My number 1 addresses for whistleblowing would be the NYTimes simultanesously with a German news outlet like Zeit, Spiegel, or Sueddeutsche Zeitung. My number 2 address would be Wikileaks.
These have actual, proven expertise in publishing leaks.
All those new "leak sites" have a trust problem. Although it's likely that most of them have noble intentions, it's equally likely that some of them have been funded by or have been undermined by intelligence services. I wouldn't even trust any open source software that is specifically developed for leaking sensitive information - it's simply too easy to slip an obfuscated security hole in it, and it's not as if the developers could afford regular professional audits.
I suspect some people will downvote me for this, but in highly sensitive matters I'd rather stick to those with a proven track record and evidence of having been persecuted by governments in the past.
To the people who think this is paranoid: It's not. Getting informants or people working on their behalf in crypto projects is the bread & butter of what intelligence agencies do, and it's much easier for them than their usual targets such as foreign military and agencies of state adversaries.
GlobaLeaks has had at least one professional audit of the software. I haven’t been following in recent years and they should definitely make it easier to find their current status on that score. (I just poked around on mobile and didn’t see it.)
I don't get why we are making websites that are supposed to be whistle-blowing platforms. It's already been established that numerous corruptible parties can break https (e.g. by hacking a cert).
Depending on the nature of the leak, perhaps it'd be best to get it into a safe public store that won't be disappeared (e.g. the blockchain) in an encrypted fashion, and then release the key to select parties.
* Onion sites also derive cryptographic security from the onion name itself. (I'm working on getting them to be allowed to have DV certs, but even without certs, the onion rendezvous protocol confirms that you've reached a party that controls a key specified in the name itself.)
(Someone else mentioned HPKP, which I've also touted in the past as improving HTTPS security, but it seems HPKP enforcement is going away, so we can't necessarily tout it for this purpose anymore...)
Don't do this; it has all the same problems of just giving the data to select parties directly.
Instead use http://www.gwern.net/Self-decrypting-files and post that to the blockchain. This ensures that anyone can access the data without depending on a trusted third party, but the data will already be irrevocably committed by the time anyone realizes that they want to censor it. Then publish the decryption key for convenience; if that get censored, it's merely mildly annoying.
I don't really understand the point of this project or similar efforts like securedrop, while understanding their motivation just fine. moving information from point A to point B is a very, very small part of the whistleblowing process, and it's already solved by other projects that are not specific to whistleblowing. trusting the recipient of sensitive information to use it well is a much more difficult problem, and it can't be solved by software. if reality winner had used the intercept's securedrop instance to transmit her information, it clearly wouldn't have prevented them from mishandling it.
> trusting the recipient of sensitive information to use it well is a much more difficult
Just curious, why is that even in the process? If you want to spread information, would you not distribute it to as many people as possible? Why do you have to trust the recipient?
I'm not sure what projects you're thinking of; just moving the info is easy, making it fairly foolproof for a non-techie source to avoid leaving a datatrail while sending infomation+having a dialogue with you is hard.
That's the first step in trying out the projects public demo, where they host an instance on their servers and give you a subdomain. Setting up your own server does not give them your personal information.
I haven't seen a feature comparison recently (I remember a panel discussion about this some years ago, but don't recall much substance), but I just wanted to point out that GlobaLeaks is a similar age to SecureDrop and may well be pretty mature. My impression is that SecureDrop is developed mainly by Americans and GlobaLeaks mainly by Europeans, and each might also have been deployed primarily on the continent where it was developed. If my impression is right, there might be an ongoing reason that particular groups of people are more familiar with one than the other.
But a few years ago, GlobaLeaks was a lot simpler to install and administer than SecureDrop. Which ment smaller organisations could afford to have an instance.
The single biggest "success" of the whole leaks thing has been to help put Trump in office, which shows three things.
First, it's ridiculously easy for powerful and dubious players (example here Russian intelligence, not Trump) to twist this well-meaning idea into a horrible parody of itself.
Second, the most vulnerable to manipulation from this technique are democracies (and to a much lesser extent) public corporations, who I would argue, are less of a problem than either autocracies or super-rich individuals. You can't embarrass Putin out of office no matter what gets leaked. Anyone who tries to use it against him will fall out of a window and it will be forgotten. Nor can you easily make the Koch brothers behave, even if an award winning journalist writes a best-selling and award winning book about their shenanigans https://www.amazon.com/Dark-Money-History-Billionaires-Radic...). You'd pretty much have to leak photos of them holding severed heads to get the US government to move against them effectively.
Third. Often, it's politically dangerous for a leader to do the 'right thing'. This technique is just as useful to prevent someone from doing the right thing as it is to prevent them from doing the wrong thing. The difference is how controversial the action is, not whether it is right or wrong.
So, regardless of whether this can be done securely, it's really important to ask yourself how it is likely to be used, by whom, and to what end. People tend to forget that stuff when they have a cool new technology.
Aren't the biggest recent successes of whistleblowing websites the publication of the the Pentagon papers, HBGary Federal leaks, embassy cables, collateral damage material/videos and US global surveillance program? To my knowledge, whistleblowing had very little to nothing to do with the recent election.
Information manipulation is one of the core functions of the CIA, Russian Intelligence, etc. Whistleblowing agencies do not seek to solve CIA information manipulation - only provide an outlet for the publication of contradictory material. In other words: these systems publish information - they are not golden bullets. They do not protect you entirely from the CIA. They aren't intended to. Don't let perfect the enemy of good.
Regarding the third point: it's often very easy for a leader to do the easy thing instead of the right thing.
Agree wholeheartedly that a person needs to be careful about how information is used, by whom, and to what end. I think that more than equally applies to Western intelligence and national security agencies.
