EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.25.15

How to Securely Provide Techrights With Information, Documents

Posted in Site News at 6:35 am by Dr. Roy Schestowitz

The key is anonymity

A lock

Summary: Advice for potential whistleblowers, or sources with evidence of abuse that they wish to anonymously share with the world (via Techrights)

OVER the years Techrights has received critical information from dozens of sources, all of which remained safe (unexposed). But this does not mean that all of them did this safely. This article provides advice for those who wish to pass to us information in the safest of ways, without having to do a lot of complicated things.

Why Not Off-the-shelf, Self-contained Secure Software?

Over the past 6 months or so we have looked into various bits of Free/libre software, e.g. Briefkasten (no longer actively maintained, as of 2013) and SecureDrop, which is too big a project (massive also in the source code sense compared to Briefkasten, not to mention difficult to set up). After much effort we decided to settle for something which is simpler to use and is much faster to use. To facilitate leaking of sensitive documents (e.g. evidence of misconduct) we mostly require anonymity, as the content of the material does not — in its own right — do much (if anything) to expose the source.

Typically, whole frameworks are built for distributed and de-centralised leaking. This requires quite a bit of hardware, which in turn needs to be set up and properly configured. It’s complicated for both sides (source and receiver) and it’s usually developed for large teams of journalists, for constant interaction with sources, or a regular flow of material. We do not require something this advanced. In practice, a one-time document drop is usually enough.

Our Proposed Solution

We have decided that the following method would be good enough given the nature of leaks we normally receive. They are typically about technology, rather than some military or surveillance apparatus such as the CIA’s assassination (by drones) programme or the NSA’s mass surveillance programme.

For extra security, we kindly ask people to ensure anonymity/privacy tools are used, notably Tor. Without it, privacy/anonymity cannot be assured to a high degree. It’s possible, but it would not be unbreakable (meaning too great an effort and a challenge for spies to take on).

Establishing a Secure (Anonymous) Session

Follow the following steps, with (1) for extra assurance of anonymity.

  1. Install Tails or prepare a Tails device (e.g. Live CD) to boot on a laptop, in order to simplify session creation with Tor (for those who insist on using Windows we have this guide [PDF]).
  2. Irrespective of (1), seek public wireless/wired access in something like a mall (preferably not a sit-down like a coffee shop, where cameras are operated and situated in a way that makes it easy to track individuals by faces, payment with debit/credit cards and so on). The idea is to seek a place — any place — where it is hard to know the identity of the connected party, even by association (e.g. friend or family). Do not use a portable telephone (these are notoriously not secure and regularly broadcast location).
  3. Refrain from doing any browsing that can help identify patterns or affiliations of the user (e.g. session cookies). In fact, unless Tails is used, it might be worth installing a new browser (Opera for instance) and doing nothing on it prior to the sending of material. This reduces the cookie trail/footprint.

Send the material

Once logged in anonymously, anonymously (do not log in) submit text through Pastebin and take the resultant URL for later pasting. Do not pass PDFs for non-textual material. Instead take shots of them, to reduce/eliminate metadata which is often being passed along with them. Then submit to Anonmgur and make a note of the resultant URL for later pasting.

This is typically a one-way communication channel, so add any context which is necessary, then link to the above material as follows:

  • Log in to the #techrights IRC Channel via the Web browser.
  • Choose a pseudonym and sooner or later we will get around to seeing the new arrival and checking what there is to be said (there are dozens of us there).
  • Drop the link/s in the channel. If someone is on the keyboard at the time, there might even be time for interaction. Do not say anything that can help reveal identity (sometimes the language itself is revealing).

Caveats

While not impenetrable, it would take an enormous amount of effort (and connections in several high places) to unmask a source who follows the steps above. Unless it’s a high-profile political leak, such an unmasking effort would be well beyond what’s worth pursuing (expensive and complicated). MAC address-level spying often assumes access to very high places (and deep into back rooms), so therein lies no significant danger, especially when the best anonymity tools are properly used and the incentive to unmask isn’t great enough at high places (usually the political or military establishments).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 28/5/2020: OpenSSH 8.3, New Mesa Release, Raspberry Pi 4 News, Fedora 32 Elections

    Links for the day

  2. The EPO Became a Very Radical Institution

    Projection tactics are doomed to say more about the people who utilise them than about anybody else; the EPO has become so autocratic and corrupt that corruption is seen as normal and workers who explain this corruption are framed as "irrational" or "crazy" or "radical"

  3. IRC Proceedings: Wednesday, May 27, 2020

    IRC logs for Wednesday, May 27, 2020

  4. Allegations That Microsoft Will Ruin Besieged Clinics and Hospitals to Retaliate Against Those Who Name the Culprit

    With a broader picture coming into view, as per the above index, we're starting to wrap up the series while issuing a call for more stories and eyewitness testimonies, exposing the nature of attacks on hospitals (those almost always target Microsoft and others' proprietary software, which is technically unfit for purpose)

  5. Microsoft Has Ideas...

    Based on the pattern of media coverage, composed by Microsoft MVPs and Microsoft-affiliated blogs/sites, confusing the public about the meaning of GNU/Linux is reminiscent of an "Extend" phase

  6. ZDNet Proves Our Point by Doing Not a Single Article About Linux (RC7), Only About Linus and Windows Clickbait Junk

    It seems abundantly clear that nobody wants to cover the actual news about Linux and instead it’s all about which PC Linus Torvalds is using (gossip/tabloid); ZDNet‘s latest two articles are an example of this…

