Summary
The internet has made it easier than ever to share information, but at the same time it has increased our ability to track that information. In order to ensure that news agencies are able to accept truly anonymous material submissions from whistelblowers, the Freedom of the Press foundation has supported the ongoing development and maintenance of the SecureDrop platform. In this episode core developers of the project explain what it is, how it protects the privacy and identity of journalistic sources, and some of the challenges associated with ensuring its security. This was an interesting look at the amount of effort that is required to avoid tracking in the modern era.
Announcements
- Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
- When you’re ready to launch your next app or want to try a project you hear about on the show, you’ll need somewhere to deploy it, so take a look at our friends over at Linode. With 200 Gbit/s private networking, scalable shared block storage, node balancers, and a 40 Gbit/s public network, all controlled by a brand new API you’ve got everything you need to scale up. And for your tasks that need fast computation, such as training machine learning models, they just launched dedicated CPU instances. Go to pythonpodcast.com/linode to get a $20 credit and launch a new server in under a minute. And don’t forget to thank them for their continued support of this show!
- You listen to this show to learn and stay up to date with the ways that Python is being used, including the latest in machine learning and data analysis. For even more opportunities to meet, listen, and learn from your peers you don’t want to miss out on this year’s conference season. We have partnered with organizations such as O’Reilly Media, Dataversity, Corinium Global Intelligence, and Data Council. Upcoming events include the O’Reilly AI conference, the Strata Data conference, the combined events of the Data Architecture Summit and Graphorum, and Data Council in Barcelona. Go to pythonpodcast.com/conferences to learn more about these and other events, and take advantage of our partner discounts to save money when you register today.
- Your host as usual is Tobias Macey and today I’m interviewing Jen Helsby and Kushal Das about SecureDrop, a secure platform for submitting and receiving documents anonymously
Interview
- Introductions
- How did you get introduced to Python?
- Can you start by describing what SecureDrop is and how it got started?
- How did you get involved in the project?
- Can you give some background on where and why it is useful?
- For someone using a running instance, what does their workflow look like?
- What are some of the ways that you minimize user experience hurdles to prevent them from circumventing the security through laziness or apathy?
- I was a bit surprised to see the references to the messaging system that is included. Why is that an important feature?
- What form do the submissions generally take and what are the limits on formats that you can accept?
- How is the system itself architected and how has the design evolved since the first implementation?
- In terms of the security protocols and technologies that are implemented, what factors are you considering as you develop the project?
- What are the weak points or edge cases that could lead to compromise and how do you guard against them?
- In terms of the deployment and maintenance of a SecureDrop instance, how much technological sophistication is necessary for the organization running it, and how much effort do you put into simplifying it?
- What are some of the notable uses of a SecureDrop deployment and what motivates you to continue working on it?
- What are the most interesting/innovative/unexpected uses of SecureDrop that you have seen?
- How do you approach the sustainability of the platform?
- What have you found most challenging/interested/unexpected in your work on SecureDrop?
- What is in store for the future of the project?
Keep In Touch
- Jen
- @redshiftzero on Twitter
- redshiftzero on GitHub
- Blog
- Kushal
- Website
- @kushaldas on Twitter
- kushaldas on GitHub
Picks
- Tobias
- Laser Tag
- Kushal
- Permanent Record by Edward Snowden
- Jen
- Permanent Record by Edward Snowden
Closing Announcements
- Thank you for listening! Don’t forget to check out our other show, the Data Engineering Podcast for the latest on modern data management.
- Visit the site to subscribe to the show, sign up for the mailing list, and read the show notes.
- If you’ve learned something or tried out a project from the show then tell us about it! Email hosts@podcastinit.com) with your story.
- To help other people find the show please leave a review on iTunes and tell your friends and co-workers
- Join the community in the new Zulip chat workspace at pythonpodcast.com/chat
Links
- SecureDrop
- Aaron Swartz
- Freedom Of The Press Foundation
- SecureDrop Directory
- TOR Browser
- TOR == The Onion Router
- Tails OS
- Ubuntu
- IDS == Intrusion Detection System
- Ansible
- DEF CON
- Mozilla Open Source Support (MOSS)
- Testinfra
- Flask
- Molecule unit test library for Ansible
- Bandit
- Safety
- Qubes OS
- Qt
The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA
Information
- Show
- PublishedSeptember 10, 2019 at 1:00 AM UTC
- Length38 min
- Episode228
- RatingClean