Maybe somebody can show me why I'm wrong in stating that democracies are asymmetrically more vulnerable, or that this can be used as readily by bad actors for bad ends as it can by well-intentioned people for good ends.
[+] [-] JohnStrangeII|7 years ago|reply
These have actual, proven expertise in publishing leaks.
All those new "leak sites" have a trust problem. Although it's likely that most of them have noble intentions, it's equally likely that some of them have been funded by or have been undermined by intelligence services. I wouldn't even trust any open source software that is specifically developed for leaking sensitive information - it's simply too easy to slip an obfuscated security hole in it, and it's not as if the developers could afford regular professional audits.
I suspect some people will downvote me for this, but in highly sensitive matters I'd rather stick to those with a proven track record and evidence of having been persecuted by governments in the past.
To the people who think this is paranoid: It's not. Getting informants or people working on their behalf in crypto projects is the bread & butter of what intelligence agencies do, and it's much easier for them than their usual targets such as foreign military and agencies of state adversaries.
[+] [-] abecedarius|7 years ago|reply
[+] [-] alexandercrohde|7 years ago|reply
Depending on the nature of the leak, perhaps it'd be best to get it into a safe public store that won't be disappeared (e.g. the blockchain) in an encrypted fashion, and then release the key to select parties.
[+] [-] schoen|7 years ago|reply
* Scandal and investigation when they do, potentially leading to removal of trust from an associated CA.
* Easier and easier to detect (recently mandatory disclosure of all publicly-trusted certs https://groups.google.com/a/chromium.org/forum/#!topic/ct-po... and you can sign up to get alerts when a certificate is logged for a particular domain name).
* Onion sites also derive cryptographic security from the onion name itself. (I'm working on getting them to be allowed to have DV certs, but even without certs, the onion rendezvous protocol confirms that you've reached a party that controls a key specified in the name itself.)
(Someone else mentioned HPKP, which I've also touted in the past as improving HTTPS security, but it seems HPKP enforcement is going away, so we can't necessarily tout it for this purpose anymore...)
[+] [-] therein|7 years ago|reply
Just put it up as a torrent and share the magnet link.
[+] [-] a1369209993|7 years ago|reply
Don't do this; it has all the same problems of just giving the data to select parties directly.
Instead use http://www.gwern.net/Self-decrypting-files and post that to the blockchain. This ensures that anyone can access the data without depending on a trusted third party, but the data will already be irrevocably committed by the time anyone realizes that they want to censor it. Then publish the decryption key for convenience; if that get censored, it's merely mildly annoying.
[+] [-] mirimir|7 years ago|reply
[+] [-] jampekka|7 years ago|reply
[+] [-] jdc|7 years ago|reply
[+] [-] boramalper|7 years ago|reply
[+] [-] tribby|7 years ago|reply
[+] [-] antpls|7 years ago|reply
Just curious, why is that even in the process? If you want to spread information, would you not distribute it to as many people as possible? Why do you have to trust the recipient?
[+] [-] crtasm|7 years ago|reply
[+] [-] jakecraige|7 years ago|reply
[+] [-] boomboomsubban|7 years ago|reply
[+] [-] gitgud|7 years ago|reply
"GlobaLeaks is open-source / free software intended to enable secure and anonymous whistleblowing initiatives..."
[+] [-] arkadiyt|7 years ago|reply
[+] [-] schoen|7 years ago|reply
[+] [-] oldisgold|7 years ago|reply
Maybe the two softwares serve different use cases?
https://blog.torproject.org/italian-anti-corruption-authorit...
[+] [-] Raed667|7 years ago|reply
But a few years ago, GlobaLeaks was a lot simpler to install and administer than SecureDrop. Which ment smaller organisations could afford to have an instance.
[+] [-] charlieanon|7 years ago|reply
[+] [-] ljw1001|7 years ago|reply
First, it's ridiculously easy for powerful and dubious players (example here Russian intelligence, not Trump) to twist this well-meaning idea into a horrible parody of itself.
Second, the most vulnerable to manipulation from this technique are democracies (and to a much lesser extent) public corporations, who I would argue, are less of a problem than either autocracies or super-rich individuals. You can't embarrass Putin out of office no matter what gets leaked. Anyone who tries to use it against him will fall out of a window and it will be forgotten. Nor can you easily make the Koch brothers behave, even if an award winning journalist writes a best-selling and award winning book about their shenanigans https://www.amazon.com/Dark-Money-History-Billionaires-Radic...). You'd pretty much have to leak photos of them holding severed heads to get the US government to move against them effectively.
Third. Often, it's politically dangerous for a leader to do the 'right thing'. This technique is just as useful to prevent someone from doing the right thing as it is to prevent them from doing the wrong thing. The difference is how controversial the action is, not whether it is right or wrong.
So, regardless of whether this can be done securely, it's really important to ask yourself how it is likely to be used, by whom, and to what end. People tend to forget that stuff when they have a cool new technology.
[+] [-] notveryrational|7 years ago|reply
Information manipulation is one of the core functions of the CIA, Russian Intelligence, etc. Whistleblowing agencies do not seek to solve CIA information manipulation - only provide an outlet for the publication of contradictory material. In other words: these systems publish information - they are not golden bullets. They do not protect you entirely from the CIA. They aren't intended to. Don't let perfect the enemy of good.
Regarding the third point: it's often very easy for a leader to do the easy thing instead of the right thing.
Agree wholeheartedly that a person needs to be careful about how information is used, by whom, and to what end. I think that more than equally applies to Western intelligence and national security agencies.
[+] [-] ljw1001|7 years ago|reply
Maybe somebody can show me why I'm wrong in stating that democracies are asymmetrically more vulnerable, or that this can be used as readily by bad actors for bad ends as it can by well-intentioned people for good ends.
[+] [-] boomboomsubban|7 years ago|reply