We’re happy to announce that sources can now access our SecureDrop document-submission website using HTTPS. Although SecureDrop connections were already encrypted previously, our new setup provides leakers with additional assurance that they are connecting with the authentic Intercept SecureDrop and not an impostor.
You can visit our SecureDrop server by pointing the Tor Browser here: https://y6xjgkgwj47us5ca.onion/
SecureDrop runs as a “hidden service” within the anonymous web network Tor. A hidden service is a special kind of server that is only accessible through Tor and has a domain name ending in .onion (Tor was originally called The Onion Router because it works by creating layers upon layers of encryption to hide users’ IP addresses).
The Intercept’s SecureDrop installation is only the third Tor hidden service to receive a browser-trusted HTTPS certificate, following Facebook and the Bitcoin website Blockchain.info. HTTPS provides two things: Confidentiality — data shared between web browsers and HTTPS websites is encrypted — and authentication — web browsers can verify that they’re visiting the website the user thinks they’re visiting. Authentication helps prevent man-in-the-middle attacks, which occur when an attacker entices someone to open an encrypted connection to the attacker’s server by impersonating the real server.
Even without HTTPS, the connection between Tor Browser and our SecureDrop hidden service was already encrypted. Adding HTTPS provides a second redundant layer of encryption, and it also adds authentication. So if a source finds herself visiting a SecureDrop website that looks like it belongs to The Intercept, she can inspect our SSL certificate to confirm that it actually belongs to us and isn’t a honeypot posing as our SecureDrop website — or at least confirm that this is the case according to DigiCert, the certificate authority that issued our SSL certificate.
The future of combining HTTPS and the .onion top-level domain is uncertain because .onion is not an officially recognized top-level domain. But the gears are in motion to get .onion recognized as a “Special-Use Domain Name.” We won’t know for sure if we get to keep our SSL certificate until the Internet Engineering Steering Group agrees on whether or not to make .onion a standard, a decision slated to be made in October.
Until then, our sources can enjoy this extra layer of protection when they communicate with us through SecureDrop.
Why would whistleblowers send information to The Intercept when it has yet to publish thousands of records provided by Snowden?
excellent. We need to applaud this move by the intercept.
I’m having a hard time here seeing why more central control by the domain name racket would be a good thing, especially over something like TOR. I mean, they don’t even recognize the names yet and already they’re telling you whether you can have this authentication certificate? What if back in 1970 people had decided that every phone book had to be merged into the Yellow Pages, and computer addresses are a phone book?
Can you also publish your TSL fingerprints? So we don’t have to trust certificate authorities.
Absolutely; CA authentication has proven to be vulnerable, if not entirely compromised.
Adding a CA-signed SSL certificate doesn’t make us any more reliant on CAs than we were before.
Before you had to hope that you’re using the correct .onion address, and you could verify that you are by looking at https://firstlook.org/theintercept/securedrop to compare (which relies on HTTPS), or finding our .onion address from other sources, like when we have tweeted it (which also relies on HTTPS).
By adding HTTPS you have the exact same tools available to confirm the identity of our hidden service you did before, plus one extra one–you can inspect the SSL certificate.
The extra layer of encryption provided by HTTPS is also a very good thing. Hidden services use 1028-bit RSA keys, but the HTTPS layer is stronger.
loooool took ya long enough to switch from http to https. but I’m sure it makes no real difference since they have quantum.
I had an indepth conversation with Paul McMillan here: https://twitter.com/headhntr/status/585869895352451072 – While my initial gut reaction is to not introduce third parties into the exchange between whistleblower and hidden service, my initial worries have been alleviated. Your welcome to remove my initial comment. Cheers.
American torture subjects need not apply.
Thanks, TI.
This is not a good idea.
You should turn this off.
SecureDrop was created to address the “initial contact” problem of whistleblowing. That is, if my calls, emails, and web visits are being monitored, I can’t even make first contact with a journalist. Example: If a potential whistleblower working for a government agency attempts to contact Glenn Greenwald, red flags go off. The Government employee is then questioned.
SecureDrop is great, because you can visit it via Tor. While your ISP or VPN may know that you are visiting Tor, it will not know what exact page you are visiting. There is not metadata to connect you to a journalist publication.
Adding TLS to SecureDrop destroys this. Every time I visit The Intercept’s SecureDrop a call is made to DigiCert. This is metadata. This exposes to eavesdroppers and monitors that I have made initial contact to a journalist publication (and one known for working with whistleblowers).
This “redundant” measure adds metadata and removes the major reason for having SecureDrop in the first place. Please remove it and go back to how it was running before.
No it is not redundant. It is an extra layer of security. tor + tsl + gpg = awesome encryption.
Remember that you don’t really contact digicert directly (IF AT ALL – certs are usually stored locally and dont have to be queried), but rather through tor.
I appreciate it Jane. Had a long conversation here: https://twitter.com/headhntr/status/585869895352451072 – My biggest fears are alleviated.
I still don’t like the idea of introducing a third party. Seems like it opens up an attack surface. That said, from what I can tell, this is secure. Cheers for the response!
One improvement suggestion to this already neat summary! Hyperlink Tor Browser’s download page directly — https://www.torproject.org/download/download-easy.html.en — instead of the general project homepage ;-)