I did a journalist training with the following material:
- A secure viewing station USB key with a french passphrase
- A journalist USB key with a french passphrase and a KeePassX containing the user/password for the journalist interface
- A printed page with the QR code for the 2fa for the journalist
- A transfert key known to both the secure viewing station and the journalist USB key
- A refurbished ThinkPad T400S with the radio switch turned off on the side with BIOS configured to boot on the USB key first (and wiped out hard drive in case the USB times out)
- A HP DeskJet 1110 printer connected to the T400S
The volunteer is not a journalist, he is a game designer with strong technical knowledge. He never used Tails and had no previous experience with whistleblower platforms.
The journalist is first given an overview of the training session as follows: “you will start the machine with the journalist USB key to get documents sent by sources and store them on the transfer key, using the tor web browser. You will then shutdown the machine, remove the network cable and boot it on the secure viewing station to be able to decrypt the documents because it is the only place, disconnected from the net, where the secret key resides. To make sure you leave no trace, you will first move the documents from the transfer key to the secure viewing station. And only then will you decrypt them and discover what is inside”.
The journalist plugs in the journalist USB key, starts the T400S, and faces the initial tails prompt:
J: I suppose I should wait until it boots. I won’t try weird things now
After a few seconds:
J: it is slow.
When the greeter shows up, he selects the French keyboard layout but not the French language. He reads the passphrase and starts typing:
J: is it case sensitive ?
I answer that it is case sensitive (although I’m not sure really…) and he clears the input box and starts again. He starts making another mistake and noticed the Show passphrase button, clicked it and all went much better.
After unlocking the persistent volume, he quickly figured out by himself that clicking Start tails was the next step. He clicked on the dropbox icon. There was no feedback and he clicked another time. I told him to wait, two windows poped up, he killed one of them and kept the other. He asked about the passwords.
I asked him to open KeePassX and the only entry it contained to read the user/password for the journalist interface which he copied to the form. I handed him over the printed paper with the qrcode which he scanned with his iPhone, using Google Authenticator that was already installed. He typed the 6 digit code and was able login.
On the journalist lookup page he clicked immediately to download the only document that was there. And clicked save.
J: where is the file ?
Before I could answer he clicked again and saw amnesia / Persistent top left of the Save dialog.
J: where is amnesia ?
I told him he will find it by clicking “Places” then “Home” then “Persistent”. And that he should also open the transfert device with “Places” then “Transfert 1”. After he did that I told him to move the .zip from Persistent to Transfert. After he did the move, I told him to shutdown the machine. He first closed all windows then I had to explain that he should click top right and on the symbol to the bottom right.
I reminded him to remove the network cable before booting the secure viewing station to make sure it is not connected. After booting the secure viewing station I told him to open the transfert device with “Places” then “Transfert 1” and the secure viewing partition storage with “Places” then “Home” then “Persistent”.
J: I don’t understand where is the persistent storage of the secure viewing station ?
I explained the USB key is divided in two : one part for the system, the other for storage and to keep a few informations such as passwords or printer configurations. He then moved the .zip from the transfert device to the secure viewing station. He right clicked on the zip and then double click (or something I don’t remember but it worked the first time) to extract it. He then quickly navigated the first folder all the way down to the first .gpg file. Again he did the right thing the first time (I think it was right click decrypt).
J: but … the .gpg is still here ? Oh, there is the same document name with no .gpg next to it, that’s the encrypted version I assume.
He opened the text file and read the secret message. I asked him to print it and he found the Print button, saw there was just one printer and selected it. The text file printed ok.
J: so it means a given setup is prepared for a specific hardware and cannot really be copied over to various printers etc ?
I confirmed there are some hardcoded things to make the user experience simpler. I also asked him to open the other document. He navigated to the other .gpg and clicked his way to the image it contained, unmoved by the many layers which were all a matter of clicking the default action.
J: is that all ?
I explained that it was the routine the journalist had to perform to get the information, the really tedious and long term part of the job. Valuable information are rare and it is probably wise the journalist goes to the admin for another training session when and if it happens, to learn how to reply to the source and how to encrypt part of the documents to work on them outside of the secure viewing station.
I will prepare another session including the journalist / source dialog as well as the re-encryption of documents.