Journalists viewing documents on SecureDrop must connect to the respective Source or Document Interface using the Tails operating system, which your administrator should have already set up for you.
Each journalist must have a personal GPG key that they use for encrypting files transferred from the Secure Viewing Station to their Journalist Workstation. The private key, used for decryption, stays on their Journalist Workstation. The public key, used for encryption, gets copied to the Secure Viewing Station.
If a journalist does not yet have a GPG key, they can follow these instructions to set one up with GnuPG (GPG).
Each journalist has their own authenticated Tor hidden service URL to login to the Document Interface. The journalist needs to use the browser in the Tails operating system to connect to the Document Interface. This will take an extra few steps each time you want to login, but after practicing a few times, it will become automatic.
See our guide on setting up Tails for the Admin and Journalist Workstation before continuing. We recommend that you create bookmarks for the Source and Document Interfaces.
After clicking on the SecureDrop Document Interface link, you can log in with your username, password, and two-factor authentication token, as shown in the first screenshot below.
If any sources have uploaded documents or sent you message, they will be listed on the homepage by a codename. Note: The codename the journalists see is different than the codename that sources see.
You will only be able to view the documents the source has sent you on the Secure Viewing Station. After clicking on an individual source you will see the page below with the messages that source has sent you. Click on a document or message name to save it.
In order to protect you from malware, the browser will display a notice every time you try to download a file that can't be opened in browser itself. Go ahead and click Launch application anyway, and save the document to the designated USB stick you will use to transfer the documents from your Tails Journalist Workstation to the Secure Viewing Station. This will be known as your Transfer Device.
Eject your Transfer Device from your Journalist Workstation.
Next, boot up the Secure Viewing Station using Tails (remember, you must use a different Tails USB than you use your normal Journalist Workstation) and enter the password for the Secure Viewing Station the persistent volume. Once you have logged in, plug in the Transfer Device.
Copy these documents to the Persistent folder before decrypting them. This an important step. Otherwise you might accidentally decrypt the documents on the USB stick, and they could be recoverable in the future. You can do this by clicking on the Computer icon on your desk top, clicking on the Transfer Device, and then you can drag and drop the file into your Persistent folder.
Make sure to then return to your Transfer Device folder, right click on the file, and then click "Wipe" to securely wipe the file from your device.
To decrypt documents, return to your Persistent folder and double-click on zipped file folder. After you extract the files, click on each file individually, and it will prompt you for the application PGP key passphrase to decrypt the document.
When you decrypt the file it will have the same filename, but without the .gpg at the end.
You can double-click on the decrypted document to open it in its default application.
If the default application doesn't work, you can right-click on the document and choose Open with Other Application... to try opening the document with OpenOffice Writer, or Document Viewer. You can right-click on a file and choose Rename... to rename a document and give it a file extension.
Click on the codename to see the page specifically for that source. You will see all of the messages that they have written and documents that they have uploaded. Documents and messages are encrypted to the application's GPG public key. In order to read the messages or look at the documents you will need to transfer them to the Secure Viewing Station.
But first, if you'd like to reply to the source, write your message in the text field and click Submit.
Once your reply has been successfully submitted, you will be returned to the source page and see a message confirming that the reply was stored. The source will see your reply the next time they log in with their unique codename. To minimize sensitive data retention, the source interface UI encourages the source to delete the reply after reading it. If you notice one or more replies disappear from the list of documents, you may infer that the source read and deleted them. You may also delete replies if you change your mind after sending them.
If the server experiences a large number of new sources signing up at once and is overloaded with submissions, you will need to flag sources for reply before you can communicate with them. Click the Flag this source for reply button.
After clicking the Flag this source for reply button, you'll see this confirmation page. Click through to get back to the page that displays that source's documents and replies.
You will not be able to reply until after the source logs in again and sees that you would like to talk to him or her. So you may have to sit and wait. After the source sees that you'd like to reply, a GPG key pair will automatically be generated and you can log back in and send a reply.
As long as you're using the latest version of Tails, you should be able to open any document that gets submitted to you without the risk of malicious documents compromising the Secure Viewing Station. However, if they do compromise it, Tails is designed so that the next time you reboot the malware will be gone.
Tails comes with lots of applications that will help you securely work with documents, including an office suite, graphics tools, desktop publishing tools, audio tools, and printing and scanning tools. For more information, visit Work on sensitive documents on the Tails website.
Tails also comes with the Metadata Anonymization Toolkit (MAT) that is used to help strip metadata from a variety of types of files, including png, jpg, OpenOffice/LibreOffice documents, Microsoft Office documents, pdf, tar, tar.bz2, tar.gz, zip, mp3, mp2, mp1, mpa, ogg, and flac. You can open MAT by clicking Applications in the top left corner, Accessories, Metadata Anonymisation Toolkit.
We recommend that you do as much work as you can inside of Tails before copying these documents back to your Journalist Workstation, including stripping metadata with MAT.
When you no longer need documents you can right-click on them and choose Wipe to delete them.
Before you move documents back to the Transfer Device to copy them to your workstation you should encrypt them to your personal GPG public key that you imported when setting up the Secure Viewing Station to begin with.
Right-click on the document you want to encrypt and choose Encrypt...
Then choose the public keys of the journalist you want to encrypt the documents to and click OK.
When you are done you will have another document with the same filename but ending in .gpg that is encrypted to the GPG keys you selected. You can copy the encrypted documents to the Transfer Device to transfer them to your workstation.
Plug the Transfer Device into your workstation computer and copy the encrypted documents to it. Decrypt them with gnupg.
Write articles and blog posts, edit video and audio, and publish. Expose crimes and corruption, and change the world.