SecureDrop

The inaugural release of SecureDrop Inbox is now available! 🎉 The Inbox is a full rewrite of our client, and includes many new features and performance improvements for journalists. securedrop.org/news/securedro…

SecureDrop 2.15.1 is now available, improving memory management while handling APIv2 requests, and fixing an issue with restoring backups without transferring over the network: securedrop.org/news/securedro…

We're getting closer to the release of the brand new SecureDrop Inbox — today we're publishing results from the security audit we commissioned to ensure it's safe before putting it in the hands of journalists. securedrop.org/news/audit-of-…

SecureDrop 2.15.0 is now available, which enables the updated API needed for the upcoming SecureDrop Inbox. securedrop.org/news/securedro…

SecureDrop Client 0.17.5 has been released to address a low-priority security issue. Exploiting this vulnerability would require a compromised server, and we are not aware of any exploits in the wild. securedrop.org/news/securedro…

This is the result of work begun by the SecureDrop team in July 2025 to completely overhaul how journalists process submissions. SecureDrop Workstation users will receive it automatically during a system update in the next few weeks. securedrop.org/news/securedro…

SecureDrop Inbox, the new window into the SecureDrop Workstation, has been rewritten to replace the previous client for journalist users. Improving upon the core functionality, it also includes bug fixes, speed improvements, and a range of new features. securedrop.org/news/new-featu…

SecureDrop Workstation 1.5.2 has been released, as well as SecureDrop Client 0.17.4. This update contains multiple security fixes, all of which are low or informational priority. We are not aware of any exploitation in the wild for any vulnerability. securedrop.org/news/securedro…

Web applications are only as trustworthy as their servers, and servers can get hacked. Introducing WEBCAT: it lets web browsers verify the origin of code before it runs. 🌞 Today, WEBCAT enters alpha testing! If you like to experiment with cutting-edge software, give it a try:

@RealWorldCrypto One talk, “Improving the Trustworthiness of JavaScript on the Web,” will include industry representatives from @mozilla, @Cloudflare and @Meta

SecureDrop is bringing our WEBCAT and SecureDrop Protocol projects to @RealWorldCrypto on March 9-11 in Taipei, Taiwan. We’ll be presenting on establishing trust in web applications and on the next generation of SecureDrop! Read more: securedrop.org/news/real-worl…

SecureDrop 2.14.0 has been released. This release ensures KeePassXC remains installed on Tails. It also lays groundwork for the upcoming SecureDrop App. securedrop.org/news/securedro…

SecureDrop Client 0.17.2 has been released! This release addresses potential undefined behavior in a dependency. securedrop.org/news/securedro…

What does it take to make web applications auditable? Here's why reproducibility matters, and how WEBCAT—a framework for signing and verifying web applications—approaches the problem in practice. securedrop.org/news/webcat-to…

Journalists are increasingly relying on insider sources, and protecting those sources is more important than ever. Here's how SecureDrop is rising to the challenge, safeguarding whistleblowers’ anonymity against ever-evolving threats. securedrop.org/news/looking-b…

Catch our segment on @SecureDrop in @torproject's latest State of the Onion, alongside updates from other community projects: youtube.com/live/tZVk0kb7l…

SecureDrop Workstation 1.5.1 has been released! This minor fix addresses a Tails config location change found in version 2.13.0 of the SecureDrop server. securedrop.org/news/securedro…

SecureDrop 2.13.0 is now available. This release primarily provides the securedrop-admin tool as a Debian package within Tails, and prepares for future availability of the securedrop-admin utility on Qubes OS. securedrop.org/news/securedro…

SecureDrop Client 0.17.1 has been released! This release addresses a low-impact, high-complexity denial-of-service issue: securedrop.org/news/securedro…