The long and winding road to safe browser-based cryptography
Browser-based cryptography has struggled with a longstanding chicken-and-egg problem that predates many features of the modern web, and while some of those features have reduced the problem’s severity, the issue remains: What is the basis for trusting the code that performs browser-based encryption? Read More
SecureDrop 2.11.0 Released
We’re pleased to announce that SecureDrop 2.11.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found in the changelog on GitHub.SecureDrop 2.11.0 will automatically run checks to ensure all servers are ready for … Read More
SecureDrop 2.11.0: Pre-Release Announcement
SecureDrop 2.11.0 is scheduled to be released Dec. 17. We will send out another notification through this blog, Mastodon, X, and the support portal when the release is live.We are soon approaching the end-of-life date for Ubuntu 20.04 (Focal), which all SecureDrops use. This release lays the foundation for an … Read More
SecureDrop Client 0.14.0 released
SecureDrop Client 0.14.0, part of the SecureDrop Workstation, has been released. Along with other changes, this release adds support for selecting and deleting multiple sources simultaneously, improving the experience for users managing high-traffic instances. Read More
Looking back at September 2024
We’re trying something new this month, with a recap of everything the SecureDrop project was up to. Read More
SecureDrop completes sixth security audit
SecureDrop has completed its sixth security audit, conducted by 7ASecurity and sponsored by the Open Technology Fund. The audit surfaced one medium-severity and two low-severity issues, which were all fixed in SecureDrop 2.10.0. The auditors also examined the SecureDrop supply chain, build processes, and threat model, making recommendations that will inform future development. Read More
SecureDrop 2.10.1 Released
We’re pleased to announce that SecureDrop 2.10.1 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub. Read More