Web applications are only as trustworthy as the servers that serve them, and servers can get hacked. So, last year, we introduced WEBCAT (Web-Based Code Assurance and Transparency), a project designed to enable verifiable in-browser code for web applications. We wrote extensively about WEBCAT’s requirements, constraints, and goals.Today, we’re excited to announce the alpha release of WEBCAT. In particular, we invite community participation in a new, decentralized enrollment infrastructure. Read More

We’ll be presenting on establishing trust in web applications and on the next generation of SecureDrop. Hope to see you in Taipei! Read More

This release ensures KeePassXC remains installed on Tails. It also lays groundwork for the upcoming SecureDrop App. Read More

This release addresses potential undefined behavior in a dependency Read More

Journalists are working harder than ever to protect their sources. SecureDrop has never been more important Read More

In this blog post, we examine the technical requirements for web applications to be properly auditable, arguing that reproducibility is a necessary condition. Enforcing the constraints needed to achieve this on the web is non-trivial, and we present a technical deep dive into how we approach this problem in WEBCAT. Read More

This minor fix allows configuration from Tails USB sticks for those running version 2.13.0 or greater of SecureDrop Read More

This release provides the securedrop-admin tool as a Debian package within Tails, and prepares for future availability of the securedrop-admin utility on Qubes OS Read More