The Open Source Whistleblower system

Nullcon19

@kushaldas

https://securedrop.org

@kushaldas

@kushaldas

Journalist

A journalist is a person who collects, writes, or distributes news or other current information to the public.

Whistleblower

A whistleblower is a person who exposes any kind of information or activity that is deemed illegal, unethical, or not correct within an organization that is either private or public.

@kushaldas

@kushaldas

@kushaldas

@kushaldas

@kushaldas

@kushaldas

@kushaldas

@kushaldas

@kushaldas

@kushaldas

@kushaldas

Source

Journalist

Airgapped SVS

@kushaldas

Application Server

@kushaldas

Back in 2013

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.

Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

@kushaldas

OPSEC

  • FPF provides digital security training
  • SecureDrop is not only an application

Operating system

+

Applications
+
Physical + Legal access
+

Human OPSEC

Support from FPF 

@kushaldas

Landing page & servers

  • Use HTTPS
  • No subdomain
  • No third party tracker or JS

Standard server hardening steps

@kushaldas

securedrop-workstation

@kushaldas

How to contribute?

  • https://github.com/freedomofpress/securedrop
  • https://docs.securedrop.org
  • Gitter chat to talk to other contributors
  • Daily standup video call
  • UX discussions

@kushaldas

A special tribute

@kushaldas

Links to various images used from Wikipedia

  • https://commons.wikimedia.org/wiki/File:Antu_folder-cloud.svg
  • https://commons.wikimedia.org/wiki/File:Gateway_firewall.svg
  • https://commons.wikimedia.org/wiki/File:GnuPG-Logo.svg
  • https://en.wikipedia.org/wiki/File:Cloud_computing.svg
  • https://commons.wikimedia.org/wiki/File:Gartoon_actions_1leftarrow.svg
  • https://commons.wikimedia.org/wiki/File:Key-311738.svg
  • https://commons.wikimedia.org/wiki/File:Antu_folder-cloud.svg
  • https://en.wikipedia.org/wiki/File:Tor-logo-2011-flat.svg
  • https://en.wikipedia.org/wiki/File:Laptop.svg
  • https://commons.wikimedia.org/wiki/File:CD_icon_test.svg
  • https://commons.wikimedia.org/wiki/File:Usbdrive_icon.svg

@kushaldas

Thank you

Slides ideas from: Jennifer Helsby & Conor Schaefer

SecureDrop (at Tor meetup)

By dascommunity

SecureDrop (at Tor meetup)

  • 924