SecureDrop | Freedom of the Press Foundation

What is SecureDrop?

SecureDrop is an open-source whistleblower submission system that media organizations can install to accept documents from anonymous sources. It was originally coded by the late Aaron Swartz, with assistance from Wired editor Kevin Poulsen and security expert James Dolan. The project was previously called DeadDrop. Freedom of the press Foundation took over management of the project in October 2013.

How can media organizations install SecureDrop?

Any organization can install SecureDrop for free and can make modifications because the project is open-source. We have written detailed installation instructions, which can be read here.

Because the installation and operation is still complex, Freedom of the press Foundation will also help organizations install SecureDrop and train its journalists in security best practices to ensure the best protection for sources. Please go here to apply for assistance and set up an appointment.

How does SecureDrop work?

The code underlying SecureDrop is a python application that accepts messages and documents from the web and GPG-encrypts them for secure storage. Essentially, it's a more secure alternative to the "contact us" form found on a typical news site.

In operation, every source is given a unique "codename." The codename lets the source establish a relationship with the news organization without revealing her real identity or resorting to e-mail. She can enter the code name on a future visit to read any messages sent back from the journalist — "Thanks for the Roswell photos! Can you explain what the dark smudge on the left side is?" — or submit additional documents or messages under the same persistent, but pseudonymous, identifier. The source is known by a different code name on the journalist's side. All of that source's submissions are grouped together into a "collection."

Every time there's a new submission by that source, her collection is bumped to the top of the submission queue. SecureDrop was designed to use three physical servers: a public-facing server, a second server for storage of messages and documents, and a third that does security monitoring of the first two.

(A version of this description was originally written by Kevin Poulsen.)

Does SecureDrop promise 100% security?

No, and any organization or product that promises 100% security is not telling the truth. SecureDrop attempts to create significantly more secure environment for sources to get information than exists through normal digital channels, but there are always risks.

A major security audit of SecureDrop (then called DeadDrop) was conducted by security expert Bruce Schneier and a team of University of Washington researchers led by Alexei Czeckis, was conducted in mid-2013, which you can read here. We have discussed in detail how we re-vamped SecureDrop in response to this audit, and some of the risks that still remain here.

Who created SecureDrop?

The web application, which was originally called DeadDrop, was coded and architected by Aaron Swartz in 2012 before his tragic death. The hardening guide andother security material is the work of James Dolan. Investigative journalist Kevin Poulsen originally organized the project. The New Yorker launched the first implementation and branded their version StrongBox in May 2013.

In October 2013, Freedom of the Press Foundation took over managing the open-source project and re-named it SecureDrop. FPF also hired James Dolan to help media organizations with installations and security. Kevin Poulsen continues to be a journalistic consultant on the project.

Is SecureDrop open source?

Yes. In fact, SecureDrop is free software: you can redistribute it and/or modify it under the terms ofthe GNU Affero General public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This project, and all material accompanying it, is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. For more details, see the GNU Affero General public License. In other words, please make it better and spread it far and wide.

How can I contribute to SecureDrop?

There are many ways you can contribute to SecureDrop. First, we need donations to keep the project alive. You can go here to help us pay for development, upkeep, and security so we can travel to journalism organizations and help them install it. You can also contribute to the development of SecureDrop by visiting our Github page. If you are a developer, you can also go here to sign up for our email discussion list where contributing developers can discuss and recommend security and usability features.