Over the next two months, all SecureDrops will see their underlying Ubuntu operating system upgraded from version 20.04 (code-named “Focal”) to 24.04 (“Noble”). This is the first time we’ve performed an in-place upgrade. This blog post explains the technical background and process that led to this. Read More

SecureDrop Workstation 1.1.1 has been released! This version adds support for Fedora 41-based system VMs and allows for more robust provisioning and updating. Read More

Over the past month, we’ve seen significant interest in newsrooms setting up SecureDrop. We’re excited to see more adoption of SecureDrop. Here are five things you should know before getting started: Read More

In internal code review, we found two security vulnerabilities in the SecureDrop Workstation. We have released SecureDrop Workstation 1.0.1 and SecureDrop Client 0.14.1 to fix both vulnerabilities. Read More

Tails recently released version 6.11, which contains fixes for a number of critical security vulnerabilities. These vulnerabilities would require an attacker to have first gained access to the system remotely (which is not currently known to be possible), and the Tails team is not aware of any of these vulnerabilities … Read More

The second in our new series of regular project retrospectives Read More

We’re pleased to announce that SecureDrop 2.11.1 has been released. This is a hotfix for a bug in this week’s 2.11.0 release that caused multiple spurious OSSEC alerts (“systemd OK: no failed units”) to be sent to administrators. Servers will be updated with this fix automatically on their next nightly … Read More

Browser-based cryptography has struggled with a longstanding chicken-and-egg problem that predates many features of the modern web, and while some of those features have reduced the problem’s severity, the issue remains: What is the basis for trusting the code that performs browser-based encryption? Read More