Interest Article

All news
Interest Article

Advisory: Installation/Workstation Update Failure on Tails 3.15

Update, July 22, 2019: Thanks to collaboration between the Tails and Tor teams, this issue has been resolved. Read More

Interest Article

Advisory: SecureDrop is no longer accepting submissions. Now what?

As of May 1, 2019, Ubuntu 14.04 (Trusty) has reached End of Life. SecureDrop instances running Trusty will no longer receive security updates for operating system packages, the kernel, or SecureDrop itself.  This means that a sufficiently severe vulnerability discovered in any of those components may permit an adversary ... Read More

Interest Article

We're making SecureDrop.org open source

Today we’re making public on GitHub the code that powers the SecureDrop.org website. SecureDrop has been open source since its inception. Starting today, its website is as well, under the same GNU Affero General Public License (AGPL). Read More

Interest Article

Advisory: Why you must manually upgrade your SecureDrop servers before April 30

SecureDrop installations set up before version 0.12.0 (released on February 26, 2019) that have not been upgraded yet are using Ubuntu 14.04 LTS (Trusty) as the server operating system. On April 30 2019, Trusty will reach End of Life, and will no longer receive security updates. If ... Read More

Interest Article

Security at every step: how we’re checking SecureDrop landing pages

How do whistleblowers find out about a news organization’s SecureDrop? The most common answer is a landing page, an ordinary web page hosted by the organization operating a SecureDrop. It explains how sources can download the Tor browser, and how they can safely connect to the onion address of ... Read More

Interest Article

Advisory: Preparing for the server upgrade from Ubuntu 14.04 to 16.04

On 30 April 2019, Ubuntu 14.04 LTS (Long Term Support) will reach End of Life. After this date, no new security updates to the base operating system will be provided. It is therefore of critical importance for the security of all SecureDrop instances to upgrade to the next version ... Read More

Interest Article

Third party audit of integrated SecureDrop Workstation completed

The SecureDrop team is currently working on an integrated SecureDrop Workstation that combines the previously separate Journalist Workstation and Secure Viewing Station into a single device, based on Qubes OS. This represents a potential major change to the SecureDrop architecture and threat model, which is why we have sought independent ... Read More

Interest Article

Advisory: Automatic Update Failure from Version 0.10.0 to 0.11.0 on Some SecureDrop Instances

Ordinarily, updates to the SecureDrop servers are performed automatically within 24 hours of a release. After the release of SecureDrop 0.11.0 on December 11, our monitoring service indicated that some SecureDrop instances were not updated as expected. Instances known to be impacted were set up before SecureDrop version 0.4 (released July 25, 2017). Read More