New Yorker opens Strongbox - a Tor-based anonymous drop site
The New Yorker magazine has launched Strongbox, an anonymous dead-drop site that allows people to share messages and files anonymously with the writers and editors of the magazine. It does this in part by being only accessible through the Tor anonymising network.
Based on the DeadDrop software, a free software (AGPLv3) platform written by Aaron Swartz, the application allocates every source a "code name". It is this "code name" which allows the source to be contacted without revealing their identity. Each incoming document is GPG-encrypted before storage. Journalists see a different "code name" and communications are grouped into collections related to this anonymous identifier.
The hardware behind the system requires three physical servers; one is a public-facing server, another is tasked with storing information and the third monitors the security of the other two servers. The New Yorker installation also has an Entropy Key plugged into the public-facing server.
Strongbox originated in 2011 with a meeting at the Wired office between Aaron Swartz and Kevin Poulsen, according to an article in the New Yorker. The DeadDrop system became a "backburner project" for both and, over 2012, James Dolan, a security expert, convinced three of his industry colleagues to help ensure that the system was anonymous and secure. Stable code and a planned launch date was set in December 2012, but the death of Swartz brought a halt to the project. Swartz's intellectual property was willed to Sean Palmer, who has since blessed the project, and Swartz's executor said his family and friends approved of the launch of Strongbox.
The installation scripts and set-up instructions, including how to harden an Ubuntu environment to run it, produced by James Dolan, are included with DeadDrop. The project is available to fork from GitHub. Although the project was designed to make secure dead-drop systems available to all, at this point the developers do say that expertise is needed to safely deploy it and the actual code still needs more work. With the first implementation now running at the New Yorker, the software will see practical use and hopefully fulfil its design goals.
(djwm)