EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.25.15

How to Securely Provide Techrights With Information, Documents

Posted in Site News at 6:35 am by Dr. Roy Schestowitz

The key is anonymity

A lock

Summary: Advice for potential whistleblowers, or sources with evidence of abuse that they wish to anonymously share with the world (via Techrights)

OVER the years Techrights has received critical information from dozens of sources, all of which remained safe (unexposed). But this does not mean that all of them did this safely. This article provides advice for those who wish to pass to us information in the safest of ways, without having to do a lot of complicated things.

Why Not Off-the-shelf, Self-contained Secure Software?

Over the past 6 months or so we have looked into various bits of Free/libre software, e.g. Briefkasten (no longer actively maintained, as of 2013) and SecureDrop, which is too big a project (massive also in the source code sense compared to Briefkasten, not to mention difficult to set up). After much effort we decided to settle for something which is simpler to use and is much faster to use. To facilitate leaking of sensitive documents (e.g. evidence of misconduct) we mostly require anonymity, as the content of the material does not — in its own right — do much (if anything) to expose the source.

Typically, whole frameworks are built for distributed and de-centralised leaking. This requires quite a bit of hardware, which in turn needs to be set up and properly configured. It’s complicated for both sides (source and receiver) and it’s usually developed for large teams of journalists, for constant interaction with sources, or a regular flow of material. We do not require something this advanced. In practice, a one-time document drop is usually enough.

Our Proposed Solution

We have decided that the following method would be good enough given the nature of leaks we normally receive. They are typically about technology, rather than some military or surveillance apparatus such as the CIA’s assassination (by drones) programme or the NSA’s mass surveillance programme.

For extra security, we kindly ask people to ensure anonymity/privacy tools are used, notably Tor. Without it, privacy/anonymity cannot be assured to a high degree. It’s possible, but it would not be unbreakable (meaning too great an effort and a challenge for spies to take on).

Establishing a Secure (Anonymous) Session

Follow the following steps, with (1) for extra assurance of anonymity.

  1. Install Tails or prepare a Tails device (e.g. Live CD) to boot on a laptop, in order to simplify session creation with Tor (for those who insist on using Windows we have this guide [PDF]).
  2. Irrespective of (1), seek public wireless/wired access in something like a mall (preferably not a sit-down like a coffee shop, where cameras are operated and situated in a way that makes it easy to track individuals by faces, payment with debit/credit cards and so on). The idea is to seek a place — any place — where it is hard to know the identity of the connected party, even by association (e.g. friend or family). Do not use a portable telephone (these are notoriously not secure and regularly broadcast location).
  3. Refrain from doing any browsing that can help identify patterns or affiliations of the user (e.g. session cookies). In fact, unless Tails is used, it might be worth installing a new browser (Opera for instance) and doing nothing on it prior to the sending of material. This reduces the cookie trail/footprint.

Send the material

Once logged in anonymously, anonymously (do not log in) submit text through Pastebin and take the resultant URL for later pasting. Do not pass PDFs for non-textual material. Instead take shots of them, to reduce/eliminate metadata which is often being passed along with them. Then submit to Anonmgur and make a note of the resultant URL for later pasting.

This is typically a one-way communication channel, so add any context which is necessary, then link to the above material as follows:

  • Log in to the #techrights IRC Channel via the Web browser.
  • Choose a pseudonym and sooner or later we will get around to seeing the new arrival and checking what there is to be said (there are dozens of us there).
  • Drop the link/s in the channel. If someone is on the keyboard at the time, there might even be time for interaction. Do not say anything that can help reveal identity (sometimes the language itself is revealing).

