SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from, and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by the Freedom of the Press Foundation.
The SecureDrop documentation is now built and hosted by Read the Docs: https://docs.securedrop.org. If you are still trying to use links to Markdown files on our GitHub to read documentation, please update your bookmarks.
There are two versions of the SecureDrop documentation: stable and latest. The stable documentation is the default, and corresponds to the latest stable release of SecureDrop; therefore, it is the best version of the documentation for end users (Sources, Journalists, or Administrators). The latest documentation is automatically built from the latest commit on the SecureDrop development branch; therefore, it is most useful for developers and contributors to the project. You can choose to view a different version of the documentation by using the version picker shown at the bottom left of the screen.
If you're here because you want to report an issue in SecureDrop, please observe the following protocol to do so responsibly:
- If you want to report a security issue, please use our bug bounty hosted by Bugcrowd.
- If filing the issue does not impact security, just create a GitHub Issue.
See the Installation Guide.
See the Development Guide and the Contributing Guidelines.
Check out our Development Roadmap to see our plans and priorities for upcoming releases.
We also have a public Gitter channel and a public Discourse forum.
SecureDrop is open source and released under the GNU Affero General Public License v3.
The wordlist we use to generate source passphrases come from various sources:
- en.txt is based off a new Diceware wordlist from the EFF.
- fr.txt is based off Matthieu Weber's translated diceware list.