What does HackerNews think of securedrop?

SecureDrop 2.5.1 – Released → (December 8, 2022 )

SecureDrop 2.5.1 – Change Log (Text) : https://raw.githubusercontent.com/freedomofpress/securedrop/...

SecureDrop – Freedom of the Press Foundation @ GitHub : https://github.com/freedomofpress/securedrop/

SecureDrop – Journalist and Whistleblower – Secure Submission System – Overview : https://securedrop.org/overview/

SecureDrop – User Documentation : https://docs.securedrop.org/

Report a Security Issue (Bug Bounty) : https://bugcrowd.com/freedomofpress

SecureDrop – Community Forums : https://forum.securedrop.org

* @securedrop at fosstodon : https://fosstodon.org/@securedrop

---

Tor Project – Tor Status : https://status.torproject.org

Tor Project – Tor Metrics : https://metrics.torproject.org

Tor Project – Check Tor Connection : https://check.torproject.org

Tor Support – FAQ : https://support.torproject.org

Tor User Support Forum : https://forum.torproject.net

Tor Community : https://community.torproject.org

Tor Download : https://www.torproject.org/download/

Tor Distribution Directory : https://www.torproject.org/dist/torbrowser/12.0/

--- The Tor Project – @torproject – Nov 10th

If you need Support Downloading or Connecting to Tor, find us on;

* Telegram – Tor Support-Bot: https://t.me/torprojectsupportbot

* Telegram – Tor (preview) : https://t.me/s/torproject

* Signal : (+1 778-743-1312)

* The Tor Project – Email : (frontdesk at torproject.org)

* The Tor Project – Forum : https://forum.torproject.net

#keepiton

--- The Tor Project – @torproject – Nov 18th

Follow Tor – Links;

* Mastodon : https://mastodon.social/@torproject

* Facebook : https://www.facebook.com/TorProject/

* Instagram : https://www.instagram.com/TorProject/

* LinkedIn : https://www.instagram.com/TorProject/

* YouTube : https://www.youtube.com/c/TorProjectInc

* Tor Forum : https://forum.torproject.net

* Tor News : https://newsletter.torproject.org

* Telegram – The Tor Project : https://t.me/torproject

SecureDrop 2.5.0 – Released → (October 18, 2022)

SecureDrop 2.5.0 – Change Log (Text) : https://raw.githubusercontent.com/freedomofpress/securedrop/...

SecureDrop – Freedom of the Press Foundation @ GitHub : https://github.com/freedomofpress/securedrop/

SecureDrop – Journalist and Whistleblower – Secure Submission System – Overview : https://securedrop.org/overview/

SecureDrop – User Documentation : https://docs.securedrop.org

SecureDrop – Developer Documentation : https://developers.securedrop.org

SecureDrop – Support Documentation : https://support-docs.securedrop.org

Report a Security Issue (Bug Bounty) : https://bugcrowd.com/freedomofpress

SecureDrop – Community Forums : https://forum.securedrop.org

----

Freedom of the Press Foundation : https://freedom.press/

Freedom of the Press Foundation – Guides & Training - News Organizations, Freelance/Citizen Journalists, at-risk Groups : https://freedom.press/training/

Reporters Committee for Freedom of the Press : https://www.rcfp.org/

> SecureDrop – Freedom of the Press Foundation @ GitHub : https://github.com/freedomofpress/securedrop/

Freedom of press lives on a Microsoft site.

SecureDrop – Freedom of the Press Foundation @ GitHub : https://github.com/freedomofpress/securedrop/

SecureDrop – Journalist and Whistleblower – Secure Submission System – Overview : https://securedrop.org/overview/

SecureDrop – Community Forums : https://forum.securedrop.org

Freedom of the Press Foundation – Guides & Training - News Orgs, Freelance/Citizen Journalists, at-risk Groups : https://freedom.press/training/

SecureDrop 2.4.2 – Change Log (Text) : https://raw.githubusercontent.com/freedomofpress/securedrop/...

SecureDrop - Freedom of the Press Foundation @ GitHub : https://github.com/freedomofpress/securedrop/

Freedom of the Press Foundation : https://freedom.press/

I think you could easily start with forks of

ZeroNet (distributed TOR hosting): https://zeronet.io https://github.com/HelloZeroNet/ZeroNet

and either: SecureDrop: https://securedrop.org https://github.com/freedomofpress/securedrop

or NextCloud: https://nextcloud.com https://github.com/nextcloud

Though basically you're just routing .onion at a bucket.

Another thing to look at would be building on https://libcloud.apache.org/ https://libcloud.readthedocs.io/en/latest/supported_provider... or https://jclouds.apache.org/ https://jclouds.apache.org/reference/providers/

And providing a storage target. Though you have to consider the possibility of seizure of the host[s] by the service providers state.

See: https://www.deepdotweb.com/2017/06/10/french-police-seized-t...

https://www.bleepingcomputer.com/news/security/french-police...

I maintain a Debian packager for nodejs [0] & two Rust libs for CSRF protection [1] [2], and contribute to SecureDrop [3].

[0] - https://github.com/heartsucker/node-deb

[1] - https://github.com/heartsucker/rust-csrf

[2] - https://github.com/heartsucker/iron-csrf

[3] - https://github.com/freedomofpress/securedrop

I was hired as a Data Engineer for my skills in Scala, AWS, and other data technologies. I ended up falling into Backend Engineer (also Scala) as our core services needed significant support. From there, I drifted into Operations as our infra and deployment processes were negatively impacting QOS and the time from code-to-prod.

In my spare time I:

  - made a shitty personal website[0] for kicks

  - maintain an npm package[1]

  - contribute to SecureDrop[2]

  - run the not-yet-live BerlinLeaks[3]

[0] - https://heartsucker.com

[1] - https://github.com/ehartsuyker/node-deb

[2] - https://github.com/freedomofpress/securedrop

[3] - https://berlinleaks.com

Does anyone know what the codenames are like? If they are easy enough to remember, then they may be easy enough to brute-force?

I think this is a great concept, yet perhaps too little, too late (Journalists should know PGP and drop boxes like these should have been common already). I also worry a bit because of Washington Post's track record with leaks, of the top of my head:

- Washington Post was Snowden's first choice, but they put up enough demands for Snowden to move to The Guardian. [1]

- Washington Post, according to Assange, had access to the "Collateral Murder" video a whole year before WikiLeaks published their edited video. [2]

- Washington Post employs op-ed columnists that call for assassination of "criminally dangerous" leakers like Assange [3]

[1] http://nymag.com/daily/intelligencer/2013/06/nsa-leaker-shop... [2] http://www.abc.net.au/foreign/content/2010/s3040234.htm [3] http://www.washingtonpost.com/wp-dyn/content/article/2010/08...

EDIT: More information on SecureDrop: https://pressfreedomfoundation.org/securedrop and source here: https://github.com/freedomofpress/securedrop

> Aaron, I am sorry to say, has died in vain.

This contrived conclusion mars an otherwise sensitive synopsis of the film, and through that, Aaron's life. The drive to reform CFAA continues. Strides are being made for open access to research [0], the cause that lead to Aaron's conviction. The Strongbox/Deaddrop project is being actively developed and deployed to protect journalist-source communication and empower whistleblowers all over the world. [1]

The fight is not over - it has only just begun.

[0] http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/17...\n[1] https://github.com/freedomofpress/securedrop

Github Link: https://github.com/freedomofpress/securedrop/

Github repo: https://github.com/freedomofpress/securedrop/