Caveats

While not impenetrable, it would take an enormous amount of effort (and connections in several high places) to unmask a source who follows the steps above. Unless it’s a high-profile political leak, such an unmasking effort would be well beyond what’s worth pursuing (expensive and complicated). MAC address-level spying often assumes access to very high places (and deep into back rooms), so therein lies no significant danger, especially when the best anonymity tools are properly used and the incentive to unmask isn’t great enough at high places (usually the political or military establishments).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 23/10/2018: Mesa 18.3 Planned, RISC OS Adopts Apache Licence, Mozilla Firefox 63.0 Available

    Links for the day

  2. Microsoft's Patent Troll Intellectual Ventures Still Suing Microsoft's Rivals, Microsoft Gags Its Staff Regarding Patent Matters

    Microsoft says it's pursuing "truce"; the patent trolls it has created and backed (Bill Gates still backs them at a personal capacity) feel differently

  3. The EPO Under António Campinos Has Opened More Doors to Software Patents and Only Litigators Are Happy

    António Campinos continues Battistelli's tradition of shredding the Convention on the Grant of European Patents (EPC); it's all about generating as much assertion (e.g. litigation, shakedown) activity as possible, serving to bring Europe's productive industries to a halt

  4. German Court on UPC Constitutional Complaint: “No Oral Hearing is Currently Scheduled. A Decision Date is Not Foreseeable at Present.”

    More bad news for Team UPC as there's no sign of Germany signing/ratifying the UPCA and none of the underlying issues (noted in the complaint) have been addressed at all

  5. Links 22/10/2018: New Kernel Release and Linus Torvalds is Back in Charge

    Links for the day

  6. Lack of Patent Quality Means Lack of Patent Validity and Lack of Legal Certainty

    35 U.S.C. § 101 at the U.S. Patent and Trademark Office (USPTO) -- like the European Patent Convention (EPC) on the Grant of European Patents -- stresses patent quality and scope; will patent offices get things right before it's too late or too expensive to undo?

  7. Data Engine Technologies (DET) Just One Among Many Microsoft-Connected Patent Trolls That Pick on Microsoft's Biggest Competitors

    Lawyers' articles/blog posts continue to obscure the fact that Data Engine Technologies is merely a satellite or unit (one among many) of patent trolling giant Acacia Research Corp., connected to Microsoft and sporting a long history of lawsuits against GNU/Linux

  8. Alice/Mayo and Hatch-Influenced US Patent Office

    The U.S. Patent and Trademark Office (USPTO) seems to be serving those who pay the most to define the scope or limits of patenting; this means that even nature and life are being 'privatised' (or turned into someone's "intellectual" property)

  9. Funded by the Public to Prey on the Public: The Absurdity of Patent Sales and 'Enforcement' by Government

    Government or US Government-funded entities are looking to tax private companies using patents that were actually funded by the public; in practice this helps private firms or insiders (individuals) personally gain from something that the public subsidised and should thus be in the public domain

  10. Lockpath Patents Demonstrate That the US Patent Office -- Unlike US Courts -- Keeps Ignoring 35 U.S.C. § 101/Alice

    35 U.S.C. § 101 isn’t being entirely followed by examiners of the U.S. Patent and Trademark Office (USPTO); in fact, evidence suggests that mathematics are still becoming monopolies of private firms — something which should never happen

  11. The Eastern District of Texas and Its Patent Trolls Affinity Not a Solved Issue

    The American patent system continues to distribute monopolies on algorithms and some of these cause litigation to reach courts that are notorious for intolerance of 35 U.S.C. § 101, resulting in unnecessary payments to lawyers and patent trolls

  12. More 'Blockchain' Nonsense in Pursuit of Bogus, Nonsensical Software Patents

    The U.S. Patent and Trademark Office (USPTO) is still granting abstract software patents because words like "blockchain" get mentioned in the applications; companies that do this hope to shield themselves from disruptive technology and possibly facilitate future patent blackmail

  13. A Warning About MPEG-G, the Latest Software Patents Trap That Threatens Innovation Everywhere

    Combining patents on software and on life, MPEG-G assembles a malicious pool with malignant ramifications for bioinformatics

  14. MIT and the Prior Art Archive Perpetuate Existing Problems

    Large companies with many tens of thousands of patents (each) would have us believe that broadening access/reach of prior art (e.g. to patent examiners) would solve the issues; This may very well work for these large companies, but it overlooks the broader picture

