- The Latest
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - The Classifieds
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data Visualizations
  - Explore the Database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Donate

Dangerzone

Reproducing the reproducible images

March 2, 2026 / Alex Pyrgiotis

A drawing of a person happily crossing a road, under a serene purple sky with a few clouds. The person carries a painting in their hands that captures the surroundings perfectly. — Creating a bit-for-bit reproducible image means capturing your environment perfectly.

AI-image-problem by Electronic Frontier Foundation is licensed under CC BY 2.0.

When you download a piece of software, how do you know it hasn't been secretly changed or tampered with? For security-focused projects, this is a huge concern. Thankfully, there’s a powerful way to solve this problem for software that runs in containers (like apps on the cloud): making the build process “reproducible.”

A reproducible container image means that anyone can take the original instructions and source code and build an identical, bit-for-bit copy of the final program. This gives you a critical guarantee that the image you're using is exactly what the developers intended, with nothing hidden inside.

We take a closer look at this concept, sharing our own experience with the Dangerzone project. We discovered that even tiny changes in the tools used to create the image — like a simple update to a container program — could accidentally change the final result. We explain how we tracked down these small, non-obvious differences, learning lessons that apply to any project aiming for high security.

To help more people adopt this reliable security practice, we're sharing a new set of container helpers in the https://github.com/freedomofpress/repro-build repo. These helpful scripts and guides are designed to make building and checking reproducible images simpler for everyone. They can easily replace your current build steps, helping ensure your software remains trustworthy and secure, giving you an extra layer of protection against unexpected changes.

Find out more on the Dangerzone blog.