Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for file conversion and metadata removal #26

Open
redshiftzero opened this issue Sep 14, 2017 · 4 comments
Open

Add support for file conversion and metadata removal #26

redshiftzero opened this issue Sep 14, 2017 · 4 comments
Labels
enhancement
Milestone
Post-Beta

Comments

@redshiftzero
Copy link
Contributor

We need to make sure that documents exported from the SecureDrop workstation onto the regular journalist's workstation for publication have malware and metadata removed from them.

Copying from SecureDrop server side ticket freedomofpress/securedrop#543:

  1. qvm-convert-pdf does convert images (to PDFs) as well using DispVMs, though the "convert to trusted PDF" option does not appear unless you add the .PDF suffix to the file
  2. there is actually already a variant of this for images qvm-convert-img (not installed by default, but I tried it out and it works great) that you can install in Qubes to go directly from e.g. PNG to trusted PNG using the same opening in a DispVM approach

Also see relevant upstream ticket: freedomofpress/securedrop#160
This was referenced Sep 14, 2017
Closed
Closed
@DonnchaC DonnchaC mentioned this issue Nov 30, 2017
Closed
@redshiftzero redshiftzero added this to the MVP milestone Feb 16, 2018
@redshiftzero
Copy link
Contributor Author

In addition to removing metadata, part of this workflow is just physically getting documents off the workstation. Here are three basic ways, the first two which are currently used by journalists using Tails in SecureDrop:

  1. Print the document: Journalists should be able to continue to use SecureDrop-dedicated printers for printing documents to share in the newsroom. If spooky random printer drivers from the internet need to be installed, this should occur in a separate VM.
  2. Transfer using USB drive: Journalists should be able to connect a USB drive (using USB passthrough) to transfer documents. The UX is going to be a bit gnarly here at first.
  3. Onionshare: This is a nice possibility now that we're using an internet connected workstation.

@eloquence eloquence modified the milestones: 0.1.0alpha, 0.1.0beta Oct 31, 2018
@eloquence
Copy link
Member

This is now out of scope for the alpha; we will merely provide documentation for the intended export workflow(s) for audit review. See also the related client issue: freedomofpress/securedrop-client#21

@eloquence eloquence changed the title Workflow for exporting documents from the SecureDrop workstation for publication Add support for file conversion and metadata removal Jul 17, 2019
@eloquence
Copy link
Member

The print/export portion of this is tracked in this epic:
#290

@eloquence eloquence mentioned this issue Jul 22, 2020
Closed
@eloquence eloquence mentioned this issue Oct 23, 2020
Closed
@zenmonkeykstop
Copy link
Contributor

A proposal for this is in play, most likely leveraging Dangerzone. Leaving open for now. Some questions remain about metadata handling (for example, "silently scrub vs. report any found?").

cfm pushed a commit that referenced this issue Apr 1, 2024
@eaon
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
92ade02 
Update git url parsing and readme
cfm pushed a commit that referenced this issue Apr 17, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
9fee6fb 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 17, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
e9f90a4 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 17, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
184351e 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 17, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
553efcb 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 22, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
ad737f9 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 22, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
7d6e4b0 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 22, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
531f47d 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 23, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
41de686 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 23, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
ae7c7ff 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
cfm pushed a commit that referenced this issue Apr 24, 2024
@eaon @cfm
Merge pull request #26 from freedomofpress/any-remote-in-a-storm
ef52675 
Update git url parsing and readme

(cherry picked from commit freedomofpress/securedrop-updater@92ade02)
@zenmonkeykstop zenmonkeykstop moved this to Cycle Backlog in SecureDrop dev cycle May 16, 2024
@rocodes rocodes mentioned this issue Jul 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
SecureDrop dev cycle
Status: Cycle Backlog
Milestone
Post-Beta
Development

No branches or pull requests
3 participants
@eloquence @zenmonkeykstop @redshiftzero