  15. Links 20/10/2018: Mesa 18.2.3 Released, FreeBSD 12.0 Beta 1

    Links for the day

  16. Unified Patents Demolishes Some More Notorious Patent Trolls and Offers Bounties to Take Down More of Them

    Even though the new management of the US patent office treats patent trolls as a non-issue, groups that represent technology firms work hard to improve things (except for the litigation zealots)

  17. The Identity Crisis of the European Patent Office, Wrongly Believing It Exists to Serve Lawyers and Patent Trolls Outside Europe

    The European Patent Office doesn’t even feel like it’s European anymore; it’s just an international patent office that happens to be based (primarily) in Munich; insiders and outsiders alike need to ask themselves what these ‘European’ officials (employing firms outside Europe) have turned the Office into

  18. Links 19/10/2018: OpenBSD 6.4 and OpenSSH 7.9 Released

    Links for the day

  19. Ingve Björn Stjerna Has Just Warned That If Team UPC and the European Patent Office Rigged the Proceedings of the German Constitutional Court, Consequences Would be Significant

    The EPO is back to mentioning the Unified Patent Court and it keeps making it abundantly clear that it is only working for the litigation 'industry' rather than for science and technology (or "innovation" as they like to euphemise it)

  20. Links 18/10/2018: New Ubuntu and Postgres

    Links for the day

  21. It's Almost 2019 and Team UPC is Still Pretending Unitary Patent (UPC) Exists, Merely Waiting for Britain to Join

    Refusing to accept that the Unified Patent Court Agreement (UPCA) has reached its death or is at a dead end, UPC proponents — i.e. lawyers looking to profit from frivolous litigation — resort to outright lies and gymnastics in logic/intellectual gymnastics

  22. IAM and IP Kat Are Still Megaphones of Battistelli and His Agenda

    IAM reaffirms its commitment to corrupt Battistelli and IP Kat maintains its stance, which is basically not caring at all about EPO corruption (to the point of actively deleting blog comments that mention such corruption, i.e. 'sanitising' facts)

  23. The EPO Under António Campinos Relaxes the Rules on Software Patenting and the Litigation 'Industry' Loves That

    EPO management, which is nontechnical, found new terms by which to refer to software patents -- terms that even the marketing departments can endorse (having propped them up); they just call it all AI, augmented intelligence and so on

  24. Links 17/10/2018: Elementary OS 5.0 “Juno” Released, MongoDB’s Server Side Public Licence

    Links for the day

  25. Improving US Patent Quality Through Reassessments of Patents and Courts' Transparency

    Transparency in US courts and more public participation in the patent process (examination, litigation etc.) would help demonstrate that many patents are being granted — and sometimes asserted — that are totally bunk, bogus, fake

  26. Ask OIN How It Intends to Deal With Microsoft Proxies Such as Patent Trolls

    OIN continues to miss the key point (or intentionally avoid speaking about it); Microsoft is still selling 'protection' from the very same patent trolls that it is funding, arming, and sometimes even instructing (who to pass patents to and sue)

  27. Links 1610/2018: Linux 4.19 RC8, Xfce Screensaver 0.1.0 Released

    Links for the day

  28. Judge-Bashing Tactics, Undermining PTAB, and Iancu's Warpath for the Litigation and Insurance 'Industries'

    Many inter partes reviews (IPRs) at the Patent Trial and Appeal Board (PTAB) of the U.S. Patent and Trademark Office (USPTO) leverage 35 U.S.C. § 101 against software patents; instead of putting an end to such patents Director Iancu decides to just serve the 'industry' he came from (a meta-industry where his firm had worked for Donald Trump)

  29. 'Cloud', 'AI' and Other Buzzwords as Excuses for Granting Fake Patents on Software

    With resurgence of rather meaningless terms like so-called 'clouds' (servers/hosting) and 'AI' (typically anything in code which does something clever, including management of patents) the debate is being shifted away from 35 U.S.C. § 101 (Section 101); but courts would still see past such façade

  30. Corporate Media's Failure to Cover Patents Properly and Our New Hosting Woes

    A status update about EPO affairs and our Web host's plan to shut down (as a whole) very soon, leaving us orphaned or having to pay heavy bills

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts