Tag: Wikileaks alternative

  • Anonymously submit documents to the press with StrongBox

    Anonymously submit documents to the press with StrongBox

    Strongbox is a The New Yorker magazine tool to anonymously submit files and messages to journalist using the tor network, the project was put together by political activist Aaron Swartz, who died a few months ago, and Kevin Poulsen. StrongBox code is called DeadDrop and eventually will be released as open source for news agencies and particulars to implement as they wish. DeadDrop software runs on a hardened Ubuntu environment, it includes set up instructions and scripts, the code is written in Python, accepting document submissions and encrypting them with GPG for storage it then creates a random codename to be able to get back to the submitter anonymously without using email, there are three servers to anonymize the submission process one of them is public containing the interface,  another server stores the encrypted messages and the third server monitors the other two for security breaches.

    StrongBox anonymous document leak DeadDrop
    StrongBox anonymous document leak DeadDropWiki

    The New Yorker public server is also using a plugged in USB dongle to strenghen encryption entropy helping create a pool of random numbers, their journalists use a VPN to download the encrypted data on to a USB thumbdrive, the information is decrypted using a laptop that has no Internet access, to avoid malware infection, and running a live CD to keep temporary files out of the computer hard drive and make data recovery impossible, GPG private decryption keys are contained in a different USB thumbdrive also plugged in the same laptop prior to viewing the documents. It is a smart set up that makes it impossible for a New Yorker journalist to learn the submitter computer IP so they can not be compelled to reveal something they don’t know. The only missing thing is a metadata scrubber, if the documents you are passing on contain metadata, and most government and company files do, the original leak source could be found out, you should use BatchPurifier first to get rid of hidden data before submitting any file.

    Visit StrongBox homepage

  • Set up your own whistleblowing platform with Globaleaks

    Set up your own whistleblowing platform with Globaleaks

    Globaleaks is an open source framework allowing any activist group to set up their own anonymous whistle-blowing platform, using Globaleaks software the whistle blower will be kept anonymous by default. The tool conceives a javascript HTML Globaleaks client that can be provided as a browser addon or invoked through a content delivery network. On the server side tor hidden services give protection against legal liabilities, not only for the sender but also the receiver who will not be able to find out who sent the documents.

    You should not confuse this software platform with Wikileaks, Globaleaks does not provide a service, only the necessary software. When you set up a Globaleaks node you don’t become a part of any network, you own the node, with the responsibility of managing submitted leaked information falling on your side.

    Globaleaks whistleblowing platform
    Globaleaks whistleblowing platform

    Activists on the field can use a mobile phone to instantly submit photos, audio and video using GLDroid, a GlobaLeaks submission client for Android integrated with a tor proxy tool called Orbot.For those who can not use tor, Globaleaks allows Internet users to publish information via tor2web, a proxy service that can access hidden .onion sites through a web browser and does not require installing any extra software in the computer. Communication with the server is always encrypted end-to-end, a configurable time delay is introduced to stop a submission events being linked with an instant post on the website, document metadata clean up is optional and it will be up to each node administrator to turn it on.

    A nifty feature I liked is the coloured badge that sites running Globaleaks display to the user, pointing out anonymity, encryption and browser security level. A downside to the high security tor layered proxy approach is that the server will manifest high latency issues and it will take several seconds or minutes for the site to respond, during that waiting period Globaleaks will provide information to the user about safe whistleblowing procedures, reassuring the submitter that everything is working.

    Visit Globaleaks homepage