The second in our new series of regular project retrospectives Read More

Browser-based cryptography has struggled with a longstanding chicken-and-egg problem that predates many features of the modern web, and while some of those features have reduced the problem’s severity, the issue remains: What is the basis for trusting the code that performs browser-based encryption? Read More

Our annual project update for Aaron Swartz Day Read More

We’re trying something new this month, with a recap of everything the SecureDrop project was up to. Read More

SecureDrop has completed its sixth security audit, conducted by 7ASecurity and sponsored by the Open Technology Fund. The audit surfaced one medium-severity and two low-severity issues, which were all fixed in SecureDrop 2.10.0. The auditors also examined the SecureDrop supply chain, build processes, and threat model, making recommendations that will inform future development. Read More

SecureDrop Workstation instances using Qubes 4.1 have reached end-of-life, and will not receive security updates after July 31, 2024.SecureDrop Workstation 1.0.0 is based on Qubes 4.2; users should migrate to it as soon as possible. Our backup and restore documentation covers the steps that are required to migrate to SecureDrop … Read More

The SecureDrop team is planning to shut down the SecureDrop forum at https://forum.securedrop.org/ on July 30, 2024. Read More

This blog post is a part of a series about our research toward the next generation of the SecureDrop whistleblowing system. If you haven’t been following along, check out our previous post for some recommended context.Here, we present a proposed end-to-end encryption protocol for a future version of SecureDrop server, … Read More