Motivation

After two years of FOIA battles at Lucy Parsons Labs, we wanted to find another way to get information about government actions. Enabling anonymous whistleblowers to drop us documents seemed like another promising avenue. We also wanted to provide freelance journalists as well as journalists without access to a SecureDrop instance at their newsroom a way to interact with sources anonymously through SecureDrop and a way to work with documents we receive through our instance. Here we will describe at a high level how SecureDrop works.

SecureDrop in a Nutshell

SecureDrop is a anonymous whistleblowing submission systems that is designed to minimize source information. Documents are stored encrypted on the server and only the journalists or administrators are able to decrypt them. All connections come through the Tor Anonymity network such that an adversary observing the network only sees an individual connecting to Tor.

Both journalists and sources connect through Tor in order to minimize metadata.

SecureDrop Without
Admin

Even the administrators login through Tor.

SecureDrop With
Admin

A source can login to SecureDrop’s source interface and submit documents.

SecureDrop Leak
1

The source documents are stored encrypted on the SecureDrop server.

SecureDrop Leak
2

The journalist downloads the encrypted documents from the SecureDrop server.

SecureDrop Leak
3

The journalist transfers, decrypts and views the document on an airgapped machine.

SecureDrop Leak
4

At this point, the journalist can read through the messages and documents and work with them for publication. They can use the Metadata Anonymization Toolkit on Tails to strip metadata off the documents and transfer them to their regular workstation.

Our Instance

The landing page for our SecureDrop instance can be found at https://lucyparsonslabs.com/securedrop.