Tails recently released version 6.11, which contains fixes for a number of critical security vulnerabilities. These vulnerabilities would require an attacker to have first gained access to the system remotely (which is not currently known to be possible), and the Tails team is not aware of any of these vulnerabilities … Read More

The second in our new series of regular project retrospectives Read More

Browser-based cryptography has struggled with a longstanding chicken-and-egg problem that predates many features of the modern web, and while some of those features have reduced the problem’s severity, the issue remains: What is the basis for trusting the code that performs browser-based encryption? Read More

Our annual project update for Aaron Swartz Day Read More

We’re trying something new this month, with a recap of everything the SecureDrop project was up to. Read More

SecureDrop has completed its sixth security audit, conducted by 7ASecurity and sponsored by the Open Technology Fund. The audit surfaced one medium-severity and two low-severity issues, which were all fixed in SecureDrop 2.10.0. The auditors also examined the SecureDrop supply chain, build processes, and threat model, making recommendations that will inform future development. Read More

SecureDrop Workstation instances using Qubes 4.1 have reached end-of-life, and will not receive security updates after July 31, 2024.SecureDrop Workstation 1.0.0 is based on Qubes 4.2; users should migrate to it as soon as possible. Our backup and restore documentation covers the steps that are required to migrate to SecureDrop … Read More

The SecureDrop team is planning to shut down the SecureDrop forum at https://forum.securedrop.org/ on July 30, 2024. Read More