securedrop

QubesOS, 9 days ago to random

Qubes OS 4.1 will receive extended security support until 2024-07-31. This security support extension is sponsored by @freedomofpress in support of the @securedrop project.

https://www.qubes-os.org/news/2024/05/10/qubes-os-4-1-to-receive-extended-support-until-2024-07-31/

securedrop, 11 days ago to opensource

SecureDrop Workstation 0.11.0 has been released for Qubes 4.1, updating system templates to use Fedora 39:

https://securedrop.org/news/securedrop_workstation_0_11_0_released/

This update will be applied for SecureDrop Workstation users automatically when they next start SecureDrop Client.

#SecureDrop
#Whistleblowing
#OpenSource

sarahjamielewis, 12 days ago to random

I'm somewhat perplexed by the new SecureDrop protocol - https://securedrop.org/news/introducing-securedrop-protocol/

Specifically: "The server is “untrusted” in the sense [it] learn[s] nothing about users & messages besides what is inherently observable from its pattern of requests, and it should not have access to sensitive metadata, or sender or receiver information"

Seems like a very weak definition of "untrusted", especially when two comparison techniques explicitly attempt to restrict knowledge derived from access patterns.

securedrop, 13 days ago to opensource

Today, we’re publishing a proposed end-to-end encrypted messaging protocol for a future version of SecureDrop. Seeking feedback from cryptographers and protocol designers!

https://securedrop.org/news/introducing-securedrop-protocol/

#SecureDrop
#Whistleblowing
#OpenSource

securedrop, 27 days ago to random

Today we posted an advisory describing a misconfiguration we found affecting some FPF-hosted servers, including those used to provide SecureDrop updates. It could not have been used to publish malicious updates, and we have seen no evidence of compromise:

https://securedrop.org/news/security-advisory-misconfigured-package-repository-servers-and-developer-infrastructure/

securedrop, 1 month ago to opensource

Our friends at GlobaLeaks are hiring - help improve open source whistleblower tools:
https://www.globaleaks.org/get-involved/work-with-us/

#opensource #FediHire #getfedihired

securedrop, 1 month ago to opensource

We're working on a novel cryptographic protocol for use in whistleblowing systems like SecureDrop - here's how and why:

https://securedrop.org/news/how-to-research-your-own-cryptography-and-survive/

#SecureDrop #Whistleblowing #OpenSource

securedrop, 2 months ago to qubesos

SecureDrop Client 0.10.0 is out, featuring improvements to the export process, including VeraCrypt support.

https://securedrop.org/news/securedrop-client-0_10_0-released/

Part of the SecureDrop Workstation project (currently in a closed-beta pilot phase), SecureDrop Client uses @QubesOS to help journalists safely communicate with sources. General availability is planned later this year!

#SecureDrop #SecureDropWorkstation #QubesOS

securedrop, 2 months ago to random

SecureDrop 2.8.0 has been released. This release is focused on Tails 6 (@tails) support for journalists and administrators:

https://securedrop.org/news/securedrop-2_8_0-released/

securedrop, 2 months ago to random

SecureDrop 2.8.0 is scheduled to be released on March 12. This release is focused on Tails 6 (@tails) support for journalists and administrators.

https://securedrop.org/news/securedrop-2_8_0-pre-release-announcement/

securedrop, 2 months ago to opensource

What are the key components of a secure whistleblowing system? We break them down in a new blog post: https://securedrop.org/news/anatomy-of-a-whistleblowing-system/

#SecureDrop #Whistleblowing #OpenSource

securedrop, 3 months ago to random

Roses are red
Violets are blue
SecureDrop helps whistleblowers leak safely
Thanks to people like you

Happy #ILoveFreeSoftwareDay! #ILoveFS

securedrop, 3 months ago to random

We've recently reorganized and consolidated SecureDrop Workstation's repos to make development easier and reduce maintenance overhead. Read more here: https://securedrop.org/news/consolidating-securedrop-workstations-git-repositories-to-make-development-easier/

securedrop, 6 months ago to random

If you missed this year's "State of the Drop" update at #AaronSwartzDay, you can watch it here:

https://youtu.be/U1-VoCguHKU?t=11141

Slides:

https://media.securedrop.org/media/documents/State_of_the_Drop_2023.pdf

securedrop, 6 months ago to random

Kevin now discussing potential next-gen cryptographic protocol for SecureDrop. Need to satisfy constraints specific to SecureDrop -- whistleblower side needs to be stateless; access via Tor Browser is preferred over dedicated app.

#AaronSwartzDay

securedrop, 6 months ago to random

Kevin O'Gorman now summarizing the architecture of the SecureDrop Workstation, which uses Qubes OS (@QubesOS) to enable journalists to safely decrypt and view submissions, without having to physically move files to an air-gapped machine.

This is accomplished through the VM-based compartmentalization provided by Qubes.

Pilot has been underway since 2020. Next year, we expect to move it from pilot to general availability.

#AaronSwartzDay

securedrop, 6 months ago to rust

Big changes shipped this year include the migration from GnuPG (@GnuPG) to Sequoia (@sequoiapgp) for encryption.

Sequoia is an OpenPGP library written in #Rust (@rust). We blogged about the motivations behind the migration here:

https://securedrop.org/news/migrating-securedrops-pgp-backend-from-gnupg-to-sequoia/

#AaronSwartzDay

securedrop, 6 months ago (edited 6 months ago) to random

The more than 70 orgs using SecureDrop range in size from large media orgs like The Guardian, to specialized orgs like Whistleblower Aid or the Organized Crime and Corruption Reporting Project (@OCCRP).

#AaronSwartzDay

securedrop, 6 months ago to random

@LisaRein is taking a moment to honor Pentagon Papers whistleblower Daniel Ellsberg, who died earlier this year.

In the 1970s, Dan had to skillfully leak information about the Vietnam War to multiple newspapers. No system like SecureDrop existed, of course. He said to Lisa that if he were to leak the Pentagon Papers today, he would have done it through SecureDrop.

#AaronSwartzDay

securedrop, 6 months ago to random

This year's "State of the Drop" is now streaming live at #AaronSwartzDay, here:

https://www.youtube.com/watch?v=U1-VoCguHKU

securedrop, 6 months ago to random

@pluralistic is now speaking at #AaronSwartzDay about antitrust and interoperability.

Streaming live here:
https://www.youtube.com/watch?v=U1-VoCguHKU

securedrop, 6 months ago to random

This year's "State of the Drop" presentation about the year (and decade) in SecureDrop will be streamed live at #AaronSwartzDay today, starting at 1:30 PM pacific time (9:30 PM UTC).

The event itself is starting right now, here:

https://www.youtube.com/watch?v=U1-VoCguHKU