This version includes an improved installation experience by allowing users to import credentials during setup, and updates the base Fedora template.| SecureDrop
We have released SecureDrop Workstation 1.2.1. This release applies a preemptive fix to SecureDrop Workstation so that future updates will not result in a broken fedora-41-xfce template. Details On July 10, a Qubes update was released that caused some Fedora 41 templates to no longer boot correctly, as discussed in a Qubes forum thread. On July 14, we learned about the issue and prepared this release with a work-around. The underlying issue is being tracked by the Qubes Team. Due to this upst...| SecureDrop: News
This version disables upgrades from Ubuntu Focal to Noble and updates Tor Browser safety-level guidance in the Source Interface| SecureDrop
SecureDrop serves as a tips entry point for news organizations, often with a small set of journalists reviewing incoming submissions and distributing them to the rest of the newsroom. The next-generation SecureDrop Workstation supports conveniently exporting submissions to encrypted USB drives and USB-connected printers. But printing carries a bad legacy of never simply working, no matter the operating system. This was very much the case on the SecureDrop Workstation, which is why the SecureD...| SecureDrop: News
SecureDrop Client 0.16.0 has been released! Along with regular dependency updates, this version updates the user interface to include more detailed timestamps of latest source activity, and to use a single typeface across the application.| SecureDrop
Ubuntu 20.04 (Focal) has reached end of life. Any SecureDrop installations that have not upgraded to Ubuntu Server 24.04 (Noble) will automatically take their Source Interfaces offline.| SecureDrop
We are proud to announce that SecureDrop Workstation 1.2.0 and SecureDrop Client 0.15.0 have both been released. This release comes with two major improvements: better printing support and download progress bars. A better printing experience SecureDrop Workstation now uses the Internet Printing Protocol, better known as AirPrint, over USB, allowing for a large selection of modern printers. No joke, thousands of printers are now compatible; however, we recommend trying to find one with no wire...| SecureDrop: News
Ubuntu 20.04 (Focal) will reach end of life on May 31, and is now deprecated for use with SecureDrop Application and Monitor Servers. All new SecureDrop installations should use Ubuntu Server 24.04 (Noble). All current SecureDrop servers should have already received an update triggering the automated upgrade to Ubuntu Noble. The SecureDrop team is continuing to monitor the status of instances known to us and will try to reach out if we notice any problems. If your SecureDrop system did not up...| SecureDrop: News
We are currently in the process of having SecureDrop servers automatically upgrade to Ubuntu 24.04 (Noble), using the procedure that we originally described in this blog post. We will update this blog post throughout the upgrade cycle for up-to-date information. Current status SecureDrop 2.12.4, released on April 30, enables upgrades for 60% of Application Servers. What administrators need to do Administrators should review our Noble Upgrade Guide, and reach out to us using the methods below ...| SecureDrop: News
We’re pleased to announce that SecureDrop 2.12.3 has been released. After an initial set of successful fully automated upgrades to Ubuntu 24.04 (Noble) with 2.12.2, we are now enabling the next batch of automated upgrades. In practice, this will result in approximately 40% of Application Servers being upgraded. To learn more about this process, or if you receive pre-upgrade error notifications from OSSEC, please review our Noble upgrade guide. Please note that this release also addresses an...| SecureDrop: News
We’re pleased to announce that SecureDrop 2.12.2 has been released. Following a successful period of semiautomated migrations to Ubuntu Noble, we are beginning the first phase of automated upgrades. Approximately 20% of Application Servers will be automatically upgraded. To learn more about this process, or if you receive pre-upgrade error notifications from OSSEC, please review our Noble upgrade guide. If you experience issues with your upgrade or have any questions, please contact support...| SecureDrop: News
SecureDrop Workstation 1.1.2 has been released! This version removes the “sd-retain-logvm” that was created for forensic analysis purposes in response to a vulnerability disclosed in February.| SecureDrop
SecureDrop 2.12.1 has been released. This is an Admin Workstation-only release, which improves the reliability of the semiautomated Ubuntu Noble upgrade when using SSH-over-Tor.| SecureDrop
We’re pleased to announce that SecureDrop 2.12.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found in the changelog on GitHub. This release adds support for Ubuntu Noble, including a semiautomated upgrade process. Administrators may opt to upgrade at their own convenience before April 15, 2025, or may wait for our automated upgrade process, which will begin taking effect after that date...| SecureDrop: News
SecureDrop team member Kunal Mehta demo’d the SecureDrop Workstation at RightsCon 2025 on Feb. 25. You can watch a recording of the talk; the slides are also available.| SecureDrop
In this post, we introduce Web-based Code Assurance and Transparency, a project that supports verifiable in-browser code for single-page browser applications. Along with this post, we are publishing the WEBCAT project repository; follow-up posts will provide more detailed information.| SecureDrop
SecureDrop 2.12.0 is scheduled to be released on March 18, 2025. We will send out another notification through this blog, Mastodon, X, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub. Ubuntu 24.04 (Noble) migration This release will add support for Ubuntu 24.04 (Noble). All SecureDrops must be upgraded from Ubuntu 20.04 (Focal) to Noble, by the Fo...| SecureDrop: News
Over the next two months, all SecureDrops will see their underlying Ubuntu operating system upgraded from version 20.04 (code-named “Focal”) to 24.04 (“Noble”). This is the first time we’ve performed an in-place upgrade. This blog post explains the technical background and process that led to this. Key information regarding the upgrade for SecureDrop administrators and journalists will be made available in our documentation. Background Since its first version, SecureDrop has run on ...| SecureDrop: News
SecureDrop Workstation 1.1.1 has been released! This version adds support for Fedora 41-based system VMs and allows for more robust provisioning and updating.| SecureDrop
Over the past month, we’ve seen significant interest in newsrooms setting up SecureDrop. Our open source whistleblower submission system is already used around the globe by large media organizations, small nonprofit newsrooms, and everything in between. We’re excited to see more adoption of SecureDrop. Here are five things you should know before getting started: SecureDrop protects sources and journalists SecureDrop aims to protect both the person providing the information and the reporte...| SecureDrop: News
Browser-based cryptography has struggled with a longstanding chicken-and-egg problem that predates many features of the modern web, and while some of those features have reduced the problem’s severity, the issue remains: What is the basis for trusting the code that performs browser-based encryption?| SecureDrop
This blog post is a part of a series about our research toward the next generation of the SecureDrop whistleblowing …| SecureDrop
We’re pleased to announce that SecureDrop Client 0.10.0, part of the SecureDrop Workstation, has been released. Changes that pilot participants …| SecureDrop
The SecureDrop team details the goals for a redesign of the platform’s server architecture and discusses the design constraints of a whistleblowing system.| SecureDrop