Tor at the Heart: SecureDrop

by ssteele | December 6, 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!


SecureDrop is an open-source whistleblower submission system that media organizations can install to accept documents from anonymous sources. It was originally coded by the late Aaron Swartz, with assistance from Wired editor Kevin Poulsen and James Dolan. The project was previously called DeadDrop. Freedom of the Press Foundation took over management of the project in October 2013. 

SecureDrop works by using two physical servers: a public-facing server that stores messages and documents, and a second server that performs security monitoring of the first. The code on the public-facing server is a Python web application that accepts messages and documents from the web and GPG-encrypts them for secure storage. This site is only made available as a Tor Hidden Service, which requires sources to use Tor, thus hiding their identity from both the SecureDrop server and many types of network attackers. Essentially, it’s a more secure alternative to the "contact us" form found on a typical news site. Every source who visits the site is given a unique "codename." The codename lets the source establish a relationship with the news organization without revealing his/her real identity or resorting to e-mail. They can enter the code name on a future visit to read any messages sent back from the journalist, or to submit additional documents and messages under the same persistent, but pseudonymous, identifier. The source is known by a different and unrelated code name on the journalist’s side. All of the source’s submissions, and replies to the source from journalists, are grouped together into a collection. Every time there’s a new submission by a source, their collection is bumped to the top of the submission queue. 

The SecureDrop application does not record your IP address, information about your browser, computer, or operating system. Furthermore, the SecureDrop pages do not embed third-party content or deliver persistent cookies to your browser. The server will only store the date and time of the newest message sent from each source. Once you send a new message, the time and date of your previous message is automatically deleted. Journalists are also encouraged to regularly delete all information from the SecureDrop server and store anything they would like saved in offline storage to minimize risk.

Over three dozen media organizations are currently using SecureDrop, including:


Please note that the comment area below has been archived.

December 07, 2016


The other advantage of running a hidden service for SecureDrop is that if a potential whistelblower messes up the configuration (for whatever reason), they wont be able to connect to SecureDrop, since it only works with Tor. That's also how Wikileaks operate.

December 07, 2016


Thanks for this! I remember hearing about the old DeadDrop site, but I never knew what it was for or that it still existed. I'm glad the developers and site operators are here to provide a secure alternative to the terribly insecure email protocol.

If this has been around since Aaron Swartz, and it's used by the Guardian, then (if I have my dates and facts straight), why didn't Snowden use it and avoid the LavaBit fiasco?

> The SecureDrop application does not record your IP address...
Application? Is this referring to the .onion site accessed via Tor Browser, or does the end-user run the software on his or her computer for some reason?

December 08, 2016


GitHub changed their site to require JavaScript to download source a while back. Goes against security guidelines for those downloading SecureDrop over Tor.

December 08, 2016


Thanks to the Tor Project for helping build the necessary tools to protect whistleblowers, the world is a darker place without you!

December 09, 2016


They "Traffic shape" traffic by being in control of websites to require certain aspects to load, it is similar as to them banning Tor over Cloud Hosting.

December 12, 2016


> It was originally coded by the late Aaron Swartz, with assistance from Wired editor Kevin Poulsen and James Dolan.

Tragically, we cannot thank Aaron Swartz, but I want to thank Kevin Poulsen and James Dolan for their work on this invaluable journalism tool, and I hope its development will continue, ideally informed by an indepedent security audit.


December 13, 2016


Where is boom berg Business and fox business / the fortune / Forbes

news? Financial times new? Reuters stock exchange new are they

broadcast those news where Fake and unreliable?