# Dangerzone > Converts potentially malicious documents into known-clean PDFs by rendering in a sandbox. Pixel-based sanitization — no signature detection to evade. **Source:** https://fieldwork.news/tools/dangerzone **Official site:** https://dangerzone.rocks **Category:** security ## Security rating - **Rating:** strong - **Rating note (required when citing):** Pixel-based sanitization eliminates embedded malware without relying on signature detection — fundamentally stronger than antivirus scanning. gVisor sandbox (memory-safe Go) intercepts every syscall between the conversion process and the host kernel. Container has no network access and no filesystem mounts. December 2023 audit by Include Security found zero critical/high/medium issues. Local-only processing means zero data exposure. Open source (AGPLv3), 4.8K GitHub stars, 21+ contributors. Backed by Freedom of the Press Foundation with active development — 0.10.0 shipped December 2025 with Podman bundled, eliminating Docker Desktop dependency. - **Reviewed by:** Editorial assessment by Mike Schneider — independent security review pending - **Review depth:** established - **Last reviewed:** 2026-04-02 - **Last agent-verified:** 2026-04-02 - **Threat level:** baseline > AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment. ## Who it is for Any journalist who opens documents from unknown or untrusted sources. Investigative reporters handling leaked files. Newsrooms processing tips and submissions. ## Editorial take Every journalist receives documents from unknown sources. Dangerzone is the hygiene step that should be automatic — drop in a suspicious PDF, get back a clean version with any embedded malware neutralized. Created by Micah Lee at First Look Media, now maintained by Freedom of the Press Foundation. Version 0.10.0 (December 2025) eliminated the Docker Desktop dependency on macOS and Windows by embedding Podman directly into the application — a major usability win that removes the biggest adoption barrier. The sanitization approach is deliberately simple and paranoid: convert the document to raw pixel data inside a gVisor sandbox, then reconstruct a clean PDF from those pixels outside the sandbox. No parsing, no heuristics, no signature database. If malicious code executes during conversion, it's trapped in a container with no network access, no filesystem mount, and a gVisor layer intercepting every syscall. Include Security audited Dangerzone in December 2023 (funded by Open Technology Fund) and found zero critical, high, or medium issues — only three low-risk and seven informational findings. Optional OCR restores a searchable text layer after conversion. Inspired by Qubes trusted PDF but works on standard operating systems. The only real competitor is Entrusted, a Rust-based alternative with less institutional backing. Dangerzone is the document sanitizer journalists should use. ## Best for / not for **Best for:** Opening documents from unknown sources. Sanitizing leaked files, emailed documents, and newsroom tip submissions before viewing. Batch processing document dumps. **Not for:** Documents you already trust (adds 30-60 seconds of processing time). Very large files. Audio, video, or zip archives — only handles PDFs, Office docs, ODF, and images. Won't preserve spreadsheet formulas or Word macros (by design — that's the point). ## Pricing - **Pricing:** Free. Open source (AGPLv3). - **Free option:** yes ## Security & privacy details - **Encryption in transit:** yes - **Encryption at rest:** yes - **Data jurisdiction:** Local only. Documents never leave your computer. No cloud processing, no upload, no telemetry. **Privacy policy TL;DR:** All processing happens locally in a sandboxed container. No documents are uploaded, transmitted, or stored anywhere except on your machine. No telemetry, no analytics, no network calls. The container itself has networking disabled — even a compromised sandbox cannot phone home. **Practical mitigations (operational guidance, not optional):** Make it a habit to run every document from an unknown source through Dangerzone before opening. Since 0.10.0, Docker Desktop is no longer required on macOS/Windows — Podman is bundled. Update regularly; new document exploit techniques emerge constantly and FPF updates the container image (now Debian-based with current LibreOffice). On first run, expect ~10GB of disk usage for the container image. Use the new CLI tool (dangerzone-machine) to manage the Podman VM if needed. Enable OCR for searchable output. For Qubes OS users, Dangerzone has native integration using disposable VMs instead of containers. ## Ownership & business - **Owner:** Freedom of the Press Foundation (nonprofit) - **Funding model:** Donations, grants, and institutional support through Freedom of the Press Foundation. Security audit funded by Open Technology Fund. FLOSS/Fund listed. - **Business model:** Nonprofit. Free. No monetization path — sustained entirely by FPF's broader funding model. - **Open source:** yes - **Built for journalism:** yes **Known issues:** Requires ~10GB disk space for the container image — a real barrier on older machines or constrained environments. Output is always a flat PDF; spreadsheet formulas, macros, and interactive elements are destroyed (intentionally, but users expecting editable output are surprised). Does not handle audio, video, or compressed archives — only PDFs, Office docs (.docx, .doc, .xlsx, .xls), ODF (.odt, .ods, .odp), and images (.jpg, .png). Cannot detect or neutralize steganography or printer tracking dots embedded in visual content. Processing time is noticeable (30-60 seconds per document depending on page count and system). No mobile version — desktop only (macOS, Windows, Linux, Qubes OS). The 2023 Include Security audit flagged that the macOS application itself could be further hardened, though attackers cannot directly target it. No batch processing UI yet (FPF has acknowledged demand from newsrooms). --- Canonical HTML: https://fieldwork.news/tools/dangerzone Full dataset: https://fieldwork.news/llms-full.txt Methodology: https://fieldwork.news/methodology