We’re trying something new this month, with a recap of everything the SecureDrop project was up to. Read More

SecureDrop has completed its sixth security audit, conducted by 7ASecurity and sponsored by the Open Technology Fund. The audit surfaced one medium-severity and two low-severity issues, which were all fixed in SecureDrop 2.10.0. The auditors also examined the SecureDrop supply chain, build processes, and threat model, making recommendations that will inform future development. Read More

SecureDrop Workstation instances using Qubes 4.1 have reached end-of-life, and will not receive security updates after July 31, 2024.SecureDrop Workstation 1.0.0 is based on Qubes 4.2; users should migrate to it as soon as possible. Our backup and restore documentation covers the steps that are required to migrate to SecureDrop … Read More

The SecureDrop team is planning to shut down the SecureDrop forum at https://forum.securedrop.org/ on July 30, 2024. Read More

This blog post is a part of a series about our research toward the next generation of the SecureDrop whistleblowing system. If you haven’t been following along, check out our previous post for some recommended context.Here, we present a proposed end-to-end encryption protocol for a future version of SecureDrop server, … Read More

This blog post is a part of a series about our research toward the next-generation SecureDrop server. In part 1, “Future directions for SecureDrop,” we outlined our current work on the Qubes OS-based SecureDrop Workstation and described our plans for a redesign of SecureDrop. In part 2, “Anatomy of a … Read More

The SecureDrop team details the goals for a redesign of the platform’s server architecture and discusses the design constraints of a whistleblowing system. Read More

As the SecureDrop team previously announced, we’re shifting our focus in order to graduate SecureDrop Workstation from its pilot phase. One of the first steps we’ve taken in this direction is to reorganize and consolidate multiple related Git repositories to make development and releases easier and faster. Read More