Dangerzone for Qubes (alpha version) Available (Qubes Trusted PDF cousin)

Hi all! (Taking off my forum moderator hat for a moment)

As some of you may know, I’m one of the developers of Dangerzone, the cross-platform Qubes Trusted PDF cousin, originally developed by Micah Lee and taken under Freedom of the Press Foundation (FPF) since 2022. We recently started working on Dangerzone’s Qubes integration and I wanted to share some updates and welcome testers for our alpha version.

For some background, Dangerzone essentially reimplements Qubes Trusted PDF but cross-platform, using containers. It does however have some features beyond Qubes Trusted PDF, particularly OCR support (to make the final doc searchable), PDF compression, offline conversion by default and supporting multiple file types (images and documents).

The alpha Qubes support is already out, which means that Dangerzone can work in Qubes natively, using disposable qubes instead of containers for conversions. There are two caveats, though:

  • it requires manual instalation from source, and configuring a diposable qube (subject to change)
  • we have not yet implemented security “guard rails”, so please use only with documents you trust :warning:

Want to help testing?

Follow these instructions. If you encounter problems, report them on our bug tracker and give us feedback here or on our Github Forum.

Next Steps

Now we’re working on the beta version which will make Dangerzone available as a package and close some of the implementation gaps, particularly making sure we handle errors correctly and adding timeouts.

Then, we’ll work towards the stable version. This will be focused on thinking more systematically about the multi-VM architecture of Dangerzone, in particular how we can make it easier to install and maintain. I have shared some thoughts on this already on the forum but more is to come.

SecureDrop Workstation Integration

An additional goal is to integrate Dangerzone with FPF’s Qubes-based SecureDrop Workstation to add document santization to journalists’ workflow when exporting files to less safe systems in the newsroom. Dangerzone will keep being a standalone project but just have this extra integration.

18 Likes

This is great. It was always a bummer for me to lose the OCR on the pdf docs after I sanitize them in qubes.

4 Likes

Hi, I checked out github. As it appears you have an integration for fedora templates. Are you planning one for debian templates as well?

This would be just great!

But, can you please explain how you provided this in a safely manner, something like Joanna explained Qubes Trusted PDF here

I’ve overrided this by keeping both .trusted and .untrusted files. When I need security, I use former, when I need conveience, I use the latter one in offline dispvm. Yes, I know, overhead, but that’s the price I’m (now was?) ready to pay for it. :laughing:

1 Like

On Qubes it has pretty much the same security properties. Just more formats and OCR.

But on non-Qubes systems recently gVisor was added Safe Ride into the Dangerzone: Reducing attack surface with gVisor to be able to get a bit closer to the isolation VMs provide. It is not the same, of course.