EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.25.15

How to Securely Provide Techrights With Information, Documents

Posted in Site News at 6:35 am by Dr. Roy Schestowitz

The key is anonymity

A lock

Summary: Advice for potential whistleblowers, or sources with evidence of abuse that they wish to anonymously share with the world (via Techrights)

OVER the years Techrights has received critical information from dozens of sources, all of which remained safe (unexposed). But this does not mean that all of them did this safely. This article provides advice for those who wish to pass to us information in the safest of ways, without having to do a lot of complicated things.

Why Not Off-the-shelf, Self-contained Secure Software?

Over the past 6 months or so we have looked into various bits of Free/libre software, e.g. Briefkasten (no longer actively maintained, as of 2013) and SecureDrop, which is too big a project (massive also in the source code sense compared to Briefkasten, not to mention difficult to set up). After much effort we decided to settle for something which is simpler to use and is much faster to use. To facilitate leaking of sensitive documents (e.g. evidence of misconduct) we mostly require anonymity, as the content of the material does not — in its own right — do much (if anything) to expose the source.

Typically, whole frameworks are built for distributed and de-centralised leaking. This requires quite a bit of hardware, which in turn needs to be set up and properly configured. It’s complicated for both sides (source and receiver) and it’s usually developed for large teams of journalists, for constant interaction with sources, or a regular flow of material. We do not require something this advanced. In practice, a one-time document drop is usually enough.

Our Proposed Solution

We have decided that the following method would be good enough given the nature of leaks we normally receive. They are typically about technology, rather than some military or surveillance apparatus such as the CIA’s assassination (by drones) programme or the NSA’s mass surveillance programme.

For extra security, we kindly ask people to ensure anonymity/privacy tools are used, notably Tor. Without it, privacy/anonymity cannot be assured to a high degree. It’s possible, but it would not be unbreakable (meaning too great an effort and a challenge for spies to take on).

Establishing a Secure (Anonymous) Session

Follow the following steps, with (1) for extra assurance of anonymity.

  1. Install Tails or prepare a Tails device (e.g. Live CD) to boot on a laptop, in order to simplify session creation with Tor (for those who insist on using Windows we have this guide [PDF]).
  2. Irrespective of (1), seek public wireless/wired access in something like a mall (preferably not a sit-down like a coffee shop, where cameras are operated and situated in a way that makes it easy to track individuals by faces, payment with debit/credit cards and so on). The idea is to seek a place — any place — where it is hard to know the identity of the connected party, even by association (e.g. friend or family). Do not use a portable telephone (these are notoriously not secure and regularly broadcast location).
  3. Refrain from doing any browsing that can help identify patterns or affiliations of the user (e.g. session cookies). In fact, unless Tails is used, it might be worth installing a new browser (Opera for instance) and doing nothing on it prior to the sending of material. This reduces the cookie trail/footprint.

Send the material

Once logged in anonymously, anonymously (do not log in) submit text through Pastebin and take the resultant URL for later pasting. Do not pass PDFs for non-textual material. Instead take shots of them, to reduce/eliminate metadata which is often being passed along with them. Then submit to Anonmgur and make a note of the resultant URL for later pasting.

This is typically a one-way communication channel, so add any context which is necessary, then link to the above material as follows:

  • Log in to the #techrights IRC Channel via the Web browser.
  • Choose a pseudonym and sooner or later we will get around to seeing the new arrival and checking what there is to be said (there are dozens of us there).
  • Drop the link/s in the channel. If someone is on the keyboard at the time, there might even be time for interaction. Do not say anything that can help reveal identity (sometimes the language itself is revealing).

Caveats

While not impenetrable, it would take an enormous amount of effort (and connections in several high places) to unmask a source who follows the steps above. Unless it’s a high-profile political leak, such an unmasking effort would be well beyond what’s worth pursuing (expensive and complicated). MAC address-level spying often assumes access to very high places (and deep into back rooms), so therein lies no significant danger, especially when the best anonymity tools are properly used and the incentive to unmask isn’t great enough at high places (usually the political or military establishments).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Japan Demonstrates Sanity on SEP Policy While US Patent Policy is Influenced by Lobbyists

    Japan's commendable response to a classic pattern of patent misuse; US patent policy is still being subjected to never-ending intervention and there is now a lobbyist in charge of antitrust matters and a lawyer in charge of the US patent office (both Trump appointees)



  2. The Patent Microcosm's Embrace of Buzzwords and False Marketing Strives to Make Patent Examiners Redundant and Patent Quality Extremely Low

    Patent maximalists, who are profiting from abundance of low-quality patents (and frivolous lawsuits/legal threats these can entail), are riding the hype wave and participating in the rush to put patent systems at the hands of machines



  3. Today, at 12:30 CET, Bavarian State Parliament Will Speak About EPO Abuses

    The politicians of Bavaria are prepared to wrestle with some serious questions about the illegality of the EPO's actions and what that may mean to constitutional aspects of German law



  4. Another Loud Warning From EPO Workers About the Decline of Patent Quality

    Yet more patent quality warnings are being issued by EPO insiders (examiners) who are seeing their senior colleagues vanishing and wonder what will be left of their employer



