SecureDrop simplification (take 3)


Over the past few month I proposed ideas to simplify SecureDrop so it can better serve journalists and protect sources. There were discussions IRL, architecture and interface ideas. This is the third iteration which builds on what received positive feedback and attempts to address criticisms. There are three new ideas:

  • Create a new solution that includes SecureDrop. Simplifying SecureDrop itself to include a simpler system depending on what the source chooses is problematic because it has a reputation for offering the best possible security. That would create confusion. A new solution (let’s call it Enough) would instead provide a user friendly leak platform based on the Drop feature of Nextcloud (credits goes to Pierre Ozoux for the idea). And the source would be given the option to switch to SecureDrop if they need high security. If the source does not know what SecureDrop is, they do not need it because security is only effective if you understand it.

  • Include training material on security concepts. Journalists are not security experts but they learn over time and become good at it. There should be training material and self assessment in the leak platform itself so they can measure progress. For instance, when they become comfortable with 2FA, they can activate 2FA in the leak platform. When they tame Tor, they can activate the .onion URL of the leak platform.

  • Upgrade path to activate SecureDrop. Eventually, when users understand the key security concepts of SecureDrop, there should be a way to activate it. There is no need to setup SecureDrop from the start: it is enough to support its activation when and if there is a need. The activation can be done by following the documentation or via a support contract.

Moving forward with this idea and turning it into something concrete is going to take some time but I think it worth the effort. I plan to do the following.

  • Create a project called Enough (because it provide a level of security that is good enough) so it becomes more than a recurring thread in a forum. The domain name was registered today and is under the control of the SecureDrop Community
  • Learn how to use the User Research done so far to steer the project in the right direction
  • Fake it before we make it,
    • Set up .onion Nextcloud (this week-end) for an existing SecureDrop user (ask me which one if you’re interested, not a secret but not public either) for SecureDrop users to receive documents that do not need an air-gap machine. A training session is scheduled at the end of the month.
    • Two journalists were enthusiastic about it and I setup a dedicated Nextcloud server for each of them, explained how to use the Drop feature. I will get back to them on a regular basis to understand how they use it or why they do not.
  • Make a Nextcloud app which does nothing but explain how to use the standard Nextcloud Drop feature to get a minimal leak platform.
  • Find a Nextcloud hosting facility to maintain the server. My preference would be for if they are willing.
  • Find service providers to activate SecureDrop so an organization who does not have the staff to install SecureDrop can get help. AFAIK Freedom of the Press Foundation does not provide this all-included service. The OpenCraft team has the required skills and would have my preference, if they are willing.
  • Pitch the idea to collect feedback, criticisms and more people willing to try it for themselves. I will do that when visiting Vienna next month and when running the CIJ infosec clinic in June.

Ideas and criticism are welcome!

1 Like

For the record, super interesting questionnaire on the level of security a source needs