In a functioning democracy, a free press plays a vital role in holding powerful institutions to account. But for journalism to thrive, citizens must be able to contact reporters securely—especially when revealing sensitive or controversial information. This is particularly challenging in an era of pervasive surveillance, where even the act of communication can raise suspicion.
This talk presents CoverDrop, a secure communication system now deployed in The Guardian’s news app, designed to help whistleblowers reach journalists without revealing their identity. Unlike traditional secure messaging tools, CoverDrop hides not just the content of messages, but the very existence of communication. It achieves this by sending regular, encrypted, fixed-size blocks of data to a central server and then on to journalists —whether or not a real message is present. This strategy ensures that observers, including network operators or state-level adversaries, cannot distinguish between genuine and dummy traffic.
We’ll walk through the full five-year journey from research to real-world deployment. Starting with workshops with journalists to understand their needs, we’ll share insights from user studies that shaped the design—some of which challenged conventional assumptions. We’ll explore the technical hurdles of implementing metadata privacy on modern smartphones, and the protocol design choices needed to support plausible deniability and high-latency communication. Finally, we’ll discuss the engineering work required to integrate CoverDrop into a production news app used by millions—highlighting lessons learned that go beyond academic prototypes.
This talk is a case study in how cryptography, usability, and systems engineering can come together to support press freedom in practice.
Link to join virtually: https://cam-ac-uk.zoom.us/j/89473073451
This talk is being recorded. If you do not wish to be seen in the recording, please avoid sitting in the front three rows of seats in the lecture theatre. Any questions asked will also be included in the recording. The recording will be made available on the Department’s webpage
