Skip to main content

Dead Drop

http://deaddrop.github.io/



Fork DeadDrop
DeadDrop Documentation

DeadDrop is a server application intended to let news organizations and
others set up an online drop box for sources. It's open source software
written by Aaron Swartz in consultation with a volunteer team of
security experts. In addition to Aaron's code, the project includes
installation scripts and set-up instructions both for the software, and
for a hardened Ubuntu environment on which to run it.

DeadDrop was created with the goal of placing a secure drop box within
reach of anyone with the need. But at this point expertise is still
required to safety deploy this software. And the software itself needs
more work.

DeadDrop is free software: you can redistribute it and/or modify it
under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at
your option) any later version. This program, and all material
accompanying it, is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
General Public License for more details.

The code is is a Python application that accepts messages and documents
from the web and GPG-encrypts them for secure storage. Essentially, it's
a more secure alternative to the "contact us" form found on a typical
news site.

In operation, every source is given a unique "codename." The codename
lets the source establish a relationship with the news organization
without revealing her real identity or resorting to e-mail. She can
enter the code name on a future visit to read any messages sent back
from the journalist -- "Thanks for the Roswell photos! Got any more??"
-- or submit additional documents or messages under the same persistent,
but anonymous, identifier.

The source is known by a different code name on the journalist's side.
All of that source's submissions are grouped together into a
"collection." Every time there's a new submission by that source, their
collection is bumped to the top of the submission queue.

DeadDrop was designed to use three physical servers: a public-facing
server, a second server for storage of messages and documents, and a
third that does security monitoring of the first two. The New Yorker's
public-facing server also has a USB dongle called an Entropy Key plugged
attached to generate a pool of random numbers for the crypto.

The web app was coded and architected by Aaron Swartz. The hardening
guide and other security material is the work of James Dolan. The
default web design and the DeadDrop logo were crafted by Dennis
Crothers. Journalist Kevin Poulsen organized the project. The New Yorker
launched the first implementation as the New Yorker Strongbox in May 2013.

5/13/2013

Comments

Popular posts from this blog

The Difference Between LEGO MINDSTORMS EV3 Home Edition (#31313) and LEGO MINDSTORMS Education EV3 (#45544)

http://robotsquare.com/2013/11/25/difference-between-ev3-home-edition-and-education-ev3/ This article covers the difference between the LEGO MINDSTORMS EV3 Home Edition and LEGO MINDSTORMS Education EV3 products. Other articles in the ‘difference between’ series: * The difference and compatibility between EV3 and NXT ( link ) * The difference between NXT Home Edition and NXT Education products ( link ) One robotics platform, two targets The LEGO MINDSTORMS EV3 robotics platform has been developed for two different target audiences. We have home users (children and hobbyists) and educational users (students and teachers). LEGO has designed a base set for each group, as well as several add on sets. There isn’t a clear line between home users and educational users, though. It’s fine to use the Education set at home, and it’s fine to use the Home Edition set at school. This article aims to clarify the differences between the two product lines so you can decide which...

Let’s ban PowerPoint in lectures – it makes students more stupid and professors more boring

https://theconversation.com/lets-ban-powerpoint-in-lectures-it-makes-students-more-stupid-and-professors-more-boring-36183 Reading bullet points off a screen doesn't teach anyone anything. Author Bent Meier Sørensen Professor in Philosophy and Business at Copenhagen Business School Disclosure Statement Bent Meier Sørensen does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. The Conversation is funded by CSIRO, Melbourne, Monash, RMIT, UTS, UWA, ACU, ANU, ASB, Baker IDI, Canberra, CDU, Curtin, Deakin, ECU, Flinders, Griffith, the Harry Perkins Institute, JCU, La Trobe, Massey, Murdoch, Newcastle, UQ, QUT, SAHMRI, Swinburne, Sydney, UNDA, UNE, UniSA, UNSW, USC, USQ, UTAS, UWS, VU and Wollongong. ...

Logic Analyzer with STM32 Boards

https://sysprogs.com/w/how-we-turned-8-popular-stm32-boards-into-powerful-logic-analyzers/ How We Turned 8 Popular STM32 Boards into Powerful Logic Analyzers March 23, 2017 Ivan Shcherbakov The idea of making a “soft logic analyzer” that will run on top of popular prototyping boards has been crossing my mind since we first got acquainted with the STM32 Discovery and Nucleo boards. The STM32 GPIO is blazingly fast and the built-in DMA controller looks powerful enough to handle high bandwidths. So having that in mind, we spent several months perfecting both software and firmware side and here is what we got in the end. Capturing the signals The main challenge when using a microcontroller like STM32 as a core of a logic analyzer is dealing with sampling irregularities. Unlike FPGA-based analyzers, the microcontroller has to share the same resources to load instructions from memory, read/write th...