Submitted by Rachel Gardner on Mon, 09/06/2025 - 08:13
From today, whistleblowers can contact journalists more securely thanks to a new confidential messaging technology co-developed by researchers here and software engineers at The Guardian.
The Guardian is launching Secure Messaging today (9 June) as a module within its mobile news app to provide a secure and usable method of establishing initial contact between journalists and sources. It builds on a technology – CoverDrop – that was developed by researchers here and includes a wide range of security features.
Notably, these include the mobile news app automatically generating regular decoy messages to the Guardian. This creates 'air cover' for genuine messages, even when they are passing through the cloud, preventing an adversary from finding out if any communication between a whistleblower and a journalist is taking place.
"This provides whistleblowers with plausible deniability," say researchers Prof Alastair Beresford (right) and Dr Daniel Hugenroth, who led the development of CoverDrop. "That's important in a world of pervasive surveillance where it has become increasingly hazardous to be a whistleblower."
The technology also provides digital 'dead drops' – like virtual bins or park benches – where messages are left for journalists to retrieve. And these are just two of a suite of functions that protect a source from discovery even if their smartphone is seized or stolen.
"The Guardian is committed to public-interest journalism. Much of this is possible thanks to first-hand accounts from witnesses to wrongdoing. We believe whistleblowing is an important part of a functioning democracy, and will always do our utmost to avoid putting sources at risk. So we're delighted to have worked with the University of Cambridge on turning their groundbreaking CoverDrop research into a reality," says Luke Hoyland, product manager for investigations and reporting at The Guardian.
"Providing plausible deniability for sources is important in a world of pervasive surveillance where it has become increasingly hazardous to be a whistleblower ."
Prof Alastair Beresford and Dr Daniel Hugenroth, Department of Computer Science and Technology
The CoverDrop technology encrypts outgoing messages between the source and their named contact at the news organisation to ensure no other party can read their content. For this it relies on cryptography using digital security key pairs consisting of a public and a secret key.
A pair of keys
The source is given the public key that instructs the existing encryption technology on their smartphone to encrypt their messages to The Guardian. This key only works one way, so it can lock – but not unlock – their messages. The only person able to decode them is the whistleblower's named contact at The Guardian who uses their secret key to retrieve and decode the messages left in the dead drop.
The CoverDrop technology also pads all messages to the same length, again making it harder for adversaries – whether acting on their own behalf or for an organisation or state – to distinguish real messages from decoy ones.
The new system fulfils a need long identified by media organisations: that of providing a highly secure, yet easy-to-use, system for potential sources who want to contact them with sensitive information.
"We're delighted to have worked with Cambridge University on turning their ground-breaking CoverDrop research into a reality."
Luke Hoyland, The Guardian
The CoverDrop research here at Cambridge University began with workshops with British news organisations to find out how potential sources first contacted them. The researchers learned that whistleblowers often reach out to them via platforms that are either insecure or hard to use.
Prof Beresford explains that when they started looking for a practical solution to this problem, "we realised that news organisations already run a widely available platform from which they can offer a secure, usable method of initial contact – their mobile news app."
"When sources send messages, their confidentiality and integrity can be assured through the secure messaging protocols on their smartphone," adds Dr Hugenroth (right). "CoverDrop goes one step further and also protects the communication patterns between sources and journalists through using decoy messages to provide cover, and padding all messages to the same length."
Importantly, the researchers say, users of the Guardian's new Secure Messaging system won't need to install any specialist software that chews up large amounts of battery power or slow up their phones.
Leaving no trace
Its simple interface looks and works just like a typical messaging app. And crucially, there are no traces left on the device that the system has ever been used on that phone before.
"When you open the app," says Prof Beresford, "even if you've already set up an account on it, the Secure Messaging feature will look as though you haven't used it. Its home screen will only offer two prompts – 'Get started' or 'Check your message vault'. This is because if it's stolen, or a user is under duress, we don’t want your phone to reveal to anyone that you’ve already used it."
The development of the original CoverDrop research here at Cambridge began in the years after the whistleblower Edward Snowden, a former US intelligence contractor, leaked classified documents revealing the existence of global surveillance programmes.
'Mass surveillance infrastructure'
This showed, the researchers said, the "mass surveillance infrastructure available to nation states, which has profound implications for those who wish to expose wrongdoing within companies, organisations, and government."
Work on CoverDrop was first unveiled at an international Symposium on Privacy-Enhancing Technologies in 2022 by the researchers here (who originally included our late colleague Prof Ross Anderson, a highly regarded leader in security engineering and privacy).
When they published their peer-reviewed paper on the research at the conference, it attracted interest from The Guardian which, in collaboration with the researchers, subsequently helped develop CoverDrop from an academic prototype into a technology that is fully usable in the 'real world'.
"The free press fulfils an important function in a democracy," says Prof Beresford. "It can provide individuals with a mechanism through which they can hold powerful people and organisations to account. We're delighted that The Guardian is the first media organisation to adopt CoverDrop and will use it to help protect their sources."
He adds: "All the CoverDrop code that was developed will be available online and open source. This transparency is essential for security critical software and allows others to audit and improve it. Open sourcing the code also means that other news organisations, particularly those with expertise in investigative journalism, could also use it. We would be excited to see them do so."
References
- The 2022 research paper on CoverDrop was CoverDrop: Blowing the Whistle Through A News App by Mansoor Ahmed-Rengers, Diana A. Vasile, Daniel Hugenroth, Alastair R. Beresford and Ross Anderson, University of Cambridge.
- A new technical report on CoverDrop, describing its architecture and explaining how it works, is available here
