Google Summer of Code 2018 Ideas

About SecureDrop project

SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by Freedom of the Press Foundation.

The project has a few different parts, the actual web application is a Python Flask application which gets deployed in the news organizations along with a monitoring service on a second computer. The admin and journalists access the system using separate laptops and Tails based USB sticks. The access to the application is only available over Tor network.

Contacting the developers and rest of the community

We use a gitter channel and a forum for all the communication related to the development of the project. We also have daily video stand up meetings at 18:00UTC. Any interested student should come to the gitter channel and say "Hi". The developers of the project are located in different timezones all across the world, so it may take sometime before someone replies on the channel.

Getting started with development of SecureDrop

We maintain a full section of documents on how to get started with development of SecureDrop. Please start from there and ask any question you have in the gitter channel or the forum .

Tips for writing GSoC application

Please mention SecureDrop in the title of your student application. Use the student template from the PSF to write your application.

Project Ideas

The following are the project ideas we already have. Students can choose any of the following to work, or they can come the gitter channel mentioned above to discuss any new ideas.

Add SecureDrop packages to Debian GNU/Linux and tails

• Description Rewrite ansible based package creation for the SecureDrop app into proper Debian GNU/Linux packages and submit them to Debian GNU/Linux. After the packages are part of the official Debian GNU/Linux distribution, propose them for integration in tails.

• Skills required Ansible, Python, Debian GNU/Linux packaging

• Difficulty level Intermediate

• Related links to read pdf-redact-tools added to Debian GNU/Linux, pdf-redact-tools package proposal to tails

• Potential mentors Loïc Dachary, heartsucker, kushaldas

Reproducible builds for SecureDrop Debian packages

• Description: The Debian packages used for SecureDrop are built from a signed git tag on the GitHub repository, then distributed via an apt repository. The package build process is not reproducible, however, so users who wish to verify the integrity of the packages beyond trusting the SecureDrop Release Signing Key cannot easily do so.
• Skills required Debian, packaging, diffoscope
• Difficulty level: Intermediate
• Related links to read
• Potential mentors:

conorsch kushaldas

Improve monitoring of SecureDrop source interfaces

• Description: We currently use Nagios to monitor source interfaces. We send alerts to SecureDrop administrators when we detect their source interfaces are down. Unfortunately the current approach leads to a lot of false positives, which causes admin frustration and confusion. The student’s project would be to develop an improved monitoring solution using the Tor stem library and integrate it into the securedrop.org directory (being migrated to Django).
• Skills required Python, Django, stem
• Difficulty level: Intermediate
• Related links to read
• Potential mentors: redshiftzero, kushaldas