SecureDrop

Web applications are only as trustworthy as their servers, and servers can get hacked. Introducing WEBCAT: it lets web browsers verify the origin of code before it runs. 🌞 Today, WEBCAT enters alpha testing! If you like to experiment with cutting-edge software, give it a try:

@RealWorldCrypto One talk, “Improving the Trustworthiness of JavaScript on the Web,” will include industry representatives from @mozilla, @Cloudflare and @Meta

SecureDrop is bringing our WEBCAT and SecureDrop Protocol projects to @RealWorldCrypto on March 9-11 in Taipei, Taiwan. We’ll be presenting on establishing trust in web applications and on the next generation of SecureDrop! Read more: securedrop.org/news/real-worl…

SecureDrop 2.14.0 has been released. This release ensures KeePassXC remains installed on Tails. It also lays groundwork for the upcoming SecureDrop App. securedrop.org/news/securedro…

SecureDrop Client 0.17.2 has been released! This release addresses potential undefined behavior in a dependency. securedrop.org/news/securedro…

What does it take to make web applications auditable? Here's why reproducibility matters, and how WEBCAT—a framework for signing and verifying web applications—approaches the problem in practice. securedrop.org/news/webcat-to…

Journalists are increasingly relying on insider sources, and protecting those sources is more important than ever. Here's how SecureDrop is rising to the challenge, safeguarding whistleblowers’ anonymity against ever-evolving threats. securedrop.org/news/looking-b…

Catch our segment on @SecureDrop in @torproject's latest State of the Onion, alongside updates from other community projects: youtube.com/live/tZVk0kb7l…

SecureDrop Workstation 1.5.1 has been released! This minor fix addresses a Tails config location change found in version 2.13.0 of the SecureDrop server. securedrop.org/news/securedro…

SecureDrop 2.13.0 is now available. This release primarily provides the securedrop-admin tool as a Debian package within Tails, and prepares for future availability of the securedrop-admin utility on Qubes OS. securedrop.org/news/securedro…

SecureDrop Client 0.17.1 has been released! This release addresses a low-impact, high-complexity denial-of-service issue: securedrop.org/news/securedro…

SecureDrop is building the next generation of anonymity tools for whistleblowers. SecureDrop software engineer Cory Myers and ETH Zurich researcher Felix Linker gave a talk in Montreal earlier this month about our new, custom messaging protocol: securedrop.org/news/securedro…

SecureDrop Workstation 1.5.0 has been released! This version simplifies the installation process by allowing you to install a bootstrap package from the Qubes-Contrib repo, and removes the remaining dependencies on Whonix. securedrop.org/news/securedro…

Tor is a critical component that helps make SecureDrop an effective tool for connecting journalists with anonymous sources. Learn more about @torproject's efforts to Free the Internet: blog.torproject.org/2025-fundraise…

If you're attending the Transparency.dev summit later this month, be sure to check out our talk: securedrop.org/news/see-you-a…

Cloudflare's new blog post on improving the trustworthiness of JavaScript on the web highlights our work on WEBCAT @FreedomOfPress - our project enabling verifiable, developer-signed code in the browser

🚨 PSA: Do you have information to share with news outlets that have lost access to report from the Pentagon? You can share it while protecting your anonymity using @SecureDrop:

🚨 PSA: Are you a current or former federal employee and have information that you'd like to share with the press? You can share it while protecting your anonymity using @SecureDrop:

🚨 PSA: Journalists in Gaza are being targeted to prevent reporting on a UN-acknowledged program of genocide. If you are an IDF member with information that could save lives and bring the war to a close, consider sharing it with the press safely via @SecureDrop: