SecureDrop

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
SecureDrop
Original authors
DeveloperFreedom of the Press Foundation
Initial release15 October 2013; 12 years ago (2013-10-15)
Repository
  • {{URL|example.com|optional display text}}Lua error in Module:EditAtWikidata at line 29: attempt to index field 'wikibase' (a nil value).
Written inPython
Engine
    Lua error in Module:EditAtWikidata at line 29: attempt to index field 'wikibase' (a nil value).
    Operating systemLinux
    TypeSecure communication
    LicenseGNU Affero General Public License, version 3
    Website

    SecureDrop is a free software platform for secure communication between journalists and sources (whistleblowers).[1] It was originally designed and developed by Aaron Swartz and Kevin Poulsen under the name DeadDrop.[2][3] James Dolan also co-created the software.[4]

    History

    [edit | edit source]

    After Aaron Swartz's death, the first instance of the platform was launched under the name Strongbox by staff at The New Yorker on 15 May 2013.[5] The Freedom of the Press Foundation took over development of DeadDrop under the name SecureDrop, and has since assisted with its installation at several news organizations, including ProPublica, The Guardian, The Intercept, and The Washington Post.[6][7][8]

    Security

    [edit | edit source]

    SecureDrop uses the anonymity network Tor to facilitate communication between whistleblowers, journalists, and news organizations. SecureDrop sites are therefore only accessible as onion services in the Tor network. After a user visits a SecureDrop website, they are given a randomly generated code name.[5] This code name is used to send information to a particular author or editor via uploading. Investigative journalists can contact the whistleblower via SecureDrop messaging. Therefore, the whistleblower must take note of their random code name.[2]

    The system utilizes private, segregated servers that are in the possession of the news organization. Journalists use two USB flash drives and two personal computers to access SecureDrop data.[2][5] The first personal computer accesses SecureDrop via the Tor network, and the journalist uses the first flash drive to download encrypted data from the SecureDrop server. The second personal computer does not connect to the Internet, and is wiped during each reboot.[2][5] The second flash drive contains a decryption code. The first and second flash drives are inserted into the second personal computer, and the material becomes available to the journalist. The personal computer is shut down after each use.[2]

    Freedom of the Press Foundation has stated it will have the SecureDrop code and security environment audited by an independent third party before every major version release and then publish the results.[9] The first audit was conducted by security researchers at the University of Washington and Bruce Schneier.[10] The second audit was conducted by Cure53, a German security firm.[9]

    SecureDrop suggests sources disabling JavaScript to protect anonymity.[11]

    Prominent organizations using SecureDrop

    [edit | edit source]

    The Freedom of the Press Foundation now maintains an official directory of SecureDrop instances. This is a partial list of instances at prominent news organizations.[12]

    Name of organization Implementation date
    The New Yorker[13][2] 15 May 2013
    Forbes[13][14][15][16] 29 Oct 2013
    Bivol[13][17] 30 Oct 2013
    ProPublica[13][18][19] 27 Jan 2014
    The Intercept[13][20] 10 Feb 2014
    San Francisco Bay Guardian[13][21] 18 Feb 2014
    The Washington Post[13][22] 5 Jun 2014
    The Guardian[13][1] 6 Jun 2014
    The Globe and Mail[13][23] 4 Mar 2015
    Radio-Canada 20 Jan 2016
    Canadian Broadcasting Corporation[13][24] 29 Jan 2016
    Committee to Protect Journalists[25] 12 May 2016
    Associated Press 18 Oct 2016
    The New York Times[13][26] 15 Dec 2016
    BuzzFeed News 21 Dec 2016
    USA Today[13][27] 22 Feb 2017
    Bloomberg News Unknown
    The Wall Street Journal Unknown
    Aftenposten Unknown
    Australian Broadcasting Corporation[28] 28 Nov 2019

    Awards

    [edit | edit source]

    See also

    [edit | edit source]

    Lua error in mw.title.lua at line 392: bad argument #2 to 'title.new' (unrecognized namespace name 'Portal').

    References

    [edit | edit source]
    1. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    2. ^ a b c d e f Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    3. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    4. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    5. ^ a b c d Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    6. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    7. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    8. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    9. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    10. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    11. ^ Source Guide SecureDrop
    12. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    13. ^ a b c d e f g h i j k l Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    14. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    15. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    16. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    17. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    18. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    19. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    20. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    21. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    22. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    23. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    24. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    25. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    26. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    27. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    28. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    29. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    [edit | edit source]

    Lua error in Module:Authority_control at line 153: attempt to index field 'wikibase' (a nil value).

    Retrieved from "http://70.231.62.181/index.php?title=SecureDrop&oldid=14768439"