Google Summer of Code 2018 Ideas
SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by Freedom of the Press Foundation.
The project has a few different parts, the actual web application is a Python Flask application which gets deployed in the news organizations along with a monitoring service on a second computer. The admin and journalists access the system using separate laptops and Tails based USB sticks. The access to the application is only available over Tor network.
We use a gitter channel and a forum for all the communication related to the development of the project. We also have daily video stand up meetings at 18:00UTC. Any interested student should come to the gitter channel and say "Hi". The developers of the project are located in different timezones all across the world, so it may take sometime before someone replies on the channel.
Please make sure that you are joining the channel from a computer (than any mobile phone), it will help you to type easily. Also make sure that you type full English words than any SMS like language.
We maintain a full section of documents on how to get started with development of SecureDrop. Please start from there and ask any question you have in the gitter channel or the forum .
Please mention SecureDrop in the title of your student application. Use the student template from the PSF to write your application. Remember to showcase all of your previous Open Source contribution and also provide the URL of your blog.
The following are the project ideas we already have. Students can choose any of the following to work, or they can come the gitter channel mentioned above to discuss any new ideas.
- Description: We currently use Nagios to monitor source interfaces. We send alerts to SecureDrop administrators when we detect their source interfaces are down. Unfortunately the current approach leads to a lot of false positives, which causes admin frustration and confusion. The student’s project would be to develop an improved monitoring solution using the Tor stem library and integrate it into the securedrop.org directory (being migrated to Django).
- Skills required Python, Django, stem
- Difficulty level: Intermediate
- Related links to read: stem documentation
- Potential mentors: redshiftzero, kushaldas
- Description Rewrite ansible based package creation for the SecureDrop app into proper Debian GNU/Linux packages and submit them to Debian GNU/Linux. After the packages are part of the official Debian GNU/Linux distribution, propose them for integration in tails.
- Skills required Ansible, Python, Debian GNU/Linux packaging
- Difficulty level Intermediate
- Related links to read pdf-redact-tools added to Debian GNU/Linux, pdf-redact-tools package proposal to tails
- Potential mentors Loïc Dachary, heartsucker, kushaldas
- Description: The Debian packages used for SecureDrop are built from a signed git tag on the GitHub repository, then distributed via an apt repository. The package build process is not reproducible, however, so users who wish to verify the integrity of the packages beyond trusting the SecureDrop Release Signing Key cannot easily do so.
- Skills required Debian, packaging, diffoscope
- Difficulty level: Intermediate
- Related links to read
- Potential mentors: conorsch, kushaldas
- Description: SecureDrop currently encrypts submissions server-side. An attacker that is able to compromise the SecureDrop server can read submissions in server memory before submissions are written (encrypted) to disk. SecureDrop does not perform client-side cryptography, as we recommend sources to disable JavaScript, as it may be an attack vector to serve JavaScript-based exploits from an attacker-controlled server (a watering hole attack). However, if we used a browser extension (see one approach here) that for example, only executes code that is signed by a developer, then we could perform encryption client-side while preventing the execution of potentially malicious code, thus ensuring end-to-end encryption of SecureDrop submissions.
- Skills required JavaScript, cryptography, UI/UX
- Difficulty level: Hard
- Related links to read: SecureDrop issue #92: client-side crypto, Background on the use of JavaScript exploits to deanonymize Tor users
- Potential mentors: redshiftzero, emkll
A SecureDrop production deployment today currently utilizes a second physical instance dedicated to running ossec HIDS and sending out email alerts. The current design is frail and barrages the administrator with messages that are not directly actionable. Internally at FPF, we have a lot of experience with the ELK stack (Elasticsearch-Logstash-Kibana) coupled with Elastalert for generating actionable alerts. We need someone to go one step further, do further research, and integrate a HIDS (OSSEC the first likely candidate) into the system and get actionable alerts firing again!