Cross posted from the Freedom of the Press Foundation blog.It was with an extremely heavy heart that we recently learned our friend and former colleague James Dolan—one of the co-creators of SecureDrop and Freedom of the Press Foundation’s first full time employee—took his own life over the holidays. He was … Read More

Come work on SecureDrop at the Electronic Frontier Foundation at 815 Eddy St in San Francisco on Thursday December 7th at 6-9pm!SecureDrop is a whistleblower submission system that media organizations use to securely accept documents from and communicate with anonymous sources. Originally written by Aaron Swartz, it has been maintained … Read More

The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior. Read More

Today the Tow Center for Digital Journalism at Columbia Journalism School has published a first-of-its-kind study on how newsrooms are using SecureDrop, our open-source whistleblower submission system that is now in-use at over thirty news organizations worldwide. Read More

In July, we announced the release of SecureDrop 0.3.4 and published the accompanying security audit by iSEC partners (now NCC Group). The audit found 10 issues, one of which – issue 7, Finding ID iSEC-15FTC-4 – was redacted. It was redacted because it was not an issue in SecureDrop itself, but in one of its dependencies. At the time, NCC Group and Freedom of the Press Foundation agreed that NCC Group should responsibly disclose the issue to the affected project's team, and that we would wait until the project team had had time to develop a fix before publicizing the issue. Read More

Today, we're publishing the second security audit of SecureDrop, our open-source whistleblower submission system. Since we took over managing the project in October, we have made so many upgrades to the code (based on the first security audit done by University of Washington researchers and Bruce Schneier), that we felt it was necessary to put it through another round of testing. Read More

Freedom of the Press Foundation has taken charge of the DeadDrop project, an open-source whistleblower submission system originally coded by the late transparency advocate Aaron Swartz. In the coming months, the Foundation will also provide on-site installation and technical support to news organizations that wish to run the system, which has been renamed “SecureDrop.” Read More