Tor at the Heart: SecureDrop
During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
SecureDrop is an open-source whistleblower submission system that media organizations can install to accept documents from anonymous sources. It was originally coded by the late Aaron Swartz, with assistance from Wired editor Kevin Poulsen and James Dolan. The project was previously called DeadDrop. Freedom of the Press Foundation took over management of the project in October 2013.
SecureDrop works by using two physical servers: a public-facing server that stores messages and documents, and a second server that performs security monitoring of the first. The code on the public-facing server is a Python web application that accepts messages and documents from the web and GPG-encrypts them for secure storage. This site is only made available as a Tor Hidden Service, which requires sources to use Tor, thus hiding their identity from both the SecureDrop server and many types of network attackers. Essentially, it’s a more secure alternative to the "contact us" form found on a typical news site. Every source who visits the site is given a unique "codename." The codename lets the source establish a relationship with the news organization without revealing his/her real identity or resorting to e-mail. They can enter the code name on a future visit to read any messages sent back from the journalist, or to submit additional documents and messages under the same persistent, but pseudonymous, identifier. The source is known by a different and unrelated code name on the journalist’s side. All of the source’s submissions, and replies to the source from journalists, are grouped together into a collection. Every time there’s a new submission by a source, their collection is bumped to the top of the submission queue.
The SecureDrop application does not record your IP address, information about your browser, computer, or operating system. Furthermore, the SecureDrop pages do not embed third-party content or deliver persistent cookies to your browser. The server will only store the date and time of the newest message sent from each source. Once you send a new message, the time and date of your previous message is automatically deleted. Journalists are also encouraged to regularly delete all information from the SecureDrop server and store anything they would like saved in offline storage to minimize risk.
Over three dozen media organizations are currently using SecureDrop, including:
- Espen Andersen
- Gawker Media
- Toronto Globe and Mail
- Greenpeace New Zealand
- The Guardian
- The Intercept
- Lucy Parsons Labs
- The New Yorker
- Project On Gov't Oversight (POGO)
- Barton Gellman
- The Washington Post
- VICE Media
- Wired's Kevin Poulsen
Thanks for this! I remember hearing about the old DeadDrop site, but I never knew what it was for or that it still existed. I'm glad the developers and site operators are here to provide a secure alternative to the terribly insecure email protocol.
If this has been around since Aaron Swartz, and it's used by the Guardian, then (if I have my dates and facts straight), why didn't Snowden use it and avoid the LavaBit fiasco?
> The SecureDrop application does not record your IP address...
Application? Is this referring to the .onion site accessed via Tor Browser, or does the end-user run the software on his or her computer for some reason?