From a SecureDrop talk to the first edition of the privacy devroom at FOSDEM


Only this year did I fully understand what motivates so many people to devote their free time to making FOSDEM a success, year after year. As surprising as it sounds, organizing the privacy devroom and standing at the booth was better than just visiting, chatting and attending talks. A big part of that good feeling certainly comes from the excellent organization. Accidents happened, of course, but they were resolved quickly. And ancient Free Software was used with clunky interfaces but nothing got in the way and people used to it help the newcomers. As a Free Software developer, this sets a fine example of the feeling we would like to provide to every contributor of our code base. When participating is more enjoyable than passively using, we’re one step closer to contributopia.

Continue reading “From a SecureDrop talk to the first edition of the privacy devroom at FOSDEM”

HOWTO Anonymous mobile in Paris

Using a mobile anonymously with encrypted messages and voice is challenging. With Signal text and voice are encrypted but it sends your contacts to Signal which makes me uncomfortable. With Orfox you can browse the web without revealing your IP address but the GSM module tracks your location.

With a small budget you can however buy a second hand mobile and dedicate it to anonymous communications, as long as you remove its battery when you’re not in a public place. You do not leak your contacts to Signal and the GSM module tracks a SIM card that is not associated with you. Here is a detailed description of the preparation of an anonymous phone I did today. This is not rocket science and I’m sure lots of people already know all of that. But I did not find a HOWTO and it took me some time to figure it out.

Continue reading “HOWTO Anonymous mobile in Paris”

HOWTO vagrant libvirt provider on Debian GNU/Linux stretch/9

vagrant is the default virtualization development environment for SecureDrop. When starting with a new Debian GNU/Linux 9, installing the dependencies to get vagrant to run with the libvirt provider instead of the default virtualbox can be done as follows:

sudo apt-get update
sudo apt-get install -y vagrant vagrant-libvirt libvirt-daemon-system qemu-kvm
sudo apt-get install -y nfs-common nfs-kernel-server ebtables dnsmasq
sudo apt-get install -y ansible rsync
vagrant plugin install vagrant-libvirt
sudo usermod -a -G libvirt debian
newgrp libvirt
sudo systemctl restart libvirtd

The current user (debian) must belong to some groups to get permission to run accelerated (assuming intel) kernel virtualization:

sudo usermod -a -G kvm debian
newgrp kvm
sudo rmmod kvm_intel
sudo rmmod kvm
sudo modprobe kvm
sudo modprobe kvm_intel

To convert a virtualbox image so it can be used by libvirt

sudo apt-get install -y vagrant-mutate
vagrant box add --provider virtualbox bento/ubuntu-14.04
vagrant mutate bento/ubuntu-14.04 libvirt

To make it the default for the current user

echo 'export VAGRANT_DEFAULT_PROVIDER=libvirt' >> ~/.bashrc

It should now be possible to start the SecureDrop development virtual machine with:

git clone http://lab.securedrop.club/main/securedrop.git
cd securedrop
export VAGRANT_DEFAULT_PROVIDER=libvirt
vagrant up development

Run SecureDrop tests without Vagrant

Assuming a virgin installation of Ubuntu 14.04, the SecureDrop repository and its dependencies can be installed with the following:

sudo apt-get update
sudo apt-get install -y python-virtualenv git
sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev
virtualenv /tmp/v
source /tmp/v/bin/activate
pip install --upgrade pip # so it is able to get binary wheels
pip install ansible # so we have version 2+

git clone http://github.com/freedomofpress/securedrop
cd securedrop

cat > /tmp/inventory <<EOF
[development]
localhost
[securedrop_application_server]
localhost
[securedrop:children]
securedrop_application_server
EOF

ansible-playbook -vvvv \
       -e securedrop_repo=$(pwd) \
       -e non_default_securedrop_user=ubuntu \
       -e non_default_securedrop_code=$(pwd)/securedrop \
       -i /tmp/inventory -c local \
       install_files/ansible-base/securedrop-development.yml

And the tests can then be run with

$ cd securedrop
$ DISPLAY=:1 pytest -v tests