Today we’re making public on GitHub the code that powers the SecureDrop.org website. SecureDrop has been open source since its inception. Starting today, its website is as well, under the same GNU Affero General Public License (AGPL). Read More

SecureDrop installations set up before version 0.12.0 (released on February 26, 2019) that have not been upgraded yet are using Ubuntu 14.04 LTS (Trusty) as the server operating system. On April 30 2019, Trusty will reach End of Life, and will no longer receive security updates. If you have not … Read More

How do whistleblowers find out about a news organization’s SecureDrop? The most common answer is a landing page, an ordinary web page hosted by the organization operating a SecureDrop. It explains how sources can download the Tor browser, and how they can safely connect to the onion address of the … Read More

On 30 April 2019, Ubuntu 14.04 LTS (Long Term Support) will reach End of Life. After this date, no new security updates to the base operating system will be provided. It is therefore of critical importance for the security of all SecureDrop instances to upgrade to the next version of … Read More

The SecureDrop team is currently working on an integrated SecureDrop Workstation that combines the previously separate Journalist Workstation and Secure Viewing Station into a single device, based on Qubes OS. This represents a potential major change to the SecureDrop architecture and threat model, which is why we have sought independent … Read More

Ordinarily, updates to the SecureDrop servers are performed automatically within 24 hours of a release. After the release of SecureDrop 0.11.0 on December 11, our monitoring service indicated that some SecureDrop instances were not updated as expected. Instances known to be impacted were set up before SecureDrop version 0.4 (released July 25, 2017). Read More

Photograph of Aaron Swartz by Sage Ross, Creative Commons Attribution/Share-Alike LicenseAaron Swartz was a brilliant computer scientist, a passionate digital rights activist, and a dear friend to many. He believed fiercely in freedom of speech and information, and dedicated his brief but full life to building the open web, defending … Read More

Update, October 25: The upstream issue causing the problem described in this advisory has been resolved. If you encounter this problem again during the installation, please let us know by filing a bug report. During a SecureDrop installation against servers with with UEFI boot mode enabled, the ./securedrop-admin install command … Read More