Verifiable browser code is on the critical path for a redesigned version of SecureDrop and will benefit the wider browser security ecosystem as a whole. We introduce Web-based Code Assurance and Transparency, or WEBCAT, a code integrity mechanism for single-page browser applications.Read more on the SecureDrop blog or check …
SecureDrop team member Kunal Mehta demo’d the SecureDrop Workstation at RightsCon 2025 on Feb. 25. You can watch a recording of the talk (also see below); the slides (PDF) are also available.In the demo, Mehta explained the multiyear project to provide better and more streamlined tools for journalists to …
Over the past month, Freedom of the Press Foundation has received significant interest in newsrooms setting up SecureDrop. Our open source whistleblower submission system is already used around the globe by large media organizations, small nonprofit newsrooms, and everything in between. We’re excited to see more adoption of SecureDrop.To …
What is the basis for trusting the code that performs browser-based encryption? To read more about a problem that is legally old enough for a learner’s permit in several U.S. states, read the full article here.
SecureDrop has completed its sixth security audit, conducted by 7ASecurity and sponsored by the Open Technology Fund. The audit identified three vulnerabilities—one medium-severity and two low-severity—all of which were fixed in the SecureDrop 2.10.0 release. In their report, the auditors praised SecureDrop's robust defense against a broad range …
Dangerzone, a Freedom of the Press Foundation open-source tool that protects journalists while they view electronic documents, has gotten even safer with its integration of gVisor in version 0.7.0. This collaboration with Google’s gVisor team enhances Dangerzone’s ability to isolate and neutralize malicious files without directly interfacing with the …
SecureDrop Workstation 1.0.0 has been released, offering significant security and usability enhancements for journalists. Key improvements include support for Qubes 4.2, automatic retries for downloads, and new media format compatibility. With these updates, the project transitions into an open beta, enabling more newsrooms to migrate to the next-generation user experience …
The SecureDrop team has introduced the SecureDrop Protocol, designed to enhance security for whistleblowers and journalists. In addition to providing end-to-end encryption, the new protocol eliminates the need for accounts, prevents message flow tracking, and limits the server’s ability to collect metadata. Built with robust cryptographic principles, it’s engineered for …
In an independent review, the Freedom of the Press Foundation tool that helps journalists work with electronic documents safely was found to have no critical vulnerabilities
As a proof of concept, we're now also publishing the Press Freedom Tracker’s incident database on the decentralized web.
Join our email list to stay up to date on the issues and learn how you can help protect journalists and sources everywhere.
