Do you log Tor circuit information for SecureDrop traffic?

No. Tor traffic is end-to-end encrypted between the source and the hidden service. The Anubiz network records aggregate traffic volumes for billing and abuse detection but does not log Tor circuit data, which we do not have access to in any case.

What is the response to an Espionage Act subpoena for a SecureDrop instance?

Espionage Act process from the US has no direct legal effect in Iceland or Romania. A formal MLAT request can be made but typically fails when the underlying matter is political. We have not historically disclosed SecureDrop instance data on US federal request.

Can sources submit documents over Tor without revealing their location?

Yes. That is the entire point of the SecureDrop architecture. The Tor circuit between the source and the hidden service does not reveal source IP to either the hidden service operator or to Anubiz.

Do you offer managed SecureDrop?

Not as a turnkey product. We provide the hardened VPS layer; the SecureDrop installation and operational discipline are the newsroom's responsibility. The Freedom of the Press Foundation publishes the canonical installation guide.

What if my SecureDrop instance is targeted by a hostile state?

Targeted denial of service is the most common attack. Our anti-DDoS layer absorbs typical state-level volumetric attacks. Application-layer compromise requires keeping the SecureDrop install current with security patches.

Anonymous VPS for Whistleblowers and SecureDrop

Whistleblowers are the highest-risk users of anonymous infrastructure. A leaked document with a traceable origin can end a career, draw criminal prosecution under the US Espionage Act or equivalent foreign statutes, and in some jurisdictions endanger life. SecureDrop was designed precisely to break the link between source and journalist. Anubiz Host runs anonymous offshore VPS pre-configured for SecureDrop deployment: no identity collected at signup, crypto-only payment, Tor hidden service binding built into the default network stack.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Why SecureDrop Is the Standard

SecureDrop was developed by the Freedom of the Press Foundation specifically to defeat source identification. It runs as a Tor hidden service, requires no JavaScript on the source-facing interface, generates random codenames for sources, and air-gaps the journalist-side decryption from the public-facing intake server. Major newsrooms including The New York Times, The Guardian, The Washington Post, and ProPublica run SecureDrop instances precisely because no other system gives sources comparable assurances.

The infrastructure underneath SecureDrop matters as much as the application itself. Running SecureDrop on a hosting account registered to a real person undoes most of its value. The intake interface is anonymized but the operator is not. Anonymous offshore hosting closes that gap.

Deployment Architecture

A standard SecureDrop deployment on Anubiz uses at minimum two servers:

Application server: The Tor-facing source intake interface. Mini-V at $12/mo or Romania VPS I at $49.99/mo is sufficient for most newsrooms.
Monitor server: Runs the OSSEC monitoring for the application server. Can be Mini at $6/mo.

The journalist workstation is typically air-gapped and not hosted - decryption happens offline. The transit between Tor intake and journalist workstation uses encrypted USB media.

Both servers should run in different jurisdictions if budget allows. Iceland for the application server, Romania for the monitor server is a common pattern.

Operational Considerations for Newsrooms

A SecureDrop instance is a sustained operational commitment. Considerations:

Maintenance window: Tor hidden service descriptors need to be reachable. Plan downtime announcements via the public site, not via the SecureDrop instance.
Source education: Publish clear instructions for sources, ideally on the public site behind HSTS. Document Tor Browser setup and Tails OS use.
Submission triage: Decide how often the air-gapped workstation is used to decrypt submissions. Daily is typical for major outlets; weekly is acceptable for smaller newsrooms.
Codename management: Train all journalists who handle submissions to refer to sources only by codename in subsequent communications.
Hardening drills: Quarterly test of the intake-to-workstation pipeline with a test submission.

Pricing and Getting Started

Minimum SecureDrop deployment cost: $18 per month combining Mini-V for the app server and Mini for the monitor. We can pre-install SecureDrop on request if you provide a hardened base image checksum. The standard deployment guide from the Freedom of the Press Foundation works without modification on our Iceland and Romania offerings.

Read the investigative journalist guide and the corporate whistleblower guide for adjacent use cases. Browse plans to begin.

Related Services

Offshore VPS from $17.90/mo Dedicated Servers DevOps Services

Why Anubiz Host

100% async — no calls, no meetings

Delivered in days, not weeks

Full documentation included

Production-grade from day one

Security-first approach

Post-delivery support included

Bulletproof Hosting Providers

DMCA-Ignored Servers

Offshore VPS Hosting

Anonymous Hosting Solutions

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a Brief Anonymous VPS Plans