After two years of FOIA battles at Lucy Parsons Labs, we wanted to find another way to get information about government actions. Enabling anonymous whistleblowers to drop us documents seemed like another promising avenue. We also wanted to provide freelance journalists as well as journalists without access to a SecureDrop instance at their newsroom a way to interact with sources anonymously through SecureDrop and a way to work with documents we receive through our instance. Here we will describe at a high level how SecureDrop works.
SecureDrop in a Nutshell
SecureDrop is a anonymous whistleblowing submission systems that is designed to minimize source information. Documents are stored encrypted on the server and only the journalists or administrators are able to decrypt them. All connections come through the Tor Anonymity network such that an adversary observing the network only sees an individual connecting to Tor.
Both journalists and sources connect through Tor in order to minimize metadata.
Even the administrators login through Tor.
A source can login to SecureDrop’s source interface and submit documents.
The source documents are stored encrypted on the SecureDrop server.
The journalist downloads the encrypted documents from the SecureDrop server.
The journalist transfers, decrypts and views the document on an airgapped machine.
At this point, the journalist can read through the messages and documents and work with them for publication. They can use the Metadata Anonymization Toolkit on Tails to strip metadata off the documents and transfer them to their regular workstation.
The landing page for our SecureDrop instance can be found at https://lucyparsonslabs.com/securedrop.