Update docs for Inbox release

docs/admin/install/install.rst

@@ -154,67 +154,13 @@ The preflight updater will start automatically after logging into the system. Pl
 
 Once the update check is complete, the SecureDrop Client will launch. Log in using an existing journalist account and verify that sources are listed and submissions can be downloaded, decrypted, and viewed.
 
-(Optional) Enable the SecureDrop App
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-By default, you will receive the SecureDrop Client, our original tool for journalists to access the sources,
-messages, and attachments within SecureDrop. Our newest tool, `the SecureDrop App  <https://github.com/freedomofpress/securedrop-client/tree/main/app#readme>`_, can be enabled manually during the initial roll-out period. After this period is complete, the SecureDrop App will become the new default.
-
-If you would like to switch to the SecureDrop App immediately, you can follow these steps:
-
-1. Ensure your system is completely up-to-date using the preflight updater.
-
-2. In a ``dom0`` terminal, edit the ``config.json`` file by running:
-
-  .. code-block:: sh
-
-    nano /usr/share/securedrop-workstation-dom0-config/config.json
-
-  You will need to add a line that reads ``"app": true,``. Your final config 
-  should look similar to the example below:
-
-  .. code-block:: sh
-
-    {
-      "app": true,
-      "submission_key_fpr": "65A1B5FF195B56353CC63DFFCC40EF1228271441",
-      "hidserv": {
-        "hostname": "sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion",
-        "key": "5U4JPYSZ34N2ZDSOUAL2YLEX2NPI5BLL2Y66QJW24KLSH7R3FEPQ"
-      },
-      "environment": "prod",
-      "vmsizes": {
-        "sd_app": 10,
-        "sd_log": 5
-      }
-    }
-
-  .. hint::
-
-    Be sure to include the ``,`` at the end of the line containing ``"app": true,``
-
-3. Apply the changes by running:
-
-  .. code-block:: sh
-
-    sdw-admin --apply
-
-4. When prompted, reboot your SecureDrop Workstation.
-
-After logging in again, you should now be able to click the SecureDrop icon on the Desktop to launch the
-SecureDrop App.
-
-If you encounter an issue or would like to use the original SecureDrop Client,
-you can access it for a limited time via |qubes_menu| **▸** |qubes_menu_gear| 
-**▸ Other ▸ SecureDrop Client (legacy)**.
-
 .. _Password Management Section:
 
 Enable password copy and paste
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-If you use KeePassXC in the ``vault`` VM to manage login credentials, you can enable the user to copy passwords to the SecureDrop App using inter-VM copy and paste. While this is relatively safe, we recommend reviewing the section :doc:`Managing Clipboard Access <../reference/managing_clipboard>` of this guide, which goes into further detail on the security considerations for inter-VM copy and paste.
+If you use KeePassXC in the ``vault`` VM to manage login credentials, you can enable the user to copy passwords to the SecureDrop Inbox using inter-VM copy and paste. While this is relatively safe, we recommend reviewing the section :doc:`Managing Clipboard Access <../reference/managing_clipboard>` of this guide, which goes into further detail on the security considerations for inter-VM copy and paste.
 
-The password manager runs in the networkless ``vault`` VM, and the SecureDrop App runs in the ``sd-app`` VM. To permit this one-directional clipboard use, issue the following command in ``dom0``:
+The password manager runs in the networkless ``vault`` VM, and the SecureDrop Inbox runs in the ``sd-app`` VM. To permit this one-directional clipboard use, issue the following command in ``dom0``:
 
 .. code-block:: sh
 

docs/admin/reference/managing_clipboard.rst

@@ -13,15 +13,15 @@ As an administrator, you should be aware of the following risks related to clipb
 
 With these considerations in mind, there are use cases where clipboard access may be an important part of your regular use of SecureDrop Workstation. For example:
 
-- You may want to copy passwords from a password manager to the SecureDrop App;
+- You may want to copy passwords from a password manager to the SecureDrop Inbox;
 - You may want to copy a message you received via SecureDrop into a secure messaging app like Signal, to share it with another journalist.
 
