-
Notifications
You must be signed in to change notification settings - Fork 690
Google Summer of Code 2018 Ideas
SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by Freedom of the Press Foundation.
The project has a few different parts, the actual web application is a Python Flask application which gets deployed in the news organizations along with a monitoring service on a second computer. The admin and journalists access the system using separate laptops and Tails based USB sticks. The access to the application is only available over Tor network.
We use a gitter channel and a forum for all the communication related to the development of the project. We also have daily video stand up meetings at 18:00UTC. Any interested student should come to the gitter channel and say "Hi". The developers of the project are located in different timezones all across the world, so it may take sometime before someone replies on the channel.
We maintain a full section of documents on how to get started with development of SecureDrop. Please start from there and ask any question you have in the gitter channel or the forum .
Please mention SecureDrop in the title of your student application. Use the student template from the PSF to write your application.
The following are the project ideas we already have. Students can choose any of the following to work, or they can come the gitter channel mentioned above to discuss any new ideas.
- Description Rewrite ansible based package creation for the SecureDrop app into proper Debian GNU/Linux packages and submit them to Debian GNU/Linux.
After the packages are part of the official Debian GNU/Linux distribution, propose them for integration in tails.
- Skills required
- Ansible
- Python
- Debian GNU/Linux packaging
- Difficulty level
Intermediate
- Related links to read
- Potential mentors
Loïc Dachary heartsucker kushaldas
- Description: The Debian packages used for SecureDrop are built from a signed git tag on the GitHub repository, then distributed via an apt repository. The package build process is not reproducible, however, so users who wish to verify the integrity of the packages beyond trusting the SecureDrop Release Signing Key cannot easily do so.
- Skills required Debian, packaging, diffoscope
- Difficulty level: Intermediate
- Related links to read
- Potential mentors:
- Description: We currently use Nagios to monitor source interfaces. We send alerts to SecureDrop administrators when we detect their source interfaces are down. Unfortunately the current approach leads to a lot of false positives, which causes admin frustration and confusion. The student’s project would be to develop an improved monitoring solution using the Tor stem library and integrate it into the securedrop.org directory (being migrated to Django).
- Skills required Python, Django, stem
- Difficulty level: Intermediate
- Related links to read
- Potential mentors: redshiftzero, kushaldas