Dangerzone now automatically updates its sandbox
As part of an opt-in feature in our latest release, Dangerzone can now auto-update its sandbox.
Security Analysis of SecureDrop Protocol Presented at IETF 124
SecureDrop software engineer Cory Myers and ETH Zurich researcher Felix Linker gave a talk entitled “SecureDrop — From Design to Analysis” to the Usable Formal Methods Research Group at the 124th meeting of the Internet Engineering Task Force in Montreal on Nov. 4, 2025.The SecureDrop Protocol is …
Implementing ‘just-works’ printing in SecureDrop Workstation
SecureDrop serves as a tips entry point for news organizations, often with a small set of journalists reviewing incoming submissions and distributing them to the rest of the newsroom. The next-generation SecureDrop Workstation supports conveniently exporting submissions to encrypted USB drives and USB-connected printers.But getting printing to work can …
Introducing WEBCAT: Web-based Code Assurance and Transparency
Verifiable browser code is on the critical path for a redesigned version of SecureDrop and will benefit the wider browser security ecosystem as a whole. We introduce Web-based Code Assurance and Transparency, or WEBCAT, a code integrity mechanism for single-page browser applications.Read more on the SecureDrop blog or check …
RightsCon: Introduction to SecureDrop Workstation
SecureDrop team member Kunal Mehta demo’d the SecureDrop Workstation at RightsCon 2025 on Feb. 25. You can watch a recording of the talk (also see below); the slides (PDF) are also available.In the demo, Mehta explained the multiyear project to provide better and more streamlined tools for journalists to …
Five things to know about SecureDrop
Over the past month, Freedom of the Press Foundation has received significant interest in newsrooms setting up SecureDrop. Our open source whistleblower submission system is already used around the globe by large media organizations, small nonprofit newsrooms, and everything in between. We’re excited to see more adoption of SecureDrop.To …
The long and winding road to safe browser-based cryptography
What is the basis for trusting the code that performs browser-based encryption? To read more about a problem that is legally old enough for a learner’s permit in several U.S. states, read the full article here.
SecureDrop completes sixth security audit
SecureDrop has completed its sixth security audit, conducted by 7ASecurity and sponsored by the Open Technology Fund. The audit identified three vulnerabilities—one medium-severity and two low-severity—all of which were fixed in the SecureDrop 2.10.0 release. In their report, the auditors praised SecureDrop's robust defense against a broad range …
Reducing Dangerzone’s attack surface with gVisor
Dangerzone, a Freedom of the Press Foundation open-source tool that protects journalists while they view electronic documents, has gotten even safer with its integration of gVisor in version 0.7.0. This collaboration with Google’s gVisor team enhances Dangerzone’s ability to isolate and neutralize malicious files without directly interfacing with the …
SecureDrop Workstation 1.0.0 Released
SecureDrop Workstation 1.0.0 has been released, offering significant security and usability enhancements for journalists. Key improvements include support for Qubes 4.2, automatic retries for downloads, and new media format compatibility. With these updates, the project transitions into an open beta, enabling more newsrooms to migrate to the next-generation user experience …
