search

freedomofpress / securedrop

GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!
https://securedrop.org/
Other
3.62k stars 687 forks source link

Compile a list of SD 'Success Stories' #257

Closed Hainish closed 7 years ago

Hainish commented 10 years ago

It would be great to have a list of success stories, where SD has been instrumental to getting a leak out.

kenmcd commented 10 years ago

An updated list of publications using SecureDrop is also needed. Right now the known users list has only two publications:

Any others?

One of those two did mention that they had received info which did help break some stories. No specifics though. Think it was Forbes; could find the article if interested.

trevortimm commented 10 years ago

There's at least two more: The Global Mail in Australia and BalkanLeaks (they've said they've received MBs worth of data and have already published a story using it.)

But actually, @dolanjs had an even better idea than just a "success" page. We're going to create a page with all the Tor hidden service URLs of organizations running SecureDrop that we have verified meet our minimum deployment best practices guide. Essentially, they will be the organizations using HTTPS, don't use tracking cookies or ads on their landing page, and are using all the appropriate security headers.

This will hopefully force them to become more security conscious about the SecureDrop landing page, but also potentially push them to implement better security practices overall too.

kenmcd commented 10 years ago

Organizations Using SecureDrop - (2014-01-15)

Balkanleaks - BalkanDrop Balkan Leaks Website: https://www.balkanleaks.eu About BalkanDrop: https://www.balkanleaks.eu BalkanDrop Tor URL: http://yuvwqufxbalkan6m.onion

Forbes - SafeSource Forbes Website: http://www.forbes.com About SafeSource: https://safesource.forbes.com SafeSource Tor URL: http://2xtsq3ekkxjpfm4l.onion

The Global Mail - TGM Vault The Global Mail Website: http://www.theglobalmail.org About TGM Vault: https://sources.theglobalmail.org TGM Vault Tor URL: http://6vhfob5xhued4dym.onion

The New Yorker - Strongbox The New Yorker Website: http://www.newyorker.com About Strongbox: http://www.newyorker.com/strongbox Strongbox Tor URL: http://tnysbtbxsf356hiy.onion

garrettr commented 10 years ago

@kenmcd Thanks for compiling that, great start!

I think we can extend James's site to list both "certified" installations and known installations. That might also encourage non-certified installations to improve their practices in order to become certified (although I don't want to create an administrative nightmare for us to communicate with and certify installations - that in itself could become a full time job).

ageis commented 10 years ago

ProPublica Website: http://www.propublica.org/ Landing page: https://securedrop.propublica.org/ Tor URL: http://qzpl6f4fyx4pxzdu.onion/

@dolanjs said there are two worthwhile statistics to get from these organizations: # of submissions that have resulted in published articles, and percent of submissions that qualify as spam.

garrettr commented 10 years ago

@ageis Are you working on this?

@trevortimm Can we get an updated list here? I understand there are some organizations in the Netherlands that we just learned are using it (they set it up themselves).

ageis commented 10 years ago

Yeah this seems like something I will eventually get around to.

The Intercept Website: https://firstlook.org/theintercept/ Landing page: https://firstlook.org/theintercept/securedrop/ Tor URL: http://ofwvo6t3agiiwcrq.onion/

trevortimm commented 10 years ago

Yeah @ageis and I will have this done for the 0.3 launch.

Sent from my iPhone

On Mar 29, 2014, at 7:23 PM, "Kevin M. Gallagher" notifications@github.com wrote:

Yeah this seems like something I will eventually get around to.

The Intercept Website: https://firstlook.org/theintercept/ Landing page: https://firstlook.org/theintercept/securedrop/ Tor URL: http://ofwvo6t3agiiwcrq.onion/

— Reply to this email directly or view it on GitHub.

jakesylvestre commented 10 years ago

Go to the propublica URL landing page its changed

redshiftzero commented 8 years ago

There have been a few recent public admissions of the use of SecureDrop for important stories - here and here - so this seems like it can be tackled now.

psivesely commented 8 years ago

https://www.wired.com/2015/11/securedrop-leak-tool-produces-a-massive-trove-of-prison-docs/

redshiftzero commented 7 years ago

This list of public stories that have come through securedrop seems like something that would best go on securedrop.org as at least another FAQ, added it to the FPF-internal TODO for that website revamp (SD-4). Feel free to add more here as they are announced

conorsch commented 7 years ago

Since this issue was opened, we've launched the SecureDrop Directory: https://securedrop.org/directory More recently, we've seen a ton of coverage on the project, including:

Honestly, I'm not sure that there's still an extent need to "Compile SD success stores"—I feel that's largely been done already, both by the community and by FPF. If anyone agrees (cc @redshiftzero @fowlslegs), go ahead and close this.

redshiftzero commented 7 years ago

Sure, makes sense. Closing!