SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from, and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by the Freedom of the Press Foundation.
There are multiple versions of the SecureDrop documentation. By default, the documentation describes the most recent SecureDrop release. It is the best version of the documentation for end users (Sources, Journalists, or Administrators). The latest documentation is automatically built from the most recent commit to the SecureDrop development branch. It is most useful for developers and contributors to the project. You can switch between versions of the documentation by using the toolbar in the bottom left corner of the Read the Docs screen.
Found an issue?
If you're here because you want to report an issue in SecureDrop, please observe the following protocol to do so responsibly:
- If you want to report a security issue, please use our bug bounty hosted by Bugcrowd.
- If filing the issue does not impact security, just create a GitHub Issue.
How to Install SecureDrop
See the Installation Guide.
How to Use SecureDrop
How to Contribute to SecureDrop
See our contribution page
Ensure you have Docker installed and:
This will start the source interface on
127.0.0.1:8080 and the journalist interface on
127.0.0.1:8081. The credentials to login are printed in the Terminal.
SecureDrop is open source and released under the GNU Affero General Public License v3.
The wordlist we use to generate source passphrases come from various sources:
- en.txt is based off a new Diceware wordlist from the EFF.
- fr.txt is based off Matthieu Weber's translated diceware list.
A huge thank you to all SecureDrop contributors! You can see just code and documentation contributors in the "Contributors" tab on GitHub, and you can see code, documentation and translation contributors together here.