115 lines
3.1 KiB
Markdown
115 lines
3.1 KiB
Markdown
# Dangerzone - Document Sanitization
|
|
|
|
**Convert potentially dangerous PDFs and Office documents into safe PDFs**
|
|
|
|
## 🎯 Threat Model
|
|
|
|
### What Problem Does This Solve?
|
|
|
|
PDF and Office documents can contain:
|
|
- Embedded malware and exploits
|
|
- Tracking beacons that phone home when opened
|
|
- Active content (JavaScript, macros) that can compromise your system
|
|
- Hidden layers and metadata
|
|
|
|
Opening untrusted documents is a **major attack vector**.
|
|
|
|
### How Dangerzone Protects You
|
|
|
|
1. **Container Isolation**: Opens document in a disposable container
|
|
2. **Pixel Conversion**: Renders each page to pixels (destroying any code)
|
|
3. **Safe Reconstruction**: Rebuilds a clean PDF from the pixels
|
|
4. **Metadata Stripping**: Removes all potentially identifying metadata
|
|
|
|
Result: A safe, pixel-perfect copy of the document without any embedded threats.
|
|
|
|
## 🚀 Installation
|
|
|
|
```bash
|
|
cd ~/github/privacy-toolkit
|
|
./tools/dangerzone/install.sh
|
|
```
|
|
|
|
Or run directly:
|
|
```bash
|
|
bash <(curl -s https://raw.githubusercontent.com/YOUR_USERNAME/privacy-toolkit/main/tools/dangerzone/install.sh)
|
|
```
|
|
|
|
## 📖 Usage
|
|
|
|
### GUI Method
|
|
1. Launch "Dangerzone" from your application menu
|
|
2. Drag and drop a PDF or Office document
|
|
3. Wait for sanitization (can take a few minutes for large docs)
|
|
4. Get your safe PDF
|
|
|
|
### Right-Click Method
|
|
1. Right-click any PDF file
|
|
2. Select "Open with Dangerzone"
|
|
3. Sanitized PDF will be created in the same directory
|
|
|
|
### Command Line
|
|
```bash
|
|
# Sanitize a PDF
|
|
dangerzone document.pdf
|
|
|
|
# Sanitize multiple files
|
|
dangerzone file1.pdf file2.docx file3.xlsx
|
|
|
|
# Specify output directory
|
|
dangerzone -o /safe/directory document.pdf
|
|
```
|
|
|
|
## 🔍 When to Use Dangerzone
|
|
|
|
**Always sanitize:**
|
|
- ✅ Documents from email attachments
|
|
- ✅ Downloads from the internet
|
|
- ✅ Documents from USB drives
|
|
- ✅ Any document from untrusted sources
|
|
- ✅ Journalist source materials
|
|
- ✅ Legal documents from unknown parties
|
|
|
|
**Less critical:**
|
|
- Documents you created yourself
|
|
- Documents from verified, trusted colleagues (but still good practice!)
|
|
|
|
## ⚠️ Limitations
|
|
|
|
- **File Size**: Dangerzone creates larger files (pixel-based PDFs)
|
|
- **Processing Time**: Can be slow for large documents (requires rendering)
|
|
- **Text Selection**: Text becomes images (not searchable/selectable)
|
|
- **Forms**: Interactive PDF forms become static
|
|
|
|
**Trade-off**: Security vs. convenience. Dangerzone prioritizes security.
|
|
|
|
## 🛠️ Technical Details
|
|
|
|
**Architecture:**
|
|
- Uses Podman or Docker for containerization
|
|
- Runs untrusted code in isolated sandbox
|
|
- Converts to pixels using LibreOffice/GraphicsMagick
|
|
- Rebuilds PDF using safe rendering engine
|
|
|
|
**Supported Formats:**
|
|
- PDF
|
|
- Microsoft Office: .docx, .xlsx, .pptx
|
|
- LibreOffice: .odt, .ods, .odp
|
|
|
|
## 🔗 Resources
|
|
|
|
- Official Website: https://dangerzone.rocks/
|
|
- Source Code: https://github.com/freedomofpress/dangerzone
|
|
- Freedom of the Press Foundation: https://freedom.press/
|
|
|
|
## 🤝 Related Tools
|
|
|
|
- **mat2**: Metadata removal (keeps documents editable)
|
|
- **ExifCleaner**: Quick metadata stripping
|
|
- **Qubes OS**: Full system isolation for maximum security
|
|
|
|
---
|
|
|
|
**Maintained by**: Freedom of the Press Foundation
|
|
**License**: AGPL-3.0
|
|
**Last Updated**: 2025-11-12
|