The SecureDrop Workstation is probably the most epic project build on top of Qubes so far. It’s the next generation of secure whistle-blowing platform SecureDrop that leverages Qubes’ architecture to provide both convenience and security to journalists when viewing submissions made by anonymous sources (a hell of a lot of DispVMs, and proxy connections, whonix, etc…)
Demo | The Next Generation of SecureDrop: A Virtual Event by FPF
Check out this youtube video made by FPF on August 2020:
Architecture | Next-Generation SecureDrop: Protecting Journalists from Malware
A presentation by Jennifer Helsby back in March 2020 where she introduces the architecture. See it here.
Read more on the architecture from the whitepaper:
Resources
- Piloting SecureDrop Workstation for Qubes OS (February 26, 2020)
- Deploying SecureDrop staging instance on Qubes (docs)
- SecureDrop docs
- Join SecureDrop’s chat
- Donate to FPF to support the development of SecureDrop Workstation
Securedrop-workstation related code repos
SecureDrop Workstation
SaltStack config that deploys the whole thing (main repo)
SecureDrop Client
Qt-based client for working with SecureDrop submissions on the SecureDrop Qubes Workstation
SecureDrop Proxy
Qubes RPC proxy service for the SecureDrop Client
SecureDrop Export
code for exporting from the securedrop qubes workstation
securedrop-debian-packaging
Packaging logic for building SecureDrop-related Debian packages