  7. UPC Lies That Make One Laugh...

    IP Kat and Bristows (overlaps exist) are still pretending that the UPC is coming because reality doesn’t seem to matter anymore, only self-serving agenda

  8. Canonical Continues to Help Promote Windows Instead of GNU/Linux or Ubuntu

    Thrice in the past week alone Canonical used the official “Ubuntu Blog” to help Microsoft instead of GNU/Linux and it is part of a disturbing trend which lends credibility to jokes or rumours about a Microsoft takeover; it's not like many people use this thing, either (Canonical helps Microsoft shore up a dying/languishing EEE attempt)

  9. Links 27/5/2020: CoreOS Container Linux Reaches Its End-Of-Life, 2020 GNOME Foundation Elections Coming

    Links for the day

  10. IRC Proceedings: Tuesday, May 26, 2020

    IRC logs for Tuesday, May 26, 2020

  11. GNEW Seedlings vs. Free Software Deforestation

    “The idea of the GNEW Project really is about keeping the goals of the GNU Project alive — hopefully, they won’t destroy or co-opt too much of the GNU Project, that people like the Hyperbola devs can’t fix it with BSD.”

  12. Joi Ito Already Admitted on the Record That Bill Gates Had Paid MIT Through Jeffrey Epstein

    An important exhibit for the accurate historical record (because MIT has been trying to deny truth itself)

  13. It's Convenient to Call All Your Critics Nuts and/or Jealous

    Bill Gates antagonists are not motivated by hatred or jealousy but a sense of injustice; spoiled brats who break the law aren’t a source of envy any more than mass murderers are subject of admiration

  14. Real History of Microsoft and How It Became 'Successful'

    New video that contains a portion about the history of Microsoft -- the part paid-for 'journalists' (paid by Microsoft and Bill Gates) rarely or never speak about

  15. Hostility and Aggression Towards Staff That Does Not Use Windows After Windows Takes Entire Hospital Down

    Microsoft Windows, with NSA back doors, continues to take hospitals offline (with records copied by criminals if not stolen by effectively locking the originals out of reach for ransom money); but guess who’s being punished for it…

  16. They Came, They Saw, We Died...

    It cannot be overstated that we're under attack (or a "Jihad" against Linux as Bill Gates himself put it) and failing to act upon it will be costly as time may be running out and our groups are being 'bought off' by Microsoft in rapid succession, as per the plan/strategy

  17. The GitHub Takeover Was an Extension of Microsoft's War on GPL/Copyleft (Because Sharing Code to Anyone But Microsoft is 'Piracy')

    Licences that make it easier for Microsoft to 'steal' (or a lot harder for Free software to compete against proprietary software) are still being promoted by Microsoft; its GitHub tentacles (see GitHub's logo) further contribute to this agenda

  18. ZDNet is Totally a Microsoft Propaganda Machine

    The site ZDNet has become worse than useless; it lies, defames and launders the reputation of famous criminals (that's the business model these days)

  19. When Microsoft's Mask Falls (or When Times Are Rough)

    Microsoft loves Linux in the same sense that cats love mice (they might play with them until they get hungry)

  20. Careers in Free Software Aren't Careers in the Traditional Sense

    With historic unemployment rates and people 'stranded' inside their homes there's still demand and need for technology; these times of adaptation present an opportunity for Software Freedom

  21. Embrace, Extend, Extinguish 2020 Edition

    Embrace, Extend, Extinguish (E.E.E.) is alive and well, but the corrupt (paid by Microsoft) media isn't talking about it anymore; in fact, it actively cheers and encourages people/companies to enter the trap

  22. Links 26/5/2020: SHIFT13mi GNU/Linux Tablet, Linux Kodachi 7.0 and Some Qt Releases

    Links for the day

  23. EPO Propaganda on Steroids (or on EPO)

    What EPO management is saying and what is actually happening

  24. Breton (EU) 'Joins' Team UPC to Help His Buddy Battistelli... Again

    As expected, Breton acts as little but an EPO tool, looking to prop up supremacy of patent litigation over science and innovation

  25. Removing Free/Libre Software as an Inadequate Response to Microsoft Windows (With Back Doors) Getting Compromised, Killing People

    GNU/Linux takes the blame (in a sense) for incidents that are purely the fault of Microsoft and its deficient software with deliberate back doors; it's believed that this boils down to opportunistic retaliation against those looking for a solution to the problem (or merely speaking about the problem)

  26. IRC Proceedings: Monday, May 25, 2020

    IRC logs for Monday, May 25, 2020

  27. Under Distributed Denial of Service Attacks Lately, But We're Too Robust For Those

    Efforts to take Techrights offline have been ramped up lately; but it's not working and it hardly even distracts us from publishing

  28. The Art of Giving: Why Free Software Will Inevitably Survive Attacks Against It

    Societies that share and look after their peers/neighbours will always be better off than predatory societies, which breed exploitation, distrust, discord and eventually systemic collapse

  29. 'Journalism' in 2020: Far More Articles About What Computer Linus Torvalds Bought Than About Linux Releases

    Yesterday's (or late Sunday's) Linux announcement (RC7) is symptomatic of a broader issue we've long spoken about; it restricts people's ability to express an opinion, which can cloud any meritorious and substantial debate about technical matters journalists cannot grasp or comment on (it takes more effort and research)

  30. Links 25/5/2020: Wrapland Redone, DebConf20 Plans, Many More Games

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts