
Aaron Swartz’s last gift to journalism and online privacy finds a new home - trauco
http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/15/aaron-swartzs-last-gift-to-journalism-and-online-privacy-finds-a-new-home/
======
guelo
From the University of Washington security audit:

"The conclusion of our analysis is that many of the technical properties of
DeadDrop are decent; however, we do not believe that DeadDrop is yet ready for
deployment in an ecosystem with nation-state capable adversaries and non-
expert users. The lack of software versioning, reliance on VPN, the errors in
the installation and deployment documentation, leaking of document metadata,
and lack of anonymity best practices all contribute to our reluctance for
suggesting that DeadDrop is ready for mass deployment.

Additionally, the usability of the system is sometimes lacking, potentially
leading to insecure use. For example, DeadDrop requires a fair amount of
technical sophistication on behalf of journalists (such as being able to use
the GPG encryption software)6 and sources (such as being able to sanitize the
metadata in the submitted documents). We believe that this lack of usability
may lead to failures in anonymization. We enumerate the usability pitfalls we
found, as well as suggested remediation approaches in our report."

~~~
unhush
[Speaking as a contributor to the project] We tried to fix as many of the
security issues in that audit as we could before the 0.1 release, but we think
that the project could be redesigned to be more usable. Pull requests are
welcome! You can see some of the more pressing issues at
[https://github.com/freedomofpress/securedrop/issues?mileston...](https://github.com/freedomofpress/securedrop/issues?milestone=2&state=open).

One interesting question is: can we have the same level of security if we use
one server instead of three?
[https://github.com/freedomofpress/securedrop/issues/85](https://github.com/freedomofpress/securedrop/issues/85)

------
spurgu
Github repo:
[https://github.com/freedomofpress/securedrop/](https://github.com/freedomofpress/securedrop/)

------
devx
Source where you can donate to help the project along:

[https://pressfreedomfoundation.org/securedrop](https://pressfreedomfoundation.org/securedrop)

~~~
handsomeransoms
Pull requests welcome! (speaking as a contributor to the project)

------
danso
It'd be nice to hear some kind of numbers of whether it got much use at the
New Yorker, and what kind of hang ups they ran into. Aaron was a great person
and the kind of civic coder we need more of, but that doesn't mean he was an
immaculate expert at coding interfaces (both graphical and conceptual), and
the accessibility of this application is key. Accessibility, besides
cryptographic soundness, is probably the most important feature...its side
effect is adaptability, and while such an app is bound to have a small niche,
it needs active users and maintainers...Even the Tor Firefox browser fails
without proper updates

~~~
orborde
The security audit linked in the article [1] mentions that the researchers
submitted several documents via StrongBox, but never got a response.

[1] [http://homes.cs.washington.edu/~aczeskis/research/pubs/UW-
CS...](http://homes.cs.washington.edu/~aczeskis/research/pubs/UW-
CSE-13-08-02.PDF)

~~~
handsomeransoms
According to the New Yorker, they received the documents but did not respond
because they mistook them for input generated by their own internal tests. See
[1], linked from [2]

[1]
[http://homes.cs.washington.edu/~aczeskis/research/pubs/DeadD...](http://homes.cs.washington.edu/~aczeskis/research/pubs/DeadDrop-
The_New_Yorker-Reply-2013-09-03.pdf) [2]
[https://pressfreedomfoundation.org/blog/2013/10/how-we-
plan-...](https://pressfreedomfoundation.org/blog/2013/10/how-we-plan-keeping-
securedrop-secure-possible)

------
sneak
> Since then, the application has gone through an extensive security audit led
> by a team at the University of Washington, which also included input from
> noted information security experts Bruce Schneier and Jacob Appelbaum.

I bet this is like that time Jake was in the room when a bunch of Europeans
cracked the PKI and he made sure to get his name on the list.

Seeing him listed next to people who actually know what they're doing is a sad
testament to his ability to play the media.

------
unhush
SF folks who want to contribute to SecureDrop: we're having a SecureDrop
hackathon as part of the Aaron Swartz Memorial Hackathon series Nov. 8-10:
[http://aaronswartzhackathon.org/](http://aaronswartzhackathon.org/)

The event kicks off at Internet Archive on Friday night, and will be at
Noisebridge all weekend after that.

~~~
GuerraEarth
I blush for MIT. There's something grossly wrong at the admin level of a lot
of schools.

------
nathan_long
Excellent. Journalists are the prime example of people who "have something to
hide" for a good reason. I hope this tech continues to get refined.

------
emhart
Question for contributors/maintainers:

Once a reporter has taken possession/responsibility for your communication, do
your future communications still end up in the general bucket, or can they be
restricted only to that reporter?

~~~
handsomeransoms
They still end up in the general bucket.

At the moment, the design is such that there is a single "master" public key
for each Securedrop installation that all submissions are encrypted with. The
journalists are advised to download the encrypted submissions, transfer them
to the airgapped Viewing Station, decrypt them with the "master" private key
(which is only stored there), and then optionally re-encrypt them to their
personal public key if they want to transfer them to their personal
workstations.

It would certainly be possible for this process to be automated with some
additions to the journalist backend, and in that case once a journalist had
taken responsibility for a particular source's communications, further
communications could be restricted for their eyes only.

~~~
emhart
Thanks for the info! I imagine that for people reaching out who may need to
establish an ongoing, anonymous, relationship with a reporter, the ability to
use the same system the reporter is familiar with, but know that it will only
be them viewing it, might be a useful feature.

------
SomethingFromA
Just wondering how its secure, and anonymous when every
meta/sub/unknown/etc...particle(WIMPs/etc..) is monitored in (more then[future
analysis through simulation])real-time for each individual entity in/out-of
existence.

Whatever, you'll know when it hits you...

~~~
piratebroadcast
My attempt at a translation: I wonder how secure and anonymous it can be, when
it seems that everything, maybe even subatomic particles, are monitored in
real time. (And people are possibly using simulations to predict the future?)

~~~
Loughla
Your ability to speak 'stoned' is amazing.

------
pivnicek
A great project. RIP AS. HOPE and BUILD HOPE. Thank you.

