CoverDrop: Blowing the Whistle Through A News App

Authors: Mansoor Ahmed-Rengers (OpenOrigins Limited and University of Cambridge), Diana A. Vasile (Department of Computer Science and Technology, University of Cambridge), Daniel Hugenroth (Department of Computer Science and Technology, University of Cambridge), Alastair R. Beresford (Department of Computer Science and Technology, University of Cambridge), Ross Anderson (Department of Computer Science and Technology, University of Cambridge)

Volume: 2022
Issue: 2
Pages: 47–67
DOI: https://doi.org/10.2478/popets-2022-0035

Download PDF

Abstract: Whistleblowing is hazardous in a world of pervasive surveillance, yet many leading newspapers expect sources to contact them with methods that are either insecure or barely usable. In an attempt to do better, we conducted two workshops with British news organisations and surveyed whistleblowing options and guidelines at major media outlets. We concluded that the soft spot is a system for initial contact and trust establishment between sources and reporters. CoverDrop is a two-way, secure system to do this. We support secure messaging within a news app, so that all its other users provide cover traffic, which we channel through a threshold mix instantiated in a Trusted Execution Environment within the news organisation. CoverDrop is designed to resist a powerful global adversary with the ability to issue warrants against infrastructure providers, yet it can easily be integrated into existing infrastructure. We present the results from our workshops, describe CoverDrop’s design and demonstrate its security and performance.

Keywords: whistleblowing, anonymous communication, mobile application

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.