{"id":56455,"date":"2015-04-13T12:00:54","date_gmt":"2015-04-13T11:00:54","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=56455"},"modified":"2015-05-05T21:25:51","modified_gmt":"2015-05-05T20:25:51","slug":"our-securedrop-system-for-leaks-now-uses-https","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2015\/04\/our-securedrop-system-for-leaks-now-uses-https\/","title":{"rendered":"Our SecureDrop System for Leaks Now Uses HTTPS"},"content":{"rendered":"

\"securedrop-article-display-b<\/a>8 Apr 2015 – <\/em>We\u2019re happy to announce that sources can now access our SecureDrop document-submission website\u00a0using HTTPS. Although\u00a0SecureDrop connections were already encrypted previously,\u00a0our new setup provides leakers with additional assurance that they are connecting with the authentic\u00a0Intercept<\/em> SecureDrop and not an impostor.<\/p>\n

You can visit our SecureDrop server by pointing\u00a0the\u00a0Tor Browser<\/a>\u00a0here: https:\/\/y6xjgkgwj47us5ca.onion\/<\/strong><\/p>\n

SecureDrop runs as\u00a0a \u201chidden service<\/a>\u201d within the anonymous web\u00a0network\u00a0Tor. A hidden service is a special kind of server that\u00a0is\u00a0only accessible through Tor and has a\u00a0domain name ending in .onion (Tor was originally called The Onion Router because it works by creating layers upon layers of encryption to hide users\u2019 IP addresses).<\/p>\n

The Intercept\u2019<\/em>s SecureDrop installation\u00a0is\u00a0only\u00a0the third Tor hidden service to receive a browser-trusted HTTPS certificate, following Facebook<\/a> and the Bitcoin website Blockchain.info<\/a>.\u00a0HTTPS provides two things: Confidentiality \u2014 data shared between web browsers and HTTPS websites is encrypted \u2014 and authentication \u2014 web browsers can verify that they\u2019re visiting the website the user thinks they\u2019re visiting. Authentication helps\u00a0prevent man-in-the-middle attacks, which occur when an attacker entices someone to open\u00a0an encrypted connection to\u00a0the\u00a0attacker\u2019s server by impersonating the real server.<\/p>\n

Even without HTTPS, the connection between Tor Browser and our SecureDrop hidden service\u00a0was\u00a0already encrypted. Adding HTTPS provides a second redundant layer of encryption, and it also adds authentication. So if a source finds herself visiting a SecureDrop website that looks like it belongs to The Intercept<\/em>, she can inspect our SSL certificate to confirm that it actually belongs to us and isn\u2019t a honeypot posing as our SecureDrop website \u2014 or at least confirm that this is the case according to\u00a0DigiCert, the certificate authority that issued our SSL certificate.<\/p>\n

The future of combining HTTPS and the .onion top-level domain is uncertain because .onion is not an officially recognized top-level domain. But\u00a0the gears<\/a> are\u00a0in motion<\/a> to get .onion recognized as a \u201cSpecial-Use Domain Name.\u201d We won\u2019t know for sure if we get to keep our SSL certificate until the Internet Engineering Steering Group<\/a> agrees on whether or not to make .onion a standard, a decision slated to be made in\u00a0October.<\/p>\n

Until then, our sources can enjoy this extra layer of protection when they communicate with us through SecureDrop.<\/p>\n

_______________________<\/p>\n

Email the author: micah.lee@theintercept.com<\/a><\/em><\/p>\n

Go to Original \u2013 firstlook.org<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The new setup helps assure leakers they are connecting with the authentic Intercept SecureDrop and not an impostor.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-56455","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/56455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=56455"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/56455\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=56455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=56455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=56455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}