SecureDrop

From Wikipedia, the free encyclopedia
SecureDrop

Screenshot from the SecureDrop Source interface.
Original author(s) Aaron Swartz, Kevin Poulsen
Developer(s) Freedom of the Press Foundation
Stable release 0.2.1 / 9 January 2014 (2014-01-09)
Development status Active
Written in Python
Operating system Linux, Tails OS
Type Secure communication
License GNU General Public License
Website pressfreedomfoundation.org/securedrop

SecureDrop is an open-source software platform for secure communication between journalists and sources. It was originally designed and developed by Aaron Swartz and Kevin Poulsen under the name DeadDrop.[1][2]

After Aaron Swartz's death, the first instance of the platform was launched under the name Strongbox by staff at The New Yorker on 15 May 2013.[3] The Freedom of the Press Foundation took over development of DeadDrop under the name SecureDrop, and an additional instance of the platform was launched by Forbes in October 2013 under the name SafeSource.[4]

Security

SecureDrop uses the anonymity network, Tor, to facilitate communication between whistleblowers, journalists, and news organizations. SecureDrop sites are therefore only accessible as hidden services in the Tor network. After a user visits a SecureDrop website, they are given a randomly generated code name.[3] This code name is used to send information to a particular author or editor via uploading. Investigative journalists can contact the whistleblower via SecureDrop messaging. Therefore, the whistleblower must take note of their random code name.[1]

The system utilizes private, segregated servers that are in the possession of the news organization. Journalists use two USB flash drives and two laptop computers to access SecureDrop data.[1][3] The first laptop accesses SecureDrop via the Tor network, the journalist uses the first jump drive to download encrypted data from the Internet. The second laptop does not connect to the Internet, and is wiped during each reboot.[1][3] The second jump drive contains a decryption code. The first and second jump drives are inserted in to the second laptop, and the material becomes available to the journalist. The laptop is shut down after each use.[1]

The news organization does not record any information regarding the uploader i.e. IP address, or information about the physical computer used. The browser does not enable cookies or allow third party embedding. Anonymity is not guaranteed, but the creators claim that the system is safer than electronic mail.[2]

Prominent organizations using SecureDrop

Name of organization Implementation date Web location
The New Yorker[1] 2013-May-15 http://www.newyorker.com/strongbox/
Forbes[5][6][7] 2013-October-29 https://safesource.forbes.com/
Bivol[8] 2013-October-30 https://www.balkanleaks.eu/
The Global Mail[9] 2014-January-11 https://sources.theglobalmail.org/
ProPublica[10][11] 2014-January-27 https://securedrop.propublica.org/

See also

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 Kassner, Michael (20 May 2013). "Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works". TechRepublic. Retrieved 20 May 2013. 
  2. 2.0 2.1 Paulsen, Kevin (15 May 2013). "Strongbox and Aaron Swartz". The New Yorker. Retrieved 17 June 2013. 
  3. 3.0 3.1 3.2 3.3 Davidson, Amy (15 May 2013). "Introducing Strongbox". The New Yorker. Retrieved 20 May 2013. 
  4. Greenberg, Andy (29 October 2013). "Introducing SafeSource, A New Way To Send Forbes Anonymous Tips And Documents". Forbes. Retrieved 27 December 2013. 
  5. Kirchner, Lauren. "When sources remain anonymous". Columbia Journalism Review. Retrieved 28 January 2014. 
  6. Timm, Trevor. "Forbes Launches First Updated Version of SecureDrop Called SafeSource". Freedom of the Press Foundation. Retrieved 28 January 2014. 
  7. Greenberg, Andy. "Introducing SafeSource, A New Way To Send Forbes Anonymous Tips And Documents". Forbes. Retrieved 28 January 2014. 
  8. Chavkin, Sasha. "Initiatives seek to protect anonymity of leakers". The International Consortium of Investigative Journalists. Retrieved 28 January 2014. 
  9. Martin, Lauren. "Introducing the TGM SecureDrop Vault". The Global Mail. Retrieved 28 January 2014. 
  10. Tigas, Mike. "How to Send Us Files More Securely". ProPublica. Retrieved 28 January 2014. 
  11. Timm, Trevor. "ProPublica Launches New Version of SecureDrop". The Freedom of the Press Foundation. Retrieved 28 January 2014. 

External links

This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.