The Next Generation of SecureDrop (Qubes-based)

The SecureDrop Workstation is probably the most epic project build on top of Qubes so far. It’s the next generation of secure whistle-blowing platform SecureDrop that leverages Qubes’ architecture to provide both convenience and security to journalists when viewing submissions made by anonymous sources (a hell of a lot of DispVMs, and proxy connections, whonix, etc…)

Demo | The Next Generation of SecureDrop: A Virtual Event by FPF

Check out this youtube video made by FPF on August 2020:

Architecture | Next-Generation SecureDrop: Protecting Journalists from Malware

A presentation by Jennifer Helsby back in March 2020 where she introduces the architecture. See it here.

Read more on the architecture from the whitepaper:

Resources

Securedrop-workstation related code repos

SecureDrop Workstation
SaltStack config that deploys the whole thing (main repo)

SecureDrop Client
Qt-based client for working with SecureDrop submissions on the SecureDrop Qubes Workstation

SecureDrop Proxy
Qubes RPC proxy service for the SecureDrop Client

SecureDrop Export
code for exporting from the securedrop qubes workstation

securedrop-debian-packaging
Packaging logic for building SecureDrop-related Debian packages

This is a great project!

I see that it uses a grsecurity kernel in the appvm. Maybe this can be integrated into Qubes so the (perhaps optional) feature is available to all users of Qubes OS.

1 Like

Small context on this:

Ah thanks for the clarification.

1 Like