 To support these use cases, SecureDrop Workstation allows you to grant granular access to the ``sd-app`` clipboard (via the cross-VM clipboard) to selected VMs.
 
 Configuring clipboard access to ``sd-app``
 ------------------------------------------
 
-The process for permitting the one-directional copying of passwords from a password manager in ``vault`` to the SecureDrop App is :ref:`outlined in the installation docs <Password Management Section>`. In general, clipboard access to SecureDrop Workstation VMs is governed by *tags* that can be applied in ``dom0`` to selected VMs:
+The process for permitting the one-directional copying of passwords from a password manager in ``vault`` to the SecureDrop Inbox is :ref:`outlined in the installation docs <Password Management Section>`. In general, clipboard access to SecureDrop Workstation VMs is governed by *tags* that can be applied in ``dom0`` to selected VMs:
 
 - the tag ``sd-send-app-clipboard`` can be used to tag a VM that should be able to send its clipboard contents *to* ``sd-app`` via the cross-VM clipboard;
 - the tag ``sd-receive-app-clipboard`` can be used to tag a VM that should be able to receive its clipboard contents *from* ``sd-app`` via the cross-VM clipboard.
@@ -54,7 +54,7 @@ The syntax for revoking a tag is as follows:
 
 As before, confirm the operation via the ``ls`` subcommand.
 
-As an example, if you had a custom VM called ``work-signal`` that runs the Signal messenger, and you wanted to copy and paste messages from the SecureDrop App *into* Signal (and potentially other applications in that VM) but not *out* of Signal into the SecureDrop App, you would issue the following commands:
+As an example, if you had a custom VM called ``work-signal`` that runs the Signal messenger, and you wanted to copy and paste messages from the SecureDrop Inbox *into* Signal (and potentially other applications in that VM) but not *out* of Signal into the SecureDrop Inbox, you would issue the following commands:
 
 .. code-block:: sh
 

docs/admin/reference/provisioning_usb.rst

@@ -1,7 +1,7 @@
 Provisioning Export USB devices
 ===============================
 
-SecureDrop Workstation supports the export of submissions from the SecureDrop App
+SecureDrop Workstation supports the export of submissions from the SecureDrop Inbox
 to a LUKS- or VeraCrypt-encrypted USB *Export Device*.
 
 Creating a LUKS-encrypted drive

docs/admin/reference/securing_workstation.rst

@@ -42,7 +42,7 @@ Passwords and other credentials in use by *SecureDrop Workstation* include:
   storage on boot. All users will need this password.
 - the Qubes system user password, required to log in. All users will need this
   password
-- *SecureDrop App* login credentials. These are the same credentials that
+- *SecureDrop Inbox* login credentials. These are the same credentials that
   are used by journalists and administrators to log in to the *Journalist
   Interface*, and are unique per user.
 

docs/admin/reference/troubleshooting_connection.rst

@@ -151,7 +151,7 @@ Step 5: Restart ``sd-proxy``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Restart ``sd-proxy`` to attempt to restore connectivity:
 
-1. Exit the SecureDrop app if it is running.
+1. Exit the SecureDrop Inbox if it is running.
 2. Click the Qubes Application menu |qubes_menu| icon in the system tray (top left).
 3. Click **Run Qube Manager**
 4. Right-click ``sd-proxy`` in the list of VMs. Click **Shutdown qube**.

docs/admin/reference/troubleshooting_updates.rst

@@ -6,7 +6,7 @@ preflight updater will prompt you to check for available
 system updates at least once per day.
 
 If updates fail for any reason, the preflight updater will
-not launch the SecureDrop App until the
+not launch the SecureDrop Inbox until the
 underlying issue has been resolved. This is to ensure
 that the system is in a secure state before you
 interact with SecureDrop.
@@ -16,7 +16,7 @@ interact with SecureDrop.
          displaying a failed update error message. The
          title reads "Security updates failed", and the
          message instructs the user to contact the administrator
-         to correct the error. The SecureDrop App cannot
+         to correct the error. The SecureDrop Inbox cannot
          be started until the error is corrected.
 
