Popular U.S. magazine The New Yorker has made available for its potential sources an anonymous dead-drop tool that allows them to send and receive messages and files to the publication’s journalists without revealing their actual identity.
It’s called Strongbox, and is only accessible using the Tor network.
The tool is based on DeadDrop, an open source software written mostly by the late Aaron Swartz and finally brought into the light by security expert James Dolan and a few of its colleagues.
“When you visit or use our public Strongbox server at http://tnysbtbxsf356hiy.onion, The New Yorker and our parent company, CondÃ© Nast, will not record your I.P. address or information about your browser, computer, or operating system, nor will we embed third-party content or deliver cookies to your browser,” says The New Yorker’s “privacy promise”.
“Strongbox is designed to be accessed only through a ‘hidden service’ on the Tor anonymity network, which is set up to conceal both your online and physical location from us and to offer full end-to-end encryption for your communications with us. This provides a higher level of security and anonymity in your communication with us than afforded by standard e-mail or unencrypted Web forms,” it explains, but warns that the tool does not provide perfect security.
“Among other risks, if you share your unique code name, or if your computer is compromised, any activities, including communications through Strongbox, should be considered compromised as well.”
DeadDrop is free software that can be modified and used under the terms of the GNU Affero General Public License v3 or any later version, so we can expect other media or whistleblower sites to implement it.
According to the documentation that goes with it, to use DeadDrop you must have three servers: a public-facing server, a second server for storage of messages and documents, and a third that does security monitoring of the first two.