DeadDrop is a server application intended to let news organizations and others set up an online drop box for sources. It's open-source software written by Aaron Swartz in consultation with a volunteer team of security experts. In addition to Aaron's code, the project includes installation scripts and set-up instructions both for the software, and for a hardened Ubuntu environment on which to run it.
DeadDrop was created with the goal of placing a secure drop box within reach of anyone with the need. But at this point, expertise is still required to safely deploy this software. And the software itself needs more work.
DeadDrop is free software: You can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the license, or (at your option) any later version.
The code is a Python application that accepts messages and documents from the web and GPG encrypts them for secure storage. Essentially, it's a more secure alternative to the "contact us" form found on a typical news site.
In operation, every source is given a unique "code name". The code name lets the source establish a relationship with the news organization without revealing her real identity or resorting to email. She can enter the code name on a future visit to read any messages sent back from the journalist — "Thanks for the Roswell photos! Got any more??" — or submit additional documents or messages under the same persistent, but anonymous, identifier.
The source is known by a different code name on the journalist's side. All of that source's submissions are grouped together into a "collection". Every time there's a new submission by that source, their collection is bumped to the top of the submission queue.
DeadDrop was designed to use three physical servers: A public-facing server, a second server for storage of messages and documents, and a third that does security monitoring of the first two. The New Yorker's public-facing server also has a USB dongle called an Entropy Key, plugged attached to generate a pool of random numbers for the crypto.
To use it, users need to first download and install software to access the Tor network. This is a combination of free software and internet-connected computers that help enable anonymity on the internet. Once you're on Tor, you'll need to go to the Strongbox website.
Once there, you will be assigned a randomly generated and unique code name, and you'll be able to post information to The New Yorker. If a writer or editor then wants to contact you about the information you have submitted, he or she will leave a message for you in Strongbox. These messages are the only way they will be able to reach you, and can only be accessed using your code name.
When you visit or use their public Strongbox server, The New Yorker and its parent company, Condé Nast, promise that it will not record your IP address or information about your browser, computer, or operating system, nor will they embed third-party content or deliver cookies to your browser.
The Strongbox servers themselves are under the physical control of The New Yorker and Condé Nast in a physically and logically segregated area at a secure datacenter, but they otherwise have no elements in common with Condé Nast, The New Yorker's publisher. As Amy Davidson, a New Yorker senior editor wrote, "Over the years, it has also become easier to trace [email] senders, even when they don’t want to be found. Strongbox addresses that. As it's set up, even we won't be able to figure out where files sent to us come from. If anyone asks us, we won’t be able to tell them."