Tried to login using my existing codename, but SecureDrop says “Sorry, that is not a recognized codename.” That doesn’t make any sense, because it’s always worked before without any problem.
Why is it doing this (not recognizing any of my codenames), and what’s the solution?
Hi Mulder,
Thank you for writing to us. First of all, a note of caution: the fact that you have contacted us on a public forum means that your anonymity is likely compromised. If anonymity is important to your situation, please be aware of this before proceeding any further, and please do not provide any potentially-identifying details or followup to us here in this space.
On to the answer: If a codename is not accessible, and you are 100% sure it the right codename (no typos/memorization errors), there are a few possible explanations. A news organization may have deleted source(s) from their database, or made configuration changes to their SecureDrop and not restored their database from a backup, or restored from a backup taken before a given codename was created.
In all cases, the way to contact this news organization via SecureDrop is to create a new codename.
Do not submit or refer to your old codename in your conversation with the newsroom, since they see a completely different name/identifier for you (and since your codename is a passphrase that should always be kept secret).
I hope this is helpful and I wish you the best.
Rowen
SecureDrop Support team
Hi Mulder,
Really sorry that this is still an ongoing problem. A quick note: the codename is case-sensitive and the whitespaces between words are required, exactly as it is presented to you when you create it. If this does not solve the problem, then there may be a misconfiguration of the specific SecureDrop instance you are trying to access (please do not share the name of the instance in this forum).
If you are able to send this instance a message successfully under a new codename, you may wish to do so, alerting them to this issue.
I’m sorry we can’t be of more assistance–for security and privacy reasons we have no access to information about the operation of any of the SecureDrop instances, so we rely on the instance contacting us for tech support in order to resolve any issues that may arise.
Wish you the best.
Rowen
SecureDrop Support team
There are no errors in the codename (copy/paste copies everything accurately), so that’s not the problem. Creating new codenames doesn’t work; they’re not accepted, either.
So what am I supposed to tell the people running this instance of SecureDrop to do to fix their problems, which they should be monitoring anyway?
Hi Mulder,
First, verify that the instance you’re connecting to is the correct one - either via their landing page or via the Securedrop directory at https://securedrop.org/directory/ . It is possible (though very unlikely) that a malicious actor could set up an onion service masquerading as a legitimate SecureDrop instance. If the instance uses HTTPS, you can check that as well using the icon on the left-hand side of the address bar.
If you are confident that you have the right address, visit it using the latest Tor Browser version, with the Security Level set to Safest (via the shield icon on the right-hand side of the address bar), and try creating a new code name by choosing Get Started, and then Submit Documents.
If this works, then the instance is probably in good health - chances are your original codename has been deleted by the organization, possibly because they didn’t expect further communications.
If it does not, then there is definitely an issue with the instance itself. As mentioned previously, we have no visibility into instances, so we can’t tell which one you’re using (and you should not tell us, for anonymity-preservation’s sake). If they offer an alternative tipline mechanism that you’re comfortable using, it may make sense to reach out to them via that. If not, and you have information that you want the press to have, it might make sense to find an alternative organization with a working instance.
All the best,
Kevin.
