The Guardian has launched a new system for anonymous sources to send confidential documents to the newspaper. SecureDrop, which uses privacy software from Tor, will let users provide The Guardian with files and avoid being tracked online.
The Guardian joins The New Yorker, ProPublica, and The Intercept in using the system as a secure method of receiving information from whistleblowers. SecureDrop was originally created by Aaron Swartz prior to his death in 2013. It’s now maintained by the Freedom of the Press Foundation.
As one of the initial news organizations to report on the leaked National Security Administration files from Edward Snowden, The Guardian hopes to find a way to let confidential information flow to the paper while protecting sources and journalists.
Because of its reporting on the NSA, The Guardian already relocated files from Snowden to the United States; the SecureDrop system is also located outside of the U.K. In 2013, the British government forced Guardian editors to physically destroy computers
with documents from Snowden.
Even as more newsrooms use SecureDrop as a tool for tips and leaked files, the system doesn’t promise complete security, The Guardian notes:
SecureDrop was given an extensive security audit by a team of cryptographers in July 2013, and updated in response to many of the concerns raised at the time. The system was also updated to address the widely reported Heartbleed security vulnerability.
While the system is far more secure than, for example, emailing information to a reporter, SecureDrop specifically does not promise 100% security.
“[A]ny organization or product that promises 100% security is not telling the truth,” says the Freedom of the Press Foundation website. “SecureDrop attempts to create [a] significantly more secure environment for sources to get information than exists through normal digital channels, but there are always risks.”