securedrop-client icon indicating copy to clipboard operation
securedrop-client copied to clipboard
verified publisher icon freedomofpress

Consider adding support for opening links in networked dvm

Open eloquence opened this issue 5 years ago • 1 comments

When a source sends a URL that accompanies a submission, journalists may want to visit it securely.

Right now, URLs are rendered as plain-text, and the journalist has to manually copy and paste them into a secure environment, such as a networked disposable VM. This means we rely on the journalist/admin to prepare such a secure environment, which introduces a risk for security mistakes.

Some open questions to seed discussion, if we agree that this is a desirable feature in principle:

  • Should a security warning be displayed the first time / every time?
  • Should the link be opened in a networked disposable VM with Tor, or in a disposable VM without Tor? Or should both be available?
  • If we use Tor Browser, can we rely on existing update mechanisms to keep it up-to-date?
  • What, if any, mechanisms do we need to implement to guard against specific strategies for spoofing addresses (e.g. via homograph attacks), suspicious query strings, etc.?

eloquence avatar Jun 08 '20 19:06 eloquence

Still a bit contentious, can be revisited once we get deeper into the client backlog

  • want journo feedback as to how important it would be/ what they currently do
  • could treat similarly to DZ/Signal, address via docs/KB first, then think about implementing as a workstation feature if needed.

zenmonkeykstop avatar Aug 15 '24 18:08 zenmonkeykstop

Leaving un-milestoned for now but adding "needs user research"; at minimum, would be good to know if this is more of an edge case or fairly common.

eloquence avatar Jul 07 '25 18:07 eloquence