EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.25.15

How to Securely Provide Techrights With Information, Documents

Posted in Site News at 6:35 am by Dr. Roy Schestowitz

The key is anonymity

A lock

Summary: Advice for potential whistleblowers, or sources with evidence of abuse that they wish to anonymously share with the world (via Techrights)

OVER the years Techrights has received critical information from dozens of sources, all of which remained safe (unexposed). But this does not mean that all of them did this safely. This article provides advice for those who wish to pass to us information in the safest of ways, without having to do a lot of complicated things.

Why Not Off-the-shelf, Self-contained Secure Software?

Over the past 6 months or so we have looked into various bits of Free/libre software, e.g. Briefkasten (no longer actively maintained, as of 2013) and SecureDrop, which is too big a project (massive also in the source code sense compared to Briefkasten, not to mention difficult to set up). After much effort we decided to settle for something which is simpler to use and is much faster to use. To facilitate leaking of sensitive documents (e.g. evidence of misconduct) we mostly require anonymity, as the content of the material does not — in its own right — do much (if anything) to expose the source.

Typically, whole frameworks are built for distributed and de-centralised leaking. This requires quite a bit of hardware, which in turn needs to be set up and properly configured. It’s complicated for both sides (source and receiver) and it’s usually developed for large teams of journalists, for constant interaction with sources, or a regular flow of material. We do not require something this advanced. In practice, a one-time document drop is usually enough.

Our Proposed Solution

We have decided that the following method would be good enough given the nature of leaks we normally receive. They are typically about technology, rather than some military or surveillance apparatus such as the CIA’s assassination (by drones) programme or the NSA’s mass surveillance programme.

For extra security, we kindly ask people to ensure anonymity/privacy tools are used, notably Tor. Without it, privacy/anonymity cannot be assured to a high degree. It’s possible, but it would not be unbreakable (meaning too great an effort and a challenge for spies to take on).

Establishing a Secure (Anonymous) Session

Follow the following steps, with (1) for extra assurance of anonymity.

  1. Install Tails or prepare a Tails device (e.g. Live CD) to boot on a laptop, in order to simplify session creation with Tor (for those who insist on using Windows we have this guide [PDF]).
  2. Irrespective of (1), seek public wireless/wired access in something like a mall (preferably not a sit-down like a coffee shop, where cameras are operated and situated in a way that makes it easy to track individuals by faces, payment with debit/credit cards and so on). The idea is to seek a place — any place — where it is hard to know the identity of the connected party, even by association (e.g. friend or family). Do not use a portable telephone (these are notoriously not secure and regularly broadcast location).
  3. Refrain from doing any browsing that can help identify patterns or affiliations of the user (e.g. session cookies). In fact, unless Tails is used, it might be worth installing a new browser (Opera for instance) and doing nothing on it prior to the sending of material. This reduces the cookie trail/footprint.

Send the material

Once logged in anonymously, anonymously (do not log in) submit text through Pastebin and take the resultant URL for later pasting. Do not pass PDFs for non-textual material. Instead take shots of them, to reduce/eliminate metadata which is often being passed along with them. Then submit to Anonmgur and make a note of the resultant URL for later pasting.

This is typically a one-way communication channel, so add any context which is necessary, then link to the above material as follows:

  • Log in to the #techrights IRC Channel via the Web browser.
  • Choose a pseudonym and sooner or later we will get around to seeing the new arrival and checking what there is to be said (there are dozens of us there).
  • Drop the link/s in the channel. If someone is on the keyboard at the time, there might even be time for interaction. Do not say anything that can help reveal identity (sometimes the language itself is revealing).

Caveats

While not impenetrable, it would take an enormous amount of effort (and connections in several high places) to unmask a source who follows the steps above. Unless it’s a high-profile political leak, such an unmasking effort would be well beyond what’s worth pursuing (expensive and complicated). MAC address-level spying often assumes access to very high places (and deep into back rooms), so therein lies no significant danger, especially when the best anonymity tools are properly used and the incentive to unmask isn’t great enough at high places (usually the political or military establishments).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 20/2/2019: digiKam 6.0.0, Cockpit 188, Mesa 19.0 RC5

    Links for the day

  2. How Long Can the EPO Bend the Rules Before the Avalanche of Invalid Software Patents?

    A 35 U.S.C. § 101/SCOTUS moment in Europe will likely squash loads of abstract European Patents granted by the EPO; shouldn’t the EPO foresee this and immediately cease granting such obviously bogus patents, whose main beneficiary is a bunch of patent trolls?

  3. Battistelli Trashed 223 Millions (of Stakeholders' Euros) on a System That Destroyed the European Patent Office and Made Few Private Corporations a Lot Richer

    A quarter of a billion euros later the EPO finally admits in private that this was a massive failure

  4. Links 19/2/2019: Mesa 18.3.4, Cutelyst 2.7.0, Plasma Pass 1.0.0

    Links for the day

  5. What Happened in the United States Now Happens in Europe: Lots of Patents Turn Out to Be Bunk, Fake, Bogus, Invalid and Thus Worthless

    Worthless patents — not opposition to such patents — are the greatest threat to the legitimacy of the patent system, yet bureaucrats fail to heed the warning in the name of short-term profits

  6. Stephen Rowan's and Nellie Simon's Letter to EPO Staff: eDossier Has “Not Reached the Required Quality Levels.”

    We've just commented on it; here is the raw letter in full, explaining that eDossier and related frameworks will be abandoned entirely and indefinitely within less than a fortnight

  7. Search Matters Not at the European Patent Office

    The EPO has found out that "System Battistelli" has been catastrophic for the quality of patents; it stops short of openly admitting it as such and in fact it keeps the message strictly confidential (explained to insiders, who will inevitably notice a system being abandoned)

  8. António Campinos Still Needs to Undo Battistelli's Union-Busting Activities at the EPO

    Solidarity and support for Laurent Prunier are needed because the new French president lacks empathy even for fellow Frenchmen whose sole 'crime' is that they represented EPO staff

  9. Links 18/2/2019: Linux 5.0 RC7, RISC-V Spreading Fast

    Links for the day

  10. António Campinos Still Needs to Hold Team Battistelli Accountable for Illegally Bringing Weapons to the EPO

    It is imperative that, in order to repair the reputation of the European Patent Office (EPO), António Campinos should pursue accountability for the managers who brought Benalla and firearms to the Office (very serious breach of German law, jail sentence included)

  11. Links 17/2/2019: Compiz 0.9.14.0, Geary 0.13.0, GNU FreeDink 109.6, Debian 9.8, Texinfo 6.6

    Links for the day

  12. Amazon's Patent Policy Should be Enough of a Reason to Boycott Amazon and AWS

    There are many things to criticise Amazon and its founder for; but rarely does the mainstream media bring up the company's appalling patent policy

  13. Don't Use Cloudflare Because You Impose This on People Who Least Want It

    Reasons to stop making the World Wide Web so heavily dependent on some dubious companies like Cloudflare, which already has a worrisome track record

  14. How Many/Most EPO Examiners View 'President' António Campinos

    Based on what readers/insiders have told us, there’s a prevalent perception that António Campinos is afraid of (thus controlled/directed by) Bergot, who is still doing Battistelli’s biddings at the European Patent Office (EPO)

  15. Techrights' Priorities Over the Years

    An old priority of ours, eliminating software patents in the United States, is no longer quite so relevant because such patents are perishing in US courts, with or without outside intervention such as activism

  16. Courts in Disagreement: Warning on Wrongly-Granted European Patents and the Looming Collapse of All Software Patents in Europe

    By devaluing patents and reducing their perceived worth (as is happening in China and Europe) patent offices risk decreasing participation in the very system they fundamentally depend on

  17. Computing Will Not Necessarily Make the World a Better Place

    The vision of "happy world" (because each person has a so-called 'smart' 'phone') is a yuppie delusion that overlooks business models and corporate interests

  18. EPO Grants Fake European Patents -- Including Software Patents -- and European Courts Keep Rejecting These

    The demise of the legitimacy or perceived validity of European Patents is measurable and the system isn't the same anymore; the EPO makes no effort to change this for the better, either

  19. Nobody But Patent Trolls and Litigators Will Benefit From the Corruption of the European Patent Office

    IAM, EPO leadership, Iancu and the rest of these raiders are enabling corruption and facilitating or supporting a racket; that money they collect comes at the expense of future victims of their "clients" or "customers" (that's what they call applicants, to whom they grant dubious monopolies as a matter of urgency)

  20. WSL is a Misleading Acronym/Name Because There's No Linux in It, It's Just Windows

    When Microsoft says "Linux" (as in "Microsoft loves Linux") what it actually means is Windows and/or Azure

  21. Links 16/2/2019: Ubuntu 18.04.2 LTS, PyCharm 2019.1 EAP 4

    Links for the day

  22. Outline/Index of the Alexandre Benalla/Battistelli Scandal

    Our writings about the scandals implicating Benalla and the European Patent Office (EPO)

  23. Reading Techrights on a Mobile Device Running Android

    A new Android app for reading this site is being tested

  24. Links 14/2/2019: “I Love Free Software Day” and Mesa 19.0 RC4 Released

    Links for the day

  25. “EPO Lawlessness Again”

    Blackberry uses bogus European Patents (on software) for lawsuits; "all of them pure software patents. Patents on programs for computers as such," as Müller puts it

  26. Unitary Patent (UPC) is All About Imposing Patent Maximalists' Ideology of Greed and Self Interest on Courts in the Name of 'Unification' or 'Consistency' or 'Community'

    Pushers of the Unified Patent Court (UPC) are upset that they don’t always get their way when independent judges get to decide; as it turns out, many European Patents are just fake patents, more so under António Campinos

  27. Battistelli's Bodyguard, Part V: Mediapart Explains the 'Raid' Attempt, Reporters Without Borders Involved

    Mediapart, an investigative site that unearths a lot of incriminating things about Battistelli's former bodyguard Alexandre Benalla, was the target of a raid attempt some weeks ago

  28. Links 13/2/2019: Tails 3.12.1, MongoDB Being Dumped

    Links for the day

  29. Battistelli's Bodyguard, Part IV: Suspected Offenses of Forgery and Possible Falsification

    In a very underworld fashion, Benalla continues to break the law and create yet more scandals

  30. Battistelli's Bodyguard, Part III: Mars, France Close Protection (Benalla's Family), and Russian Oligarchy

    An article which examines the business background of Benalla, the outrageous salaries, the severance indemnity pay, and contract with a Russian oligarch close to Vladimir Putin

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts