# SecureDrop

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/SecureDrop
> Markdown URL: https://mediated.wiki/source/SecureDrop.md
> Source: https://en.wikipedia.org/wiki/SecureDrop
> Source revision: 1345720824
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Free software platform

SecureDrop Screenshot from the SecureDrop Source interface. Original authors James Dolan Kevin Poulsen Aaron Swartz Developer Freedom of the Press Foundation Release 15 October 2013; 12 years ago (2013-10-15) Stable release 2.16.0[1] (24 June 2026; 2 days ago (24 June 2026)) Written in Python Operating system Linux Type Secure communication License GNU Affero General Public License, version 3 Website securedrop.org sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion (Accessing link help) Repository github.com/freedomofpress/securedrop

**SecureDrop** is a [free software](/source/Free_software) platform for [secure communication](/source/Secure_communication) between [journalists](/source/Journalist) and [sources](/source/Source_(journalism)) ([whistleblowers](/source/Whistleblower)).[2] It was originally designed and developed by [Aaron Swartz](/source/Aaron_Swartz) and [Kevin Poulsen](/source/Kevin_Poulsen) under the name *[DeadDrop](/source/Dead_drop)*.[3][4] [James Dolan](/source/James_Dolan_(computer_security_expert)) also co-created the software.[5]

## History

After Aaron Swartz's death, the first instance of the platform was launched under the name *Strongbox* by staff at *[The New Yorker](/source/The_New_Yorker)* on 15 May 2013.[6] The [Freedom of the Press Foundation](/source/Freedom_of_the_Press_Foundation) took over development of DeadDrop under the name *SecureDrop*, and has since assisted with its installation at several news organizations, including [ProPublica](/source/ProPublica), *[The Guardian](/source/The_Guardian)*, *[The Intercept](/source/The_Intercept)*, and *[The Washington Post](/source/The_Washington_Post)*.[7][8][9]

## Security

SecureDrop uses the anonymity network [Tor](/source/Tor_(anonymity_network)) to facilitate communication between [whistleblowers](/source/Whistleblowers), journalists, and news organizations. SecureDrop sites are therefore only accessible as [onion services](/source/Tor_(anonymity_network)#Onion_services) in the Tor network. After a user visits a SecureDrop website, they are given a randomly generated code name.[6] This code name is used to send information to a particular author or editor via uploading. [Investigative journalists](/source/Investigative_journalist) can contact the whistleblower via SecureDrop messaging. Therefore, the whistleblower must take note of their random code name.[3]

The system utilizes private, segregated [servers](/source/Server_(computing)) that are in the possession of the news organization. Journalists use two [USB flash drives](/source/USB_flash_drive) and two personal computers to access SecureDrop data.[3][6] The first personal computer accesses SecureDrop via the Tor network, and the journalist uses the first flash drive to download [encrypted](/source/Encrypted) data from the SecureDrop server. The second personal computer does not connect to the Internet, and is wiped during each reboot.[3][6] The second flash drive contains a [decryption](/source/Decryption) code. The first and second flash drives are inserted into the second personal computer, and the material becomes available to the journalist. The personal computer is shut down after each use.[3]

Freedom of the Press Foundation has stated it will have the SecureDrop code and security environment audited by an independent third party before every major version release and then publish the results.[10] The first audit was conducted by security researchers at the [University of Washington](/source/University_of_Washington) and [Bruce Schneier](/source/Bruce_Schneier).[11] The second audit was conducted by [Cure53](/source/Cure53), a German security firm.[10]

SecureDrop suggests sources disabling [JavaScript](/source/JavaScript) to protect anonymity.[12]

## Prominent organizations using SecureDrop

The Freedom of the Press Foundation now maintains an official directory of SecureDrop instances. This is a partial list of instances at prominent news organizations.[13]

Name of organization Implementation date The New Yorker[14][3] 15 May 2013 Forbes[14][15][16][17] 29 Oct 2013 Bivol[14][18] 30 Oct 2013 ProPublica[14][19][20] 27 Jan 2014 The Intercept[14][21] 10 Feb 2014 San Francisco Bay Guardian[14][22] 18 Feb 2014 The Washington Post[14][23] 5 Jun 2014 The Guardian[14][2] 6 Jun 2014 The Globe and Mail[14][24] 4 Mar 2015 Radio-Canada 20 Jan 2016 Canadian Broadcasting Corporation[14][25] 29 Jan 2016 Committee to Protect Journalists[26] 12 May 2016 Associated Press 18 Oct 2016 The New York Times[14][27] 15 Dec 2016 BuzzFeed News 21 Dec 2016 USA Today[14][28] 22 Feb 2017 Bloomberg News Unknown The Wall Street Journal Unknown Aftenposten Unknown Australian Broadcasting Corporation[29] 28 Nov 2019

## Awards

- 2016: [Free Software Foundation](/source/Free_Software_Foundation), Free Software Award, Award for Projects of Social Benefit[30]

## See also

- [Journalism portal](https://en.wikipedia.org/wiki/Portal:Journalism)

- [GlobaLeaks](/source/GlobaLeaks)

- [WikiLeaks](/source/WikiLeaks)

## References

1. **[^](#cite_ref-wikidata-ec8b577b0911a56f9373346a14c400ba5d7a62db-v20_1-0)** ["Release 2.16.0"](https://github.com/freedomofpress/securedrop/releases/tag/2.16.0). 24 June 2026. Retrieved 25 June 2026.

1. ^ [***a***](#cite_ref-Guardian-SecureDrop-2014_2-0) [***b***](#cite_ref-Guardian-SecureDrop-2014_2-1) Ball, James (5 Jun 2014). ["Guardian launches SecureDrop system for whistleblowers to share files"](https://www.theguardian.com/technology/2014/jun/05/guardian-launches-securedrop-whistleblowers-documents). *[The Guardian](/source/The_Guardian)*.

1. ^ [***a***](#cite_ref-kassner2013_3-0) [***b***](#cite_ref-kassner2013_3-1) [***c***](#cite_ref-kassner2013_3-2) [***d***](#cite_ref-kassner2013_3-3) [***e***](#cite_ref-kassner2013_3-4) [***f***](#cite_ref-kassner2013_3-5) Kassner, Michael (20 May 2013). ["Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works"](https://web.archive.org/web/20130729032429/http://www.techrepublic.com/blog/it-security/aaron-swartz-legacy-lives-on-with-new-yorkers-strongbox-how-it-works/). *[TechRepublic](/source/TechRepublic)*. Archived from [the original](https://www.techrepublic.com/blog/it-security/aaron-swartz-legacy-lives-on-with-new-yorkers-strongbox-how-it-works/) on 29 July 2013. Retrieved 20 May 2013.

1. **[^](#cite_ref-NewYorker-StrongboxAaronSwartz-2013_4-0)** Poulsen, Kevin (14 May 2013). ["Strongbox and Aaron Swartz"](https://www.newyorker.com/news/news-desk/strongbox-and-aaron-swartz). *[The New Yorker](/source/The_New_Yorker)*.

1. **[^](#cite_ref-FreedomPressFdn-Dolan-Obit-2018_5-0)** Timm, Trevor (9 January 2018). ["A tribute to James Dolan, co-creator of SecureDrop, who has tragically passed away at age 36"](https://freedom.press/news/tribute-james-dolan-co-creator-securedrop-who-has-tragically-passed-away-age-36/). *[Freedom of the Press Foundation](/source/Freedom_of_the_Press_Foundation)*.

1. ^ [***a***](#cite_ref-davidson2013_6-0) [***b***](#cite_ref-davidson2013_6-1) [***c***](#cite_ref-davidson2013_6-2) [***d***](#cite_ref-davidson2013_6-3) [Davidson, Amy](/source/Amy_Davidson_(author)) (15 May 2013). ["Introducing Strongbox"](http://www.newyorker.com/online/blogs/closeread/2013/05/introducing-strongbox-anonymous-document-sharing-tool.html). *[The New Yorker](/source/The_New_Yorker)*. Retrieved 20 May 2013.

1. **[^](#cite_ref-strongbox_7-0)** ["Strongbox"](https://web.archive.org/web/20170413164430/https://projects.newyorker.com/strongbox/). *The New Yorker*. Archived from [the original](https://projects.newyorker.com/strongbox/) on 13 April 2017. Retrieved 15 November 2013.

1. **[^](#cite_ref-luxembourg_8-0)** Biryukov, Alex; Pustogarov, Ivan; Thill, Fabrice; Weinmann, Ralf-Philipp (2013). "Content and popularity analysis of Tor hidden services". [arXiv](/source/ArXiv_(identifier)):[1308.6768](https://arxiv.org/abs/1308.6768) [[cs.CR](https://arxiv.org/archive/cs.CR)].

1. **[^](#cite_ref-davidson_9-0)** Davidson, Amy (15 May 2013). ["Introducing Strongbox"](http://www.newyorker.com/online/blogs/closeread/2013/05/introducing-strongbox-anonymous-document-sharing-tool.html). *The New Yorker*. Retrieved 26 December 2013.

1. ^ [***a***](#cite_ref-second-audit_10-0) [***b***](#cite_ref-second-audit_10-1) Timm, Trevor (20 January 2014). ["SecureDrop Undergoes Second Security Audit"](https://pressfreedomfoundation.org/blog/2014/01/securedrop-undergoes-second-security-audit). Freedom of the Press Foundation. Retrieved 13 July 2014.

1. **[^](#cite_ref-11)** Czeskis, Alexei; Mah, David; Sandoval, Omar; Smith, Ian; Koscher, Karl; Appelbaum, Jacob; Kohno, Tadayoshi; Schneier, Bruce. ["DeadDrop/StrongBox Security Assessment"](http://www.czeskis.com/research/pubs/UW-CSE-13-08-02.PDF) (PDF). University of Washington Department of Computer Science and Engineering. Retrieved 13 July 2014.

1. **[^](#cite_ref-12)** [Source Guide](https://docs.securedrop.org/en/stable/source.html) SecureDrop

1. **[^](#cite_ref-TorBlog-SecureDrop-2016_13-0)** ssteele (6 December 2016). ["Tor at the Heart: SecureDrop"](https://blog.torproject.org/tor-heart-securedrop). *[Tor](/source/The_Tor_Project%2C_Inc) Blog*.

1. ^ [***a***](#cite_ref-SecureDrop_Directory_14-0) [***b***](#cite_ref-SecureDrop_Directory_14-1) [***c***](#cite_ref-SecureDrop_Directory_14-2) [***d***](#cite_ref-SecureDrop_Directory_14-3) [***e***](#cite_ref-SecureDrop_Directory_14-4) [***f***](#cite_ref-SecureDrop_Directory_14-5) [***g***](#cite_ref-SecureDrop_Directory_14-6) [***h***](#cite_ref-SecureDrop_Directory_14-7) [***i***](#cite_ref-SecureDrop_Directory_14-8) [***j***](#cite_ref-SecureDrop_Directory_14-9) [***k***](#cite_ref-SecureDrop_Directory_14-10) [***l***](#cite_ref-SecureDrop_Directory_14-11) ["The Official SecureDrop Directory"](https://securedrop.org/directory). Freedom of the Press Foundation. Retrieved January 29, 2017.

1. **[^](#cite_ref-15)** Kirchner, Lauren. ["When sources remain anonymous"](https://www.cjr.org/behind_the_news/securedrop_etc.php). Columbia Journalism Review. Retrieved 28 January 2014.

1. **[^](#cite_ref-16)** Timm, Trevor (29 October 2013). ["Forbes Launches First Updated Version of SecureDrop Called SafeSource"](https://pressfreedomfoundation.org/blog/2013/10/forbes-launches-first-updated-version-securedrop-called-safesource). Freedom of the Press Foundation. Retrieved 28 January 2014.

1. **[^](#cite_ref-17)** Greenberg, Andy. ["Introducing SafeSource, A New Way To Send Forbes Anonymous Tips And Documents"](https://www.forbes.com/sites/andygreenberg/2013/10/29/introducing-safesource-a-new-way-to-send-forbes-anonymous-tips-and-documents/). *Forbes*. Retrieved 28 January 2014.

1. **[^](#cite_ref-18)** Chavkin, Sasha (21 October 2013). ["Initiatives seek to protect anonymity of leakers"](http://www.icij.org/blog/2013/10/initiatives-seek-protect-anonymity-leakers). The International Consortium of Investigative Journalists. Retrieved 28 January 2014.

1. **[^](#cite_ref-19)** Tigas, Mike (27 January 2014). ["How to Send Us Files More Securely"](https://www.propublica.org/nerds/item/how-to-send-us-files-more-securely). ProPublica. Retrieved 28 January 2014.

