Today, we’re announcing the latest major release of SecureDrop, our open-source whistleblower submission system. SecureDrop 0.3 uses the same basic architecture found in 0.2, but contains numerous improvements focused on better usability for both journalists and sources, a radically simplified installation process, and an auto-updating procedure that allows us to deliver important fixes to all SecureDrop installations in a timely manner.
On Wednesday morning, the Tor Project published a security advisory detailing an attack against the Tor network that appears to have been trying to deanonymize users. SecureDrop, our open-source whistleblower submission system, is heavily reliant on Tor and uses the anonymity network to facilitate communication between whistleblowers, journalists, and news organizations.
On Wednesday afternoon, vulnerability and exploit research firm Exodus Intelligence disclosed a security vulnerability that would allow an attacker to deanonymize a user of Tails, the operating system that many journalists rely on to communicate securely with sources and that we have written about before.
Update: The Tor Project has released a new version of the Tor Browser Bundle, 3.5.4. This further mitigates client-side vectors, and we recommend users (both sources and journalists) upgrade to the latest version for a stronger security assurance.
Today, we're publishing the second security audit of SecureDrop, our open-source whistleblower submission system. Since we took over managing the project in October, we have made so many upgrades to the code (based on the first security audit done by University of Washington researchers and Bruce Schneier), that we felt it was necessary to put it through another round of testing.
October 15, 2013 San Francisco, CA: Freedom of the Press Foundation has taken charge of the DeadDrop project, an open-source whistleblower submission system originally coded by the late transparency advocate Aaron Swartz. In the coming months, the Foundation will also provide on-site installation and technical support to news organizations that wish to run the system, which has been renamed “SecureDrop.”