Signal integration

[eloquence]

Signal is widely used (and recommended by FPF) for end-to-end encrypted communications between journalists and sources, and within a newsroom. Qubes gives us the option to securely run Signal alongside the SecureDrop Client in one or multiple separate VMs.

This issue is to flesh out what a secure integration should look like, especially with an eye to:

• transferring content received via SecureDrop to a Signal VM for sharing with another journalists
• reviewing files received via Signal in a disposable VM
• other requirements for managing a Signal tipline from within Qubes (likely to be split into separate issues)

[zenmonkeykstop]

Summarising @rocodes thoughts:

• sanitization is a very good idea to reduce the risk of sharing malware via Signal and potentially compromising phones
• provisioning story should be better (this is an overall requirement)

My thoughts:

• this conflates a bunch of issues IMO, scoping the "export to Signal" and "managing a tipline in Qubes" bits separately is a strong SHOULD.