Any organization can install SecureDrop for free and also make modifications because the project is open source. We have written detailed installation instructions, which can be read here. Support is available to anyone in the community forums.

Because the installation and operation are complex, and because SecureDrop can only be as secure as the operational security practices followed by its users, Freedom of the Press Foundation will also help organizations install SecureDrop and train journalists and administrators.

If you would like to work with Freedom of the Press Foundation on your SecureDrop installation, please reach out to us. We do ask news organizations that can afford to pay for installation support, training and maintenance to do so.

SecureDrop is a free and open source application that costs nothing to install. However, the application does require hardware that news organizations must purchase, including two servers, several USB sticks, an air-gapped computer, and a firewall.

We have created a recommended hardware guide; following these recommendations wherever possible will minimize incompatibility risks. We are aiming to offer a set of recommendations that work for organizations at different scales.

It is critical that the hardware is owned by the media organization and stored on its premises in a secure space.

The total cost of the hardware we recommend is $2,200 to $2,400, though it can be done for less if you are willing to sacrifice size and speed on the servers or are able to use recycled machines sourced from within your organization.

As part of priority support agreements and on a pro-bono basis for smaller news organizations, Freedom of the Press Foundation will visit your offices, help set up SecureDrop and train journalists to use it. (For pro-bono support, we request that our travel costs are covered.)

• Experience with managing Linux-based systems from the command line.
• Proficiency with network hardware such as firewalls and switches (e.g. pfSense).
• Experience with configuration management tools such as Ansible, Salt, Chef, or Puppet.
• Ability to use and configure secure communication tools such as GPG.

We consider the first two requirements and the second two preferred attributes.

SecureDrop is designed with the understanding that many—if not all—news organizations’ corporate networks have already been compromised by attackers or will be in the future.

The SecureDrop environment is completely segmented from the rest of the corporate network by design, through the use of a dedicated network firewall. Here's a more detailed diagram of the components of the system, which illustrates how the servers are connected to the organization's network through the network firewall.

Journalists only connect to the SecureDrop server on their regular workstation through the Tails operating system, which does not touch their hard drive and connects to the Internet through the encrypted Tor network. Anything sent by a source through SecureDrop is encrypted with a GPG key pair, and intended to only be decrypted on an air-gapped computer that is never connected to a network.

While the main SecureDrop application runs as a Tor hidden service only accessible through the Tor Browser, news organizations need to create a SecureDrop landing page that lives on their main website. The landing page should provide directions for how to use SecureDrop, as well as the organization’s privacy policy.

It is critical that the landing page loads as HTTPS by default, is free of third party trackers, and uses the appropriate security headers. We have created a detailed best practice guide for landing pages.

Freedom of the Press Foundation monitors the security of landing pages in the SecureDrop directory. We encourage news organizations to work with us to ensure that their landing page meets the highest standards of security.

We generally recommend that news organizations set aside two days for the setup and training process. The first day is primarily the installation with the administrators and the second day is the training for those journalists who will regularly check SecureDrop.

Often, the entire process takes much less time than two days but sometimes there are unique network or hardware issues that come up and delay completion. A more comprehensive schedule detailing each step, along with installation common issues, can be found here.

While SecureDrop supports having multiple journalist accounts for the document interface, all accounts will access the same inbox. To avoid confusion, we recommend news organizations assign 1-3 journalists to regularly check SecureDrop and make sure that they all are in contact as to who is responsible for responding to each source.

We are considering alternative workflows for future SecureDrop releases; please visit our development roadmap for up-to-date information.

Currently you cannot use SecureDrop with multiple organizations for security reasons. One of the benefits of SecureDrop is that it completely eliminates third parties from your communication channel. The media organization owns and operates the server that both the source and journalist connect to.

Any legal request or order has to be served on the media organization operating the SecureDrop server, giving them a chance to challenge it before handing over any data. If a third party operated a SecureDrop server which multiple organizations used, a legal order could be served on the operator without the media organizations knowing.

FPF is committed to providing continuous support for SecureDrop; see our Priority Support page for details. We encourage smaller news organizations to request pro-bono assistance, as well. We do not host SecureDrop on behalf of news organizations for security reasons, so you will need a system administrator with Linux experience.