Journalist training feedback


I did a journalist training with the following material:

  • A secure viewing station USB key with a french passphrase
  • A journalist USB key with a french passphrase and a KeePassX containing the user/password for the journalist interface
  • A printed page with the QR code for the 2fa for the journalist
  • A transfert key known to both the secure viewing station and the journalist USB key
  • A refurbished ThinkPad T400S with the radio switch turned off on the side with BIOS configured to boot on the USB key first (and wiped out hard drive in case the USB times out)
  • A HP DeskJet 1110 printer connected to the T400S

The volunteer is not a journalist, he is a game designer with strong technical knowledge. He never used Tails and had no previous experience with whistleblower platforms.

The journalist is first given an overview of the training session as follows: “you will start the machine with the journalist USB key to get documents sent by sources and store them on the transfer key, using the tor web browser. You will then shutdown the machine, remove the network cable and boot it on the secure viewing station to be able to decrypt the documents because it is the only place, disconnected from the net, where the secret key resides. To make sure you leave no trace, you will first move the documents from the transfer key to the secure viewing station. And only then will you decrypt them and discover what is inside”.

The journalist plugs in the journalist USB key, starts the T400S, and faces the initial tails prompt:

J: I suppose I should wait until it boots. I won’t try weird things now :wink:

After a few seconds:

J: it is slow.

When the greeter shows up, he selects the French keyboard layout but not the French language. He reads the passphrase and starts typing:

J: is it case sensitive ?

I answer that it is case sensitive (although I’m not sure really…) and he clears the input box and starts again. He starts making another mistake and noticed the Show passphrase button, clicked it and all went much better.

After unlocking the persistent volume, he quickly figured out by himself that clicking Start tails was the next step. He clicked on the dropbox icon. There was no feedback and he clicked another time. I told him to wait, two windows poped up, he killed one of them and kept the other. He asked about the passwords.

I asked him to open KeePassX and the only entry it contained to read the user/password for the journalist interface which he copied to the form. I handed him over the printed paper with the qrcode which he scanned with his iPhone, using Google Authenticator that was already installed. He typed the 6 digit code and was able login.

On the journalist lookup page he clicked immediately to download the only document that was there. And clicked save.

J: where is the file ?

Before I could answer he clicked again and saw amnesia / Persistent top left of the Save dialog.

J: where is amnesia ?

I told him he will find it by clicking “Places” then “Home” then “Persistent”. And that he should also open the transfert device with “Places” then “Transfert 1”. After he did that I told him to move the .zip from Persistent to Transfert. After he did the move, I told him to shutdown the machine. He first closed all windows then I had to explain that he should click top right and on the symbol to the bottom right.

I reminded him to remove the network cable before booting the secure viewing station to make sure it is not connected. After booting the secure viewing station I told him to open the transfert device with “Places” then “Transfert 1” and the secure viewing partition storage with “Places” then “Home” then “Persistent”.

J: I don’t understand where is the persistent storage of the secure viewing station ?

I explained the USB key is divided in two : one part for the system, the other for storage and to keep a few informations such as passwords or printer configurations. He then moved the .zip from the transfert device to the secure viewing station. He right clicked on the zip and then double click (or something I don’t remember but it worked the first time) to extract it. He then quickly navigated the first folder all the way down to the first .gpg file. Again he did the right thing the first time (I think it was right click decrypt).

J: but … the .gpg is still here ? Oh, there is the same document name with no .gpg next to it, that’s the encrypted version I assume.

He opened the text file and read the secret message. I asked him to print it and he found the Print button, saw there was just one printer and selected it. The text file printed ok.

J: so it means a given setup is prepared for a specific hardware and cannot really be copied over to various printers etc ?

I confirmed there are some hardcoded things to make the user experience simpler. I also asked him to open the other document. He navigated to the other .gpg and clicked his way to the image it contained, unmoved by the many layers which were all a matter of clicking the default action.

J: is that all ?

I explained that it was the routine the journalist had to perform to get the information, the really tedious and long term part of the job. Valuable information are rare and it is probably wise the journalist goes to the admin for another training session when and if it happens, to learn how to reply to the source and how to encrypt part of the documents to work on them outside of the secure viewing station.

I will prepare another session including the journalist / source dialog as well as the re-encryption of documents.


After training a real journalist today, here are the main suggestions:

  • What about journalist notification every day no matter what there is ?
  • Why does the transfer key changes name (from 7.7GB encrypted key to transfert key number one or something) ? This is because the name is encrypted but … it needs to be explained.
  • Why not use the journalist key for transfert ? Fair point: either use DVD or the transfer key is not really mandatory.

After training an activist working with whistleblowers, here is the only suggestion:

After training a real journalist today, here are the main suggestions. The journalist was observed while she was going to the journalist interface, getting the documents and transferring them to the secure viewing station. There was initially some confusion because she thought the source gave the journalist the USB key (i.e. the journalist USB key). She suggested that it is stated more clearly that the media organization provides the journalist USB key as well as the SVS key.

  • There was a confusion between the journalist USB key passphrase and the journalist password used to access the journalist interface.
  • Remember to wait for the Drop icon (the Onion icon really but confused to be a droplet :wink: to not have the cross, indicating the network is available.
  • Using KeePassX is a massive source of confusion on all possible levels: the UI is horrible.
  • It is confusing that the tor browser asks where the downloaded documents should be stored because there really is no choice: all other locations are forbidden.
  • In Places the name of the transfert key does not show initially, it must be clicked to be mounted which is a weird extra step, specially because it changes name.
  • To switch off the computer, it is not trivial to remember where this happens (the switch off the network was confused to be a way to switch off the computer).