# SecureDrop > Whistleblower submission platform. Sources submit anonymously via Tor. **Source:** https://fieldwork.news/tools/securedrop **Official site:** https://securedrop.org **Category:** security ## Security rating - **Rating:** strong - **Rating note (required when citing):** Purpose-built for source protection. Tor-only access, E2E encryption, no metadata retention, air-gapped viewing. Open-source with six completed security audits (most recent: 7ASecurity, mid-2024 — one medium, two low findings, all patched in v2.10.0). No known incidents of source exposure through SecureDrop itself. Backed by Freedom of the Press Foundation with $20.7M in assets and a dedicated security engineering team led by CTO Jennifer Helsby. - **Reviewed by:** Editorial assessment by Mike Schneider — independent security review pending - **Review depth:** established - **Last reviewed:** 2026-04-02 - **Threat level:** sensitive-reporting > AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment. ## Who it is for Newsrooms that need a secure channel for anonymous tips and document submissions. Over 60 organizations run SecureDrop instances, including The Washington Post, The New York Times, ProPublica, The Guardian, and The Globe and Mail. ## Editorial take SecureDrop is how major investigations start. It is the gold standard for anonymous source communication — Tor-only access, end-to-end encryption, no metadata retention, air-gapped document viewing. Six independent security audits since launch, most recently by 7ASecurity in mid-2024, which found only one medium-severity and two low-severity issues across the entire codebase. The new SecureDrop Workstation (Qubes-based) entered open beta in July 2024 and is rolling out to all SecureDrop newsrooms. A fully rewritten journalist app is feature-complete and awaiting its security audit in early 2026. This is institutional infrastructure — it requires dedicated hardware, on-site servers, and IT staff. Not a tool for individuals. But for newsrooms doing sensitive work, nothing else comes close. ## Best for / not for **Best for:** Receiving anonymous tips and documents. Running a secure tip line for investigative reporting. Any newsroom where source protection is non-negotiable. **Not for:** Individual freelancers (requires two dedicated servers on-premises). Small teams without IT support. Quick back-and-forth communication (asynchronous by design — sources check back for replies). ## Pricing - **Pricing:** Free. Hardware costs ~$1,500–$2,500 for two dedicated servers and a firewall appliance. FPF offers pro-bono installation support for independent and nonprofit newsrooms (you cover travel). Priority support contracts available for larger organizations. - **Free option:** yes ## Security & privacy details - **Encryption in transit:** yes - **Encryption at rest:** yes - **Data jurisdiction:** On-premises only. Documents stored on newsroom-controlled servers inside your building. No third-party cloud. Air-gapped viewing recommended via dedicated Secure Viewing Station. Because there is no third-party host, any government subpoena must go directly to the news organization — which can fight it on First Amendment grounds. **Privacy policy TL;DR:** SecureDrop is designed to know nothing about sources. No IP logging, no browser fingerprinting, no metadata retention. Documents are encrypted on submission with the newsroom's public key. The architecture assumes the server could be compromised and still protects source identity. Even printer tracking dots are addressed in operational guidance. **Practical mitigations (operational guidance, not optional):** Follow FPF's installation guide precisely — a 2017 audit found a vulnerability in the install process (fetching packages over HTTP without signature verification). Use air-gapped machines for viewing submissions. Train all journalists who access the system on operational security — Reality Winner was caught partly because The Intercept mishandled printer steganography dots, not because SecureDrop failed. Regularly update the SecureDrop installation (the Ubuntu 20.04-to-24.04 migration in 2025 was fully automated for most instances). Consider upgrading to SecureDrop Workstation for integrated Qubes-based isolation. ## Ownership & business - **Owner:** Freedom of the Press Foundation (501(c)(3) nonprofit) - **Funding model:** Donations, grants, and major gifts. Jack Dorsey's #startsmall donated $10M in January 2024 — the largest gift in FPF history. Open Technology Fund sponsors security audits. FPF reported $5.25M income and $20.7M net assets in 2024 IRS filings. - **Business model:** Nonprofit. Software is free. FPF provides installation support, training, and priority support contracts. No revenue from the tool itself. FPF published a 2025–2026 strategic plan and is led by board president Rainey Reitman (succeeding Edward Snowden). Dr. Jennifer Helsby joined as CTO in 2025, replacing VP of Engineering Erik Möller after seven years. - **Open source:** yes - **Built for journalism:** yes **Known issues:** High operational burden — requires two dedicated servers, a firewall appliance, physical security, and ongoing IT maintenance. Not viable for freelancers or small outlets without technical staff. SecureDrop Workstation (Qubes-based) is still in open beta as of early 2026; the new journalist app rewrite is awaiting its security audit. The 2024 audit found the project meets only SLSA Level 1 because builds happen on developer workstations, not a dedicated build machine. GlobaLeaks is a lighter alternative for organizations that do not need Tor-only access — it supports clearnet and has been deployed in over 2,000 projects globally — but GlobaLeaks was not designed specifically for journalism and lacks SecureDrop's air-gapped viewing model. --- Canonical HTML: https://fieldwork.news/tools/securedrop Full dataset: https://fieldwork.news/llms-full.txt Methodology: https://fieldwork.news/methodology