This is the result of work begun by the SecureDrop team in July 2025 to completely overhaul how journalists process submissions. SecureDrop Workstation users will receive it automatically during a system update in the next few weeks.
SecureDrop Inbox, the new window into the SecureDrop Workstation, has been rewritten from the ground up to replace the previous client application for existing journalist users.
Improving upon the core functionality, it also includes bug fixes, speed improvements, and a range of new features.
SecureDrop Workstation 1.5.2 has been released, as well as SecureDrop Client 0.17.4.
This update contains multiple security fixes, all of which are low or informational priority. We are not aware of any exploitation in the wild for any vulnerability.
The web’s security model has long relied on trusting the server. WEBCAT is an attempt to change that. Please help test it if you can. Your feedback at this early stage of development is extremely valuable. Excited to collaborate with @freedom.press & @securedrop.social.freedom.press.ap.brid.gy.
Web applications are only as trustworthy as their servers, and servers can get hacked. That’s why we are introducing WEBCAT, which lets web browsers verify the origin of code before it runs.
🌞 Today, WEBCAT enters alpha testing! If you like to experiment with cutting-edge software, give it a try:
One talk, “Improving the Trustworthiness of JavaScript on the Web,” will include industry representatives from @mozilla.org, @cloudflare.social, and Meta
SecureDrop is bringing our WEBCAT and SecureDrop Protocol projects to @rwc.iacr.org on March 9-11 in Taipei, Taiwan.
We’ll be presenting on establishing trust in web applications and on the next generation of SecureDrop!
Read more:
SecureDrop 2.14.0 has been released. This release ensures KeePassXC remains installed on Tails. It also lays groundwork for the upcoming SecureDrop App.
SecureDrop Client 0.17.2 has been released! This release addresses potential undefined behavior in a dependency.
What does it take to make web applications auditable?
Here's why reproducibility matters, and how WEBCAT—a framework for signing and verifying web applications—approaches the problem in practice.
Journalists are increasingly relying on insider sources, and protecting those sources is more important than ever.
Here's how SecureDrop is rising to the challenge, safeguarding whistleblowers’ anonymity against ever-evolving threats.
Catch our segment on @securedrop.org in @torproject.org's latest State of the Onion, alongside updates from other community projects:
SecureDrop Workstation 1.5.1 has been released! This minor fix addresses a Tails config location change found in version 2.13.0 of the SecureDrop server.
SecureDrop 2.13.0 is now available. This release primarily provides the securedrop-admin tool as a Debian package within Tails, and prepares for future availability of the securedrop-admin utility on Qubes OS.
SecureDrop Client 0.17.1 has been released! This release addresses a low-impact, high-complexity denial-of-service issue:
SecureDrop is building the next generation of anonymity tools for whistleblowers. SecureDrop software engineer Cory Myers and ETH Zurich researcher Felix Linker gave a talk in Montreal earlier this month about our new, custom messaging protocol:
SecureDrop Workstation 1.5.0 has been released! This version simplifies the installation process by allowing you to install a bootstrap package from the Qubes-Contrib repo, and removes the remaining dependencies on Whonix.
Tor is a critical component that helps make SecureDrop an effective tool for connecting journalists with anonymous sources.
Learn more about @torproject.org's efforts to Free the Internet:
Instructions on how to submit a news tip anonymously through SecureDrop: - Start from a place with public Wi-Fi, like a coffee shop. Use a computer you control. Never use a workplace computer. - Download and install Tor Browser from torproject.org and use it to visit howto.securedrop.tor.onion for next steps.
🚨 PSA: Do you have information to share with news outlets that have lost access to report from the Pentagon?
You can share it while protecting your anonymity using @securedrop.org:
Instructions on how to submit a news tip anonymously through SecureDrop: - Start from a place with public Wi-Fi, like a coffee shop. Use a computer you control. Never use a workplace computer. - Download and install Tor Browser from torproject.org and use it to visit howto.securedrop.tor.onion for next steps.
🚨 PSA: Are you a current or former federal employee and have information that you'd like to share with the press?
You can share it while protecting your anonymity using @securedrop.org:
Instructions on how to submit a news tip anonymously through SecureDrop: - Start from a place with public Wi-Fi, like a coffee shop. Use a computer you control. Never use a workplace computer. - Download and install Tor Browser from torproject.org and use it to visit howto.securedrop.tor.onion for next steps.
🚨 PSA: Journalists in Gaza are being targetted to prevent reporting on a UN-acknowledged program of genocide.
If you are an IDF member with information that could save lives and bring the war to a close, consider sharing it with the press safely via @securedrop.org:
We're simplifying how SecureDrop Workstation is installed!
Previously, users needed to manually download and verify an OpenPGP key; now we're eliminating that step without compromising on security.
Learn more in our blog post:
SecureDrop 2.12.10 has been released. This is a Journalist and Admin Workstation-only release, which adds support for the recent Tails 7 version.
securedrop.org/news/secured...
SecureDrop Workstation 1.4.0 has been released! This version integrates Tor directly in the sd-proxy VM instead of using Whonix, and fixes an issue that prevented USB devices from automatically attaching.
SecureDrop users, we have heard your requests for an updated support experience! We are now providing support directly via Signal, and will be completing a migration away from Redmine on Nov. 3, 2025
SecureDrop Workstation 1.3.0 has been released! This version allows users to import credentials during setup, and updates the Fedora base template to version 42, which re-enables SELinux.
SecureDrop Workstation 1.2.1 has been released!
This release introduces a preemptive fix to prevent potential breakage caused by a bad Qubes update. If you've already applied the bad update and are affected, instructions to manually fix it are in our advisory blog post.
SecureDrop 2.12.9 has been released. This version disables upgrades from Ubuntu Focal to Noble, and updates Tor Browser safety-level guidance in the Source Interface.
If your SecureDrop is still running Ubuntu Focal, please contact us for assistance in reinstalling with Ubuntu Noble.
On the 14th anniversary of @securedrop.org, we're proud to carry on Aaron Swartz's legacy.
SecureDrop is used by over 60 major news outlets worldwide to help sources connect with journalists in a secure and anonymous way.
securedrop.org
