Tweet
Tweet

Slide 1

Slide 1 text

Anonymous Whistleblowing with SecureDrop Jennifer Helsby (@redshiftzero) SecureDrop Lead Developer Mozilla Festival 2017 SecureDrop Release Signing Key Fingerprint: 2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77

Slide 2

Slide 2 text

What you’ll leave with • An understanding of the challenges journalists face keeping sources safe • A high-level view of the SecureDrop architecture • You’ll have leaked your first document • An understanding of how you can contribute your skills to SecureDrop if you wish • Discussion and questions

Slide 3

Slide 3 text

Some of the most important stories in investigative journalism have come from whistleblowers.

Slide 4

Slide 4 text

picture of all the presidents men In the past, journalists could protect their sources by simply not revealing their identities when asked Still from “All the Presidents Men”, a film adaptation of Carl Bernstein and Bob Woodward’s reporting on the Watergate break-in

Slide 5

Slide 5 text

GCHQ surveillance base in Bude, UK. Image credit: Trevor Paglen “SecureDrop restores the effectiveness of a reporter’s privilege to protect their sources through principled non-cooperation—such as refusing to testify in court—whereas pervasive digital surveillance has made this gesture effectively moot over the last decade.” - Charles Berret, Tow Center for Digital Journalism Report on SecureDrop

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

SecureDrop • No third parties: Each organization using SecureDrop operates its own independent instance • Encrypts data in transit and in rest • Minimizes metadata trail between sources and journalists • System hardening to protect against hackers • Free and open-source

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

Current SecureDrop Team our Ford-Mozilla Open Web Fellow! + contributors prototyping next generation SecureDrop workstation

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

… more at https://securedrop.org/directory

Slide 12

Slide 12 text

How do sources find out about SecureDrop?

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

You should download and use Tor Browser to stay anonymous online and provide cover for those that rely on Tor to stay safe. https://torproject.org

Slide 19

Slide 19 text

How does SecureDrop work?

Slide 20

Slide 20 text

SecureDrop server Source A source submits documents to an organization’s SecureDrop server

Slide 21

Slide 21 text

“Source interface”: Web application running on a Tor onion service (*.onion) advertised by the news organization

Slide 22

Slide 22 text

SecureDrop server Source They are stored encrypted on the SecureDrop server.

Slide 23

Slide 23 text

SecureDrop server Journalist A journalist logs in to SecureDrop to look at recent submissions.

Slide 24

Slide 24 text

“Journalist interface”: Web application running on an authenticated Tor onion service kept secret

Slide 25

Slide 25 text

SecureDrop server Journalist She downloads the encrypted documents.

Slide 26

Slide 26 text

SecureDrop server Journalist She downloads the encrypted documents.

Slide 27

Slide 27 text

Journalist Secure Viewing Station She moves the encrypted documents to a special computer used for viewing SecureDrop submissions.

Slide 28

Slide 28 text

Journalist Secure Viewing Station This air-gapped computer contains the decryption key for the documents.

Slide 29

Slide 29 text

Journalist Secure Viewing Station The journalist decrypts the documents.

Slide 30

Slide 30 text

Journalist Secure Viewing Station She reads them and can publish stories based on their content!

Slide 31

Slide 31 text

No content

Slide 32

Slide 32 text

Now it’s your turn 1. Download Tor Browser from: https://torproject.org 2. Go to pu7yqpfi5cn6sow7.onion and submit a document or message!

Slide 33

Slide 33 text

How you can help

Slide 34

Slide 34 text

Localization

Slide 35

Slide 35 text

Help us translate SecureDrop! • Get started translating SecureDrop: https://weblate.securedrop.club • Join our community forum: https://forum.securedrop.club https://www.localizationlab.org/

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

Internet-connected VM Disposable VM not connected to the internet Journalist Workstation

Slide 38

Slide 38 text

Help us write code or documentation for SecureDrop! • Install SecureDrop: https://docs.securedrop.org/en/stable/overview.html • Help us develop SecureDrop: • Developer documentation: https://docs.securedrop.org/en/latest/development/ getting_started.html • Server code and documentation: https://github.com/freedomofpress/securedrop • Journalist Workstation: https://github.com/freedomofpress/securedrop- workstation • Developer mailing list: [email protected]

Slide 39

Slide 39 text

Thanks • Please come and talk to one of us after if you are interested in helping out! • Translation: https://weblate.securedrop.club • Code and documentation: https://github.com/freedomofpress/securedrop and https://github.com/freedomofpress/securedrop-workstation • Chat with us: • https://forum.securedrop.club (forum) • https://gitter.im/freedomofpress/securedrop (team chat) • [email protected] • Donate: https://securedrop.org/donate • Follow: @SecureDrop and @FreedomOfPress