CoverDrop: A secure messaging system for newsreader apps
a year ago
- #journalism-security
- #encryption
- #confidential-communication
- CoverDrop is a system for confidential communication between news app users and journalists without leaving traces.
- The system includes mobile app modules, a cloud API, CoverNode services, and a desktop app for journalists.
- It ensures plausible deniability by making all app instances behave identically, whether used for secure communication or normal news consumption.
- Messages are encrypted and indistinguishable from routine 'cover messages' to prevent detection by network observers.
- Secure servers process messages asynchronously, distinguishing real messages from cover ones and delivering them to journalists via dead drops.
- Journalists can reply to sources using the source's public key, with replies handled similarly to incoming messages.
- Message storage on apps is uniformly encrypted, showing no evidence of secure communication if a device is seized without the passphrase.
- The project is documented in a white paper and includes various components like Android/iOS libraries, APIs, and CLI tools.
- Security is a priority, with a focus on confidentiality, integrity, and anonymity, and the team welcomes responsible disclosures.
- The software is classified under U.S. export controls but is eligible for export under certain exceptions.
- The repository is licensed under Apache License 2.0 and accepts feedback via email, including for security issues.