Ability to export a submission in a non-modifiable format

[aetdr]

hi @evilaliv3

A submission can be exported by recipients. This provides the submission as plain txt file and the submissions attachments, all wrapped in a zip file.

Usually, recipients export submissions and journal them in an external journaling system. When they do this, it is possible to easily modify the txt file.

Our users believe that protecting this text exports, by creating them as non-modifiable PDFs or similar will have value. Have you been looking at this or what is your stand on this issue?

I know it is not bulletproof, but I have heard this question multiple times.

[evilaliv3]

Thank you for this feedback @aetdr

We recognize the inner value of the proposal but we have at the moment know clue on a valid solution.

Actually when users download a report they get a zip file that is reproducible but not editable, exactly like it would be the possible PDF solution that you suggest.

What we miss here is eventually a mechanism for signing the download that does typically require a third party. This would be intereresting as well in relation to the audit log.

Please let us know if you are aware of any implementation that we could keep as reference.

[evilaliv3]

@mmaker: i remember you were looking into some research that could possibly be handy on this topic. Do you know if there is any open source project that is doing research on this aspects and that could be possibly integrated with globaleaks to get signed timestamps/checksums with the possibility to verify them afterwards?