We have a new job opening that works closely with the SecureDrop team.
We're looking for a Newsroom Services Coordinator - a person who will be the first point of contact for our services to news orgs, including SecureDrop support.
This is not primarily a technical role -- we're especially looking for folks w/ partnerships, project management & administrative experience.
If you're looking for full-time, mission-oriented nonprofit work, check it out:
SecureDrop 2.0.1 has been released. This is a maintenance release that updates dependencies and signs the release tag with our updated signing key. Servers running Ubuntu 20.04 will be automatically upgraded within 24 hours.
You can support our work by donating to Freedom of the Press Foundation:
We're also hiring! We’re currently looking for a Senior Security Engineer and are expecting to post additional positions later this year:
Today, there are more than 70 news organizations, non-profits, and other groups who are using SecureDrop to keep sources safe. Many of them can be found in our directory:
Thank you to Aaron and all the contributors who have worked on the project over the years: on code, documentation, design, translation, research, testing, and so much more. SecureDrop is an open source project, and we welcome your contributions:
Last year, we began piloting the next generation of SecureDrop, enabling journalists to use Qubes OS to communicate with sources more quickly and intuitively:
SecureDrop 1.0.0 was released in September 2019, adding support for v3 Tor onion services. It marked a major milestone for the growing maturity of the project:
The Guardian’s Head of Investigations recently said: “SecureDrop is absolutely indispensable. I do feel quite strongly about this...SecureDrop has become such an integral part of the way we work now, on a daily, sometimes hourly basis.”
In October 2013, Freedom of the Press Foundation took on stewardship of the project:
In 2014, the Washington Post and the Guardian both launched SecureDrop instances on the first anniversary of the Ed Snowden revelations, leading many more news outlets to follow suit.
In 2011-2012, Aaron along with Kevin Poulsen and the late James Dolan, created the initial version of SecureDrop, which was then called DeadDrop.
In 2013, the very first instance was launched at @NewYorker, codenamed StrongBox:
Reminder: We encourage you to use the graphical updater to update your Journalist and Admin Workstations to SecureDrop 2.0.0 today or tomorrow, to avoid a manual update.
Please see our documentation:
After nearly 5 years in use, we are rotating the SecureDrop release key. Read more about this transition, and how to verify the new key:
A reminder: if you have not migrated to Ubuntu 20.04, your SecureDrop has been disabled for security reasons. Please contact us for reinstallation support.
SecureDrop 2.0.0 has been released. This release removes all Ubuntu 16.04 and v2 onion services support from the codebase, and includes many other improvements.
All instances running Ubuntu 20.04 will receive this update automatically.
To avoid a manual upgrade, we encourage you to update your Tails workstations before June 29. An additional step will be required to update Tails itself; please see our documentation:
Update: To allow for additional testing, we have rescheduled the release of SecureDrop 2.0.0 to tomorrow, June 23.
The release of the next version of SecureDrop is scheduled for June 22, 2021. This release removes all Ubuntu 16.04 and v2 onion services support from the codebase, and includes many other improvements:
If you have not migrated to Ubuntu 20.04, you will not receive this update: your SecureDrop has been disabled for security reasons. Please contact us for reinstallation support.
The SecureDrop team is still hiring. We're looking for a full-time Senior Security Engineer. Work from anywhere:
We're looking for a Senior Security Engineer to join the SecureDrop team at Freedom of the Press Foundation!
The team is fully distributed, and this position is open to applicants from around the world.
Read more about the position here:
Boosts very much appreciated! ❤️
We encourage researchers to report security vulnerabilities through our bug bounty programme or through encrypted email. More information is available at:
We have issued a security advisory for a low-severity vulnerability in the journalist web application (fixed in SecureDrop 1.8.2).
We would like to thank the Tenable team for their responsible disclosure. You can find more information at:
Official fediverse account for the SecureDrop project
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.