SecureDrop is an open-source whistleblower submission system that newsrooms
and NGOs can use to securely accept documents and messages from anonymous
sources. SecureDrop is used at over 65 media organizations worldwide,
including The New York Times, The Washington Post, The Guardian, The
Intercept, ProPublica, and the Australian Broadcasting Corporation.
It was originally created by the late Aaron Swartz and is now developed and
maintained by Freedom of the Press Foundation.A 2014 study showed that 20 of
the top 25 news organization had, at one time or another, been targeted by
state sponsored hackers. Because of this threat, SecureDrop employs an air-gap
architecture using Tails OS-based viewing stations to mitigate against the
risk of malware or compromise.
Freedom of the Press Foundation is also working on a next-generation version of SecureDrop based on Qubes
OS. This project, called the SecureDrop Workstation, employs security features
of Qubes to eliminate the physical airgap architecture, instead employing
component isolation to allow journalists to access, decrypt, and view
submissions all on one physical machine, while preserving the network
isolation and secure key management essential to SecureDrop’s security model.
GitHub repository for the SecureDrop whistleblower platform: https://github.com/freedomofpress/securedrop
Qubes-based SecureDrop Journalist Workstation environment for submission handling: https://github.com/freedomofpress/securedrop-workstation
Replated language and technologies: Linux, Python, Ansible, Salt,
Qubes, Debian, Tor