In an age of pervasive internet surveillance, traditional tools like email and phone calls are no longer enough to safely link reporters and their contacts. The most sensitive sources need a more secure channel, one that’s encrypted and anonymous by default. Now, WIRED will provide just that.
Today we’re announcing the launch of our own installation of SecureDrop, a web-based system designed to allow anyone to securely, anonymously send us information. Everything sent to our SecureDrop server is end-to-end encrypted, meaning no one can snoop on it in transit. And because SecureDrop can be accessed only via the anonymity software Tor, it’s very difficult for anyone to trace where the communications come from. Not even WIRED will know your identity, if you choose not to share it.
SecureDrop works by offering anonymous tipsters a portal to send messages and upload files on a Tor-based “onion service”—the same technology that enables the so-called darknet or dark web. Anyone who knows the site’s .onion address—in WIRED’s case, http://k5ri3fdr232d36nb.onion—can visit the site by downloading the Tor browser and copying in the URL. Tor then bounces all traffic to the site through a series of computers around the world, making it tough to trace. It’s a far more anonymous method of communicating than phone calls, texts, or email, which reveal metadata that can identify someone in a conversation, even when the contents of the communication are encrypted.
In addition to Tor’s protection, the upload software uses the encryption tool PGP to automatically encrypt all information sent to us. It stores those communications on a server we’ve specially configured for security and keep in a physically protected location. And it assigns users a long, randomly chosen codename they can use to decrypt responses we send back to establish a secure two-way conversation between reporter and source.
SecureDrop has already been adopted by dozens of news outlets, including The New York Times, The Washington Post, and the Guardian. (Post reporter David Fahrenthold, for instance, who won a Pulitzer Prize for his coverage of Donald Trump’s lack of charitable contributions, hinted last year that he’d used the system.)
But SecureDrop was, in some respects, invented at WIRED. In 2013, WikiLeaks inspired then-WIRED editor Kevin Poulsen and the late information activist Aaron Swartz to create a prototype for software that would let any site launch a similar portal for leakers and whistle-blowers. That tool, initially called DeadDrop, first found a home at WIRED’s Condé Nast sister publication, the The New Yorker. Its open-source code was quickly adopted by the Freedom of the Press Foundation, where Edward Snowden now leads the team that maintains it. In the meantime, it’s been redesigned, renamed SecureDrop, and extensively audited for security vulnerabilities.
Now WIRED is putting to use the tool that Poulsen and Swartz first sketched out in our San Francisco headquarters five years ago. You can find instructions for using WIRED’s installation of SecureDrop here, or simply download Tor and visit our SecureDrop .onion service in your Tor browser here: http://k5ri3fdr232d36nb.onion. We look forward to hearing from you soon.
Source Article from https://www.wired.com/2017/04/new-way-securely-send-information-wired/