986 – January 11, 2013) was an American computer programmer, entrepreneur, writer, political organizer, and Internet hacktivist. A prolific programmer, Swartz helped develop the web feed format RSS, the tech ...

and Kevin Poulsen under the name ''DeadDrop''. James Dolan also co-created the software.

History

After Aaron Swartz's death, the first instance of the platform was launched under the name ''Strongbox'' by staff at ''

The New Yorker ''The New Yorker'' is an American weekly magazine featuring journalism, commentary, criticism, essays, fiction, satire, cartoons, and poetry. Founded as a weekly in 1925, the magazine is published 47 times annually, with five of these issues ...

'' on 15 May 2013. The Freedom of the Press Foundation took over development of DeadDrop under the name ''SecureDrop'', and has since assisted with its installation at several news organizations, including

ProPublica ProPublica (), legally Pro Publica, Inc., is a nonprofit organization based in New York City. In 2010, it became the first online news source to win a Pulitzer Prize, for a piece written by one of its journalists''The Guardian'', April 13, 2010P ...

, ''

The Guardian ''The Guardian'' is a British daily newspaper. It was founded in 1821 as ''The Manchester Guardian'', and changed its name in 1959. Along with its sister papers '' The Observer'' and '' The Guardian Weekly'', ''The Guardian'' is part of the ...

'', ''

The Intercept ''The Intercept'' is an American left-wing news website founded by Glenn Greenwald, Jeremy Scahill, Laura Poitras and funded by billionaire eBay co-founder Pierre Omidyar. Its current editor is Betsy Reed. The publication initially report ...

'', and ''

The Washington Post ''The Washington Post'' (also known as the ''Post'' and, informally, ''WaPo'') is an American daily newspaper published in Washington, D.C. It is the most widely circulated newspaper within the Washington metropolitan area and has a large n ...

''.

Security

SecureDrop uses the anonymity network Tor to facilitate communication between whistleblowers, journalists, and news organizations. SecureDrop sites are therefore only accessible as onion services in the Tor network. After a user visits a SecureDrop website, they are given a randomly generated code name. This code name is used to send information to a particular author or editor via uploading.

Investigative journalist Investigative journalism is a form of journalism in which reporters deeply investigate a single topic of interest, such as serious crimes, political corruption, or corporate wrongdoing. An investigative journalist may spend months or years rese ...

s can contact the whistleblower via SecureDrop messaging. Therefore, the whistleblower must take note of their random code name. The system utilizes private, segregated servers that are in the possession of the news organization. Journalists use two

USB flash drive Universal Serial Bus (USB) is an industry standard that establishes specifications for cables, connectors and protocols for connection, communication and power supply ( interfacing) between computers, peripherals and other computers. A bro ...

s and two personal computers to access SecureDrop data. The first personal computer accesses SecureDrop via the Tor network, and the journalist uses the first flash drive to download

encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...

data from the SecureDrop server. The second personal computer does not connect to the Internet, and is wiped during each reboot. The second flash drive contains a

decryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...

code. The first and second flash drives are inserted into the second personal computer, and the material becomes available to the journalist. The personal computer is shut down after each use. Freedom of the Press Foundation has stated it will have the SecureDrop code and security environment audited by an independent third party before every major version release and then publish the results. The first audit was conducted by security researchers at the

University of Washington The University of Washington (UW, simply Washington, or informally U-Dub) is a public research university in Seattle, Washington. Founded in 1861, Washington is one of the oldest universities on the West Coast; it was established in Seatt ...

and

Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...

. The second audit was conducted by Cure53, a German security firm. SecureDrop suggests sources disabling

JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...

to protect anonymity.Source Guide
SecureDrop

Prominent organizations using SecureDrop

The Freedom of the Press Foundation now maintains an official directory of SecureDrop instances. This is a partial list of instances at prominent news organizations.

Awards

* 2016:

Free Software Foundation The Free Software Foundation (FSF) is a 501(c)(3) non-profit organization founded by Richard Stallman on October 4, 1985, to support the free software movement, with the organization's preference for software being distributed under copyleft ( ...

, Free Software Award, Award for Projects of Social Benefit

References

External links