Today marks a significant milestone in the development of the SecureDrop Workstation project, with the release of 1.0.0. To meet the goal of improving the journalist experience, we kicked off a closed pilot with select newsrooms in March 2020 and have been constantly iterating on the Workstation since then, based on real user feedback. With 1.0.0, we’re now switching to an open beta: if you are interested in using SecureDrop Workstation, please reach out to us via the support portal.

On the technical side of things, this is the first release targeting Qubes 4.2 and will require a full reinstall. If your organization was participating in the closed pilot and you would like assistance migrating to Qubes 4.2, and have not yet scheduled a support session with us, please reach out via the support portal.

What’s new in SecureDrop Workstation 1.0.0?

This release focuses on making the provisioning process as robust as possible and improving our automated tests. Along the way, we also implemented some user-facing features, such as automatic retries of failed downloads and WebP/WebM file type support.

User-facing features

• Automatically resume failed downloads (#2006)
• Support viewing .webp images (#614)
• Support viewing .webm videos in Totem (#2106)
• Set menu items for sd-devices and sd-whonix (#1112)

Platform and provisioning improvements

• Add Qubes 4.2 support (#970, #976, #983, #987, #993, #995, #1126, #1958)
• Create base template from debian-12-minimal template (#970, #1957, #1967)
• Move to Fedora 40 base system template (#1078)
• Integrate Qubes 4.2 updater into ours (#1023, #1128, #1142)
• Use QubesDB to configure VM-specific settings (#840, #1001, #1037, #1051, #1883, #2032, #2034, #2051, #2056, #2058)
• Use Qubes services and systemd to conditionally provision VMs (#1677, #2033)
• Package some dom0 files in RPM instead of provisioning via Salt (#1030)
• Provision deb822-style apt sources list (#1005, #1952)
• Configure environment-specific services in dom0 via systemd (#1038, #1056)
• Move all Salt provisioning files into /srv/salt/securedrop_salt (#1048)
• Switch to new RPC .policy file format (#990)

Security hardening

• Require securedrop-workstation-dom0 RPM updates (#1054)
• Set default_dispvm to None in all SDW VMs except sd-app (#1068, #1084)
• Make sd-proxy VM disposable (#1043, #2033)
• Ensure and verify files in built RPM have their mtime clamped (#1114)

Internal changes

• Implement proxy v2 in Rust (#1718, #2017, #2031, #2039, #2015)
• Make our VMs internal, hiding their applications from the menu (#857, #1098)
• Reorganize securedrop-log code to clearly split server and client (#1677)
• Install xfce4-terminal in all VMs for debugging (#2013)

Even more changes, such as testing and development improvements, are documented in the complete SecureDrop Workstation and SecureDrop Client changelogs.

Acknowledgments

Thanks to Localization Lab for supporting this effort.

We’d also like to thank the Qubes team for addressing our feature requests and bugs, as well as providing advice and guidance. We appreciate that they were able to provide extended security support for Qubes 4.1.

This release incorporates Freedom of the Press Foundation (FPF) contributions by Giulio B, Nathan Dyer, Micah Lee, Kunal Mehta, Erik Moeller, Cory Francis Myers, Kevin O'Gorman, Francisco Rocha, Rowen S, and Michael Z.