1. **[^](#cite_ref-20)** Timm, Trevor (27 January 2014). ["ProPublica Launches New Version of SecureDrop"](https://pressfreedomfoundation.org/blog/2014/01/propublica-launches-new-version-securedrop). The Freedom of the Press Foundation. Retrieved 28 January 2014.

1. **[^](#cite_ref-21)** ["How to Securely Contact The Intercept"](https://web.archive.org/web/20150826055356/https://firstlook.org/theintercept/securedrop/). The Intercept. Archived from [the original](https://firstlook.org/theintercept/securedrop/) on 26 August 2015. Retrieved 9 February 2014.

1. **[^](#cite_ref-22)** Bowe, Rebecca (18 February 2014). ["Introducing BayLeaks"](https://web.archive.org/web/20140224175744/http://www.sfbg.com/2014/02/18/introducing-bayleaks). *[San Francisco Bay Guardian](/source/San_Francisco_Bay_Guardian)*. Archived from [the original](http://www.sfbg.com/2014/02/18/introducing-bayleaks) on 24 February 2014. Retrieved 20 February 2014.

1. **[^](#cite_ref-23)** ["Q&A about SecureDrop on The Washington Post"](https://www.washingtonpost.com/pr/wp/2014/06/05/qa-about-securedrop-on-the-washington-post/). *[The Washington Post](/source/The_Washington_Post)*. 5 June 2014.

1. **[^](#cite_ref-24)** ["The Globe adopts encrypted technology in effort to protect whistle-blowers"](https://www.theglobeandmail.com/news/investigations/the-globe-adopts-encrypted-technology-in-effort-to-protect-whistle-blowers/article23302598/). *[The Globe and Mail](/source/The_Globe_and_Mail)*. 4 March 2015.

1. **[^](#cite_ref-25)** ["CBC adopts SecureDrop to allow for anonymous leaks"](http://www.cbc.ca/news/technology/cbc-securedrop-whistleblowers-1.3412450). 29 January 2016.

1. **[^](#cite_ref-26)** ["How SecureDrop helps CPJ protect journalists"](https://cpj.org/2016/05/how-securedrop-helps-cpj-protect-journalists/). *Committee to Protect Journalists*. 12 January 2016.

1. **[^](#cite_ref-27)** Timm, Trevor [@trevortimm] (15 December 2016). ["Nice. The @NYTimes launched @SecureDrop today, along with a really useful secure tips page"](https://twitter.com/trevortimm/status/809385191374553088) ([Tweet](/source/Tweet_(social_media))) – via [Twitter](/source/Twitter).

1. **[^](#cite_ref-28)** ["USA TODAY launches secure whistle-blower site"](https://www.usatoday.com/story/news/2017/02/22/usa-today-network-launches-securedrop-whistleblower-site/98068810/). *[USA Today](/source/USA_Today)*. 22 February 2017.

1. **[^](#cite_ref-29)** ["ABC launches SecureDrop for whistleblowers to securely and anonymously contact journalists"](https://www.abc.net.au/news/2019-11-28/securedrop-installed-for-contacting-abc-journalists-anonymously/11708200). *ABC News*. 28 November 2019.

1. **[^](#cite_ref-FreeSoftwareFdn-Award-2017_30-0)** Sullivan, John (25 March 2017). ["SecureDrop and Alexandre Oliva are 2016 Free Software Awards winners"](https://www.fsf.org/news/securedrop-and-alexandre-oliva-are-2016-free-software-awards-winners) (Press Release). *[Free Software Foundation](/source/Free_Software_Foundation)*.

## External links

- [SecureDrop.org](https://securedrop.org/)

- [SecureDrop](https://github.com/freedomofpress/SecureDrop) on [GitHub](/source/GitHub)

- [SecureDrop](https://freedom.press/organizations/securedrop/) [Archived](https://web.archive.org/web/20201107032353/https://freedom.press/organizations/securedrop/) 2020-11-07 at the [Wayback Machine](/source/Wayback_Machine) at [Freedom of the Press Foundation](/source/Freedom_of_the_Press_Foundation)

---
Adapted from the Wikipedia article [SecureDrop](https://en.wikipedia.org/wiki/SecureDrop) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/SecureDrop?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.