    The error displayed when the preflight updater

docs/general/known_issues.rst

@@ -11,7 +11,7 @@ Bugs and other issues that are not specific to your instance can be reported
 via GitHub using the following links:
 
  - `SecureDrop Workstation issues <https://github.com/freedomofpress/securedrop-workstation/issues>`_ - issues related to the Qubes environment and workstation provisioning.
- - `SecureDrop App issues <https://github.com/freedomofpress/securedrop-client/issues>`_ - issues related to the *SecureDrop App*.
+ - `SecureDrop Inbox issues <https://github.com/freedomofpress/securedrop-client/issues>`_ - issues related to the *SecureDrop Inbox*.
 
 If you encounter a security-related issue, please see
 `SECURITY.md <https://github.com/freedomofpress/securedrop-workstation/blob/main/SECURITY.md>`_ 
@@ -25,7 +25,7 @@ Current known issues
 - Printing different file types is not as reliable yet as under Tails. 
 - Printing of individual files inside an archived submission is not yet supported.
 - Currently, only app-based two-factor authentication (TOTP) is supported.
-- The SecureDrop App does not currently handle files that are "double-encrypted"
+- The SecureDrop Inbox does not currently handle files that are "double-encrypted"
   (when a source pre-encrypts a submission locally before uploading it to SecureDrop).
   Until this is fully supported, we suggest using the Tails-based *Secure Viewing
   Station* for pre-encrypted submissions.
@@ -34,10 +34,9 @@ Current known issues
   yet supported for viewing, and must be exported via USB, and/or viewed using
   the Tails-based *Secure Viewing Station*. :doc:`Broader file type support is planned <supported_filetypes>`.
 - If the *Submission Key* for your SecureDrop server was rotated in the past,
-  you must manually re-add the old key to your vault VM (`sd-gpg`) in order to
-  view old submissions in SecureDrop Client. Contact Support for assistance.
+  you must manually re-add the old key to your `sd-gpg` VM in order to
+  view old submissions in SecureDrop Client. `Contact Support <https://securedrop.org/help/>`_ for assistance.
 - We do not support uninstalling SecureDrop Workstation without wiping all of
   Qubes OS. There is an ``--uninstall`` option for ``sdw-admin``, but it is not
   officially supported and will leave behind sensitive material in
-  ``/usr/share/securedrop-workstation-dom0-config`` in ``dom0``. If you need to decomission
-  a SecureDrop Workstation, please contact us for assistance.
+  ``/usr/share/securedrop-workstation-dom0-config`` in ``dom0``. If you need to decomission a SecureDrop Workstation, please contact us for assistance.

docs/general/status.rst

@@ -4,8 +4,8 @@ SecureDrop Workstation Project Status
 SecureDrop Workstation is currently in active development.
 
 We are currently in an open beta. If you are
-interested in using SecureDrop Workstation, please reach out to us
-via our `contact form <https://securedrop.org/help>`_.
+interested in using SecureDrop Workstation, please `reach out to us
+via our <https://securedrop.org/help/>`_.
 
 Is SecureDrop Workstation right for you?
 ----------------------------------------
@@ -43,7 +43,7 @@ Do you still need a Tails-based *Secure Viewing Station*?
 ---------------------------------------------------------
 
 For now, yes. There are still circumstances where the SecureDrop Workstation
-may not be able to retreive or show submissions. The main instances are
+may not be able to retrieve or show submissions. The main instances are
 either in situations where there are a substantial number of sources or
 submissions stored on the SecureDrop server, or in instances were you are
 trying to open a file type that the Workstation is not yet equipped to handle.

docs/general/workstation_architecture.rst

@@ -14,10 +14,10 @@ SecureDrop Workstation tightly controls access to the network, in order to
 prevent the exfiltration of messages, replies, documents, or encryption keys by
 adversaries. Specifically, the following VMs have no network access:
 
