Intro to SecureDrop, a sort-of Linux distro

Speaker: Kunal Mehta

Track: Security

Type: Long talk (45 minutes)

Room: Anamudi

Time: Sep 16 (Sat): 10:30

Duration: 0:45

SecureDrop is an open source whistleblower submission system built on top of Ubuntu/Debian/Tails. Originally created by the late Aaron Swartz, it’s now managed by the Freedom of the Press Foundation and deployed in newsrooms across the globe.

This talk will give an overview of the SecureDrop project, starting with the unique attributes like mandatory self-hosting, minimal metdata retention and encryption at rest. We’ll especially cover the interactions with Debian, including our struggles and successes with reproducible builds and (ab)uses of Debian packaging for our own benefit. Then we can examine at how it’s sort-of a Linux distro in that we manage our own kernel, installer, APT repos, etc., but don’t have the full infrastructure that proper distros do (e.g. no ISOs) and the pros and cons of adopting such an approach.

Finally we’ll look at where the project is headed in the future, including the SecureDrop Workstation project built on top of Qubes OS and Debian and next-generation server setup.

The intended audience is Debian contributors and other open source developers. Debian contributors should leave with a better understanding how Debian is used to build open source platforms that contribute to the public good. The audience should also have a sense of where the project is going and what potential contribution opportunities exist.