We are pleased to announce the release of SecureDrop 1.0.0. Changes that sources, journalists, and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.

For all users

• UI update: SecureDrop 1.0.0 includes significant updates to SecureDrop’s web-based Source Interface and Journalist/Admin Interface. This includes a cleaned up index page in the Source Interface, a new logo and color palette, and tweaks to positioning, ordering, and spacing throughout. (Issues: 1, 2, 3, 4, 5, 6, 7, Pull Requests: 1, 2, 3, 4)

The new look and feel of the Source Interface in SecureDrop 1.0.0. We recommend customizing the logo, as shown in this screenshot.

For journalists

• Bugfix: The “Select unread” button in the Journalist Interface now correctly selects unread submissions, instead of selecting all submissions. (Issue, Pull Request)

For administrators

• New feature: This release adds support for enabling v3 onion services for the Source Interface, the Journalist Interface, and SSH access. v3 services provide additional security/anonymity benefits and are recognizable by their 56 character address (e.g., kldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion). They can be enabled alongside or instead of v2 services. We recommend transitioning your SecureDrop to v3 in the near future; see below for more information. (Issues: 1, 2, 3, 4, 5, 6, Pull Requests: 1, 2, 3, 4, 5, 6)

• Bugfix / behavior change: This release resolves a number of longstanding issues with deleting encrypted submissions from the server effectively and securely (Issues: 1, 2, 3; Pull Requests: 1, 2):

• As part of the update, SecureDrop deletes “orphaned submissions”: messages or documents that have an entry in the database, but no corresponding source. This resolves a bug that may impact some long-running SecureDrop instances that have operated since before SecureDrop 0.4 (released in July 2017) without a full reinstall.
• Encrypted submission stored on the server are now deleted using the GNU shred utility instead of srm, with a much smaller number of overwrite operations. The previous behavior had very limited security benefits and caused deletion operations to sometimes take several hours.
• If a deletion operation is interrupted by a crash or reboot, SecureDrop now detects the incomplete operation, and re-enqueues it.
• SecureDrop now performs a nightly check for submissions which have a copy on the filesystem but no corresponding record in the database, or vice versa. If this check finds a problem, you will be notified via an OSSEC alert, and you will be able to use a maintenance tool to prune data that may not have been properly deleted.

• Security: When an administrator changes the password of a Journalist Interface user, the user is now logged out of any existing sessions until they re-authenticate. (Issue, Pull Request)

• Python update: This release transitions the SecureDrop application code and all its dependencies to run under Python 3. This is part of a full transition of SecureDrop to Python 3 before the end-of-life date for Python 2 (January 1, 2020). (Issue, Pull Request)

• Dependency update: This release switches SecureDrop to the 0.4.x stable release series of Tor. (Issue, Pull Request)

• Documentation update: This release includes many updates to the documentation, including clearer guidance for transferring files from the Secure Viewing Station to a journalist’s everyday workstation, and instructions for upgrading the Secure Viewing Station.

What administrators need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.0.0 automatically within 24 hours of the release.

As with previous releases, we recommend that you update your Tails workstations to the latest version of Tails and the latest version of SecureDrop; please see our instructions.

If the version of SecureDrop on your workstation is older than 0.14.0, we recommend updating the SecureDrop code manually instead of using the provided graphical updater. See the instructions for details.

v3 support

SecureDrop 1.0.0 is the first release to include support for v3 onion services, recognizable by their longer, 56 character addresses.

Because of the stronger cryptography of v3 services and other improvements, we recommend enabling v3 onion services for your SecureDrop in the near future. Once you enable v3, your SecureDrop will have a new .onion address you can advertise on your landing page.

You will be able to remain on v2, switch to v3, or run v2/v3 alongside each other. Please see our v3 documentation for details.

Logo and UI refresh

SecureDrop 1.0.0 includes a logo and design refresh, with the goal to give the project a more consistent and modern appearance that builds trust and credibility. The changes are largely cosmetic (updates to the color palette, spacing, etc.). Users familiar with the old design should have no difficulty navigating the new one.

If you're currently using the SecureDrop logo or SecureDrop screenshots in your landing page or other materials, we encourage you to update them. Please review the SecureDrop 1.0.0 brand guidelines (PDF), which include design assets you can use to plan a logo update as soon as possible.

If you need help updating screenshots, please don't hesitate to reach out.

Acknowledgments

This release was made possible thanks to volunteer code, design and documentation contributions by Corbin Souffrant, deeplow, Elana Hashman, Nina Alter, and Vinicius Zavam.

The translations for all supported languages were updated thanks to the work of many volunteers:

• Arabic: Thalia Rahme
• Catalan: Benet (BennyBeat) R. i Camps, John Smith
• Chinese: Chi-Hsun Tsai
• Dutch: Pander, Thom, kwadronaut
• French: AO
• German: Ettore Atalan, Robin Schubert
• Greek: Dimitris Maroulidis
• Hindi: AbhayKaushik, Chandan Kumar (raukadah), Drashti
• Icelandic: Oktavia, Sveinn í Felli
• Italian: Beatrice Martini, Claudio Arseni, Giandomenico Lombardi
• Norwegian: Allan Nordhøy, Øyvind Bye Skille
• Portuguese (Brazil): communiaa
• Russian: Adham Kurbanov
• Spanish: Adolfo Jayme-Barrientos, carlos
• Swedish: Jonas Franzén
• Turkish: Kaya Zeren, tekrei

Thanks to the Localization Lab for supporting this effort, and to Allan Nordhøy for cross-language cleanup. John Hensley was the Localization Manager for this release, and Jen Helsby was the Deputy Localization Manager.

Questions and comments

If you have questions or comments regarding this release, please don't hesitate to reach out:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
• Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
• Via our community forums.

We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!