-- ``sd-app``, which runs the SecureDrop App, and holds decrypted messages,
+- ``sd-app``, which runs SecureDrop Inbox, and holds decrypted messages,
   replies, and documents.
 - ``sd-viewer``, which is the template for disposable VMs used for opening
-  documents from the SecureDrop App.
+  documents from the SecureDrop Inbox.
 - ``sd-gpg``, which holds the *Submission Private Key* required to decrypt
   messages, replies, and documents.
 - ``sd-devices``, which passes exported documents through to USB devices like
@@ -31,15 +31,15 @@ access.
    If you attempt to directly access the network in any of these VMs, it will
    not work. That is the expected behavior.
 
-Because the SecureDrop App must connect to the SecureDrop
+Because SecureDrop Inbox must connect to the SecureDrop
 *Application Server* in order to send or retrieve messages, documents, and
 replies, it can communicate through Qubes-internal Remote Procedure Calls (RPCs)
 with another VM, ``sd-proxy``, which can only access the open Internet through
 the Tor network.
 
 Like all networked VMs, ``sd-proxy`` uses the ``sys-firewall`` service to
 connect to the network, which is provided via ``sys-net``. All three VMs must be
-running for the SecureDrop App to successfully connect to the server.
+running for SecureDrop Inbox to successfully connect to the server.
 
 .. important::
 

docs/journalist/ending_session.rst

@@ -1,7 +1,7 @@
 Ending your session
 ===================
 
-When you are finished using SecureDrop Workstation, close the SecureDrop App window and shut the computer down completely. This is to take advantage of the protections of full-disk encryption, and to avoid unauthorized access to the Workstation and the files and materials on it, which include any messages and submissions that you have downloaded.
+When you are finished using SecureDrop Workstation, close the SecureDrop Inbox window and shut the computer down completely. This is to take advantage of the protections of full-disk encryption, and to avoid unauthorized access to the Workstation and the files and materials on it, which include any messages and submissions that you have downloaded.
 
 To shut down the computer, click your username in the top righthand corner of
 your screen, and select **Shut Down** from the menu.

docs/journalist/faq.rst

@@ -16,7 +16,7 @@ machine thanks to a `feature of Qubes`_ that creates temporary VMs in
 which to view untrusted content without exposing the rest of your system to
 that content.
 
-As a journalist, you will log into the SecureDrop application with the
+As a journalist, you will log into the SecureDrop Inbox with the
 same credentials you previously used to log into the Journalist Interface. You
 will then be able to view, download, and reply to and submissions---all on the
 same device.
@@ -82,7 +82,7 @@ in a timely manner, which can significantly worsen its security posture.
 In SecureDrop Workstation, any document received via SecureDrop is opened in a
 disposable VM that has no Internet access and no access to other files submitted
 via SecureDrop. The encryption keys are stored in a separate, networkless VM
-from the SecureDrop App app.
+from the SecureDrop Inbox.
 
 Because SecureDrop Workstation has Internet access, updates can be applied
 automatically as soon as they are available. SecureDrop Workstation enforces this
@@ -135,7 +135,7 @@ You cannot print from the viewer application, because it does not have access
 to peripherals. This prevents malware from exfiltrating data (e.g., via attached
 USB devices), and from targeting hardware-level security vulnerabilities.
 
-You *can* print files directly from the SecureDrop App by clicking "Print"
+You *can* print files directly from the SecureDrop Inbox by clicking "Print"
 for a downloaded file, which will pass the file through to your USB printer
 without opening it in an interactive viewer application.
 
@@ -153,7 +153,7 @@ Administrators can configure limited exceptions to this policy; please see the
 section :doc:`Managing Clipboard Access <../admin/reference/managing_clipboard>`
 of the admin guide for more information.
 
-Why does it take so long to start the SecureDrop App?
+Why does it take so long for SecureDrop Inbox to start?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 If the system has not been updated recently, the preflight updater will check
 for available security updates for all VMs used by SecureDrop Workstation,