Security Audit

The first set of upgrades we made to SecureDrop before we re-launched the project were based off a security audit done by a team of University of Washington researchers led by Alexei Czeskis, and also included Tadayoshi Kohno, Jacob Appelbaum, and security expert Bruce Schneier. You can read the full audit here.

Importantly, the security audit found no critical flaws in the code of SecureDrop itself. The audit did, however, find several problems with the documentation (so it was close to impossible to install at an optimum security level without the creators’ help), and usability issues on both the source and journalist side (which were correctly interpreted as security flaws since a user mistake can unduly expose information).

So in the six weeks before we re-launched the project, we completely re-did the installation instructions and documentation, improved its security by switching the document server to a Tor hidden service, and improved the way the source’s passphrase is created. You can read all the updates we made here.

Aaron Swartz Hackathon

Since we launched, we’ve had developers start following our issue page on GitHub, as we continue to try to make SecureDrop easier to use. Two weekends ago, at the Aaron Swartz memorial hackathon in San Francisco and in cities around the world last weekend, many of these developers gave up their weekends to make SecureDrop even better. It was a huge success, as this commit graph demonstrates.

We’ve now completely re-done the install process, and we’ve combined the source and document server into one—both steps should make set up for journalism organizations a lot easier. We’ve also made it easier for journalists to delete files, bulk download, and organize all the files they receive from sources.

What To Do Next

There’s still much left to do on the project however. Right now, there are fifty-seven open tickets on our GitHub issue page that we could use help on. For example, we want to create an interface that allows a source to pick which journalist at a given organization he or she sends her documents to. We want to have an automatic document metadata scrubber at the start of the upload process. There’s also still a lot more documentation we need to write that will define the best practices for the hosting environment, administration support processes, security monitoring processes, and journalist use cases.

We’re exploring techniques to mitigate denial of service attacks, which is especially challenging in an environment where users are anonymized. And we are going to need regular code and environment audits to make sure SecureDrop stays as secure as possible.

We’ll be hosting another hackathon in San Francisco and Boston in the near future and if you would like to help please join our developers mailing list here to receive more details. You can also visit our GitHub page to start contributing right away.