WEBCAT update: independent evaluation, standards work, and a growing team
It has been an eventful couple of months for WEBCAT. Since the alpha release, we've presented at Real World Crypto, been evaluated in an independent academic survey, continued shaping an emerging browser standards effort, and welcomed a new team member as we prepare for beta. Read More
Security audit of new SecureDrop Inbox completed
In advance of the initial release of SecureDrop Inbox, we commissioned an independent security audit from X41 D-Sec. Read More
New features in SecureDrop Inbox
SecureDrop Inbox, the new window into the SecureDrop Workstation, has been rewritten from the ground up to replace the previous client application for existing journalist users. Improving upon the core functionality, it also includes bug fixes, speed improvements, and a range of new features. Read More
The new SecureDrop Inbox is coming
A new SecureDrop Inbox will be released in the next few weeks, the result of work begun by the team in July 2025 to redesign how journalists process submissions. SecureDrop Workstation users will receive it automatically during a system update. Read More
Help us test WEBCAT alpha
Web applications are only as trustworthy as the servers that serve them, and servers can get hacked. So, last year, we introduced WEBCAT (Web-Based Code Assurance and Transparency), a project designed to enable verifiable in-browser code for web applications. We wrote extensively about WEBCAT’s requirements, constraints, and goals.Today, we’re excited to announce the alpha release of WEBCAT. In particular, we invite community participation in a new, decentralized enrollment infrastructure. Read More
See you at Real World Crypto Symposium
We’ll be presenting on establishing trust in web applications and on the next generation of SecureDrop. Hope to see you in Taipei! Read More
Looking back at 2025
Journalists are working harder than ever to protect their sources. SecureDrop has never been more important Read More
WEBCAT: Towards auditable web application runtimes
In this blog post, we examine the technical requirements for web applications to be properly auditable, arguing that reproducibility is a necessary condition. Enforcing the constraints needed to achieve this on the web is non-trivial, and we present a technical deep dive into how we approach this problem in WEBCAT. Read More