The dream of providing would-be whistleblowers with a WikiLeaks-style safe and anonymous platform to leak incendiary documents to news organizations lives on.
In May, The New Yorker launched StrongBox, a system based on DeadDrop, a program written by the late Aaron Swartz, with the help of Wired's Kevin Poulsen. Now, the non-profit Freedom of the Press Foundation has taken over the project, simplified it, and renamed it SecureDrop.
See also: Is Strongbox the New Wikileaks?
The goal remains the same: having more news organizations install the system to provide their sources with a secure way of leaking documents and communicating anonymously.
To encourage more newsrooms to use it, the foundation will not only manage and update SecureDrop — which remains open source — from now on, but it will also help media organizations set it up and train their journalists on how to use it.
SecureDrop uses the anonymizing software Tor to let sources submit documents to a hidden server, like the one Silk Road was using. Journalists can then access the secure server, retrieve the documents, and even exchange messages with the original source without ever knowing his or her name.
"Essentially, it's a more secure alternative to the 'contact us' form found on a typical news site," the Foundation wrote in an FAQ about the project.
But security isn't the only concern. As Mashable reported in May, some experts found StrongBox and DeadDrop too complicated to use. This was confirmed by an audit (.PDF) performed by experts at the University of Washington, including the WikiLeaks associate Jacob Appelbaum and security guru Bruce Schneier.
"We are concerned about the level of technical sophistication that journalists are expected to have and that they might, for usability reasons, make mistakes that leak the confidential information about the source," they wrote, after acknowledging that the system is technically sound.
That's why the foundation has worked primarily on making it simpler .
"It has to be usable," Trevor Timm, the executive director of the Freedom of the Press Foundation, told Mashable. "Usability problems are security problems, because if it's easy for people to make mistakes, then even if the system technically works correctly, if there's user error then that doesn't matter."
Micah Lee, the Foundation's Chief Technology Officer, told Mashable that they've made several changes since taking over the project. They've written extensive documentation (see the detailed user manual), and made the installation and configuration easier and more automated.
"Journalists still have to jump through some hoops, but it's much simpler than it was before, and we plan on making it even simpler in future versions," he said.
The foundation took over the project a month ago, when Poulsen asked Timm if they'd be interested in taking charge. Ever since the project's launch in May, Timm said, the foundation was very excited about the project and tried to find ways to promote it and support it, so when Poulsen asked them to take over, they "jumped at the opportunity."
The foundation will also hire security developer James Dolan, who also helped Swartz and Poulsen on DeadDrop, to keep SecureDrop updated and help news organizations around the country install the system. While he couldn't reveal their names, Timm said that "half a dozen major news organizations" have expressed interest in implementing SecureDrop.
Have something to add to this story? Share it in the comments.
Image: Flickr, Ragesoss