  5. Links 19/2/2018: Linux 4.16 RC2, Nintendo Switch Now Full-fledged GNU/Linux

    Links for the day



  6. PTAB Continues to Invalidate a Lot of Software Patents and to Stop Patent Examiners From Issuing Them

    Erasure of software patents by the Patent Trial and Appeal Board (PTAB) carries on unabated in spite of attempts to cause controversy and disdain towards PTAB



  7. The Patent 'Industry' Likes to Mention Berkheimer and Aatrix to Give the Mere Impression of Section 101/Alice Weakness

    Contrary to what patent maximalists keep saying about Berkheimer and Aatrix (two decisions of the Federal Circuit from earlier this month, both dealing with Alice-type challenges), neither actually changed anything in any substantial way



  8. Makan Delrahim is Wrong; Patents Are a Major Antitrust Problem, Sometimes Disguised Using Trolls Somewhere Like the Eastern District of Texas

    Debates and open disagreements over the stance of the lobbyist who is the current United States Assistant Attorney General for the Antitrust Division



  9. Patent Trolls Watch: Microsoft-Connected Intellectual Ventures, Finjan, and Rumour of Technicolor-InterDigital Buyout

    Connections between various patent trolls and some patent troll statistics which have been circulated lately



  10. Software Patents Trickle in After § 101/Alice, But Courts Would Not Honour Them Anyway

    The dawn of § 101/Alice, which in principle eliminates almost every software patent, means that applicants find themselves having to utilise loopholes to fool examiners, but that's unlikely to impress judges (if they ever come to assessing these patents)



  11. In Aatrix v Green Shades the Court is Not Tolerating Software Patents But Merely Inquires/Wonders Whether the Patents at Hand Are Abstract

    Aatrix alleges patent infringement by Green Shades, but whether the patents at hand are abstract or not remains to be seen; this is not what patent maximalists claim it to be ("A Valentine for Software Patent Owners" or "valentine for patentee")



  12. An Indoctrinated Minority is Maintaining the Illusion That Patent Policy is to Blame for All or Most Problems of the United States

    The zealots who want to patent everything under the Sun and sue everyone under the Sun blame nations in the east (where the Sun rises) for all their misfortunes; this has reached somewhat ludicrous levels



  13. Berkheimer Decision is Still Being Spun by the Anti-Section 101/Alice Lobby

    12 days after Berkheimer v HP Inc. the patent maximalists continue to paint this decision as a game changer with regards to patent scope; the reality, however, is that this decision will soon be forgotten about and will have no substantial effect on either PTAB or Alice (because it's about neither of these)



  14. Academic Patent Immunity is Laughable and Academics Are Influenced by Corporate Money (for Steering Patent Agenda)

    Universities appear to have become battlegrounds in the war between practicing entities and a bunch of parasites who make a living out of litigation and patent bubbles



  15. UPC Optimism Languishes Even Among Paid UPC Propagandists Such as IAM

    Even voices which are attempting to give UPC momentum that it clearly lacks admit that things aren't looking well; the UK is not ratifying and Germany make take years to look into constitutional barriers



  16. Bejin Bieneman Props Up the Disgraced Randall Rader for Litigation Agenda

    Randall Rader keeps hanging out with the litigation 'industry' -- the very same 'industry' which he served in a closeted fashion when he was Chief Judge of the Federal Circuit (and vocal proponent of software patents, patent trolls and so on)



  17. With Stambler v Mastercard, Patent Maximalists Are Hoping to Prop Up Software Patents and Damage PTAB

    The patent 'industry' is hoping to persuade the highest US court to weaken the Patent Trial and Appeal Board (PTAB), for PTAB is making patent lawsuits a lot harder and raises the threshold for patent eligibility



  18. Apple Discovers That Its Patent Disputes Are a Losing Battle Which Only Lawyers Win (Profit From)

    By pouring a lot of money and energy into the 'litigation card' Apple lost focus and it's also losing some key cases, as its patents are simply not strong enough



  19. The Patent Microcosm Takes Berkheimer v HP Out of Context to Pretend PTAB Disregards Fact-Finding Process

    In view or in light of a recent decision (excerpt above), patent maximalists who are afraid of the Patent Trial and Appeal Board (PTAB) try to paint it as inherently unjust and uncaring for facts



  20. Microsoft Has Left RPX, But RPX Now Pays a Microsoft Patent Troll, Intellectual Ventures

    The patent/litigation arms race keeps getting a little more complicated, as the 'arms' are being passed around to new and old entities that do nothing but shake-downs



  21. UPC Has Done Nothing for Europe Except Destruction of the EPO and Imminent Layoffs Due to Lack of Applications and Lowered Value of European Patents

    The Unified Patent Court (UPC) is merely a distant dream or a fantasy for litigators; to everyone else the UPC lobby has done nothing but damage, including potentially irreparable damage to the European Patent Office, which is declining very sharply



  22. Links 17/2/2018: Mesa 17.3.4, Wine 3.2, Go 1.10

    Links for the day



  23. Patent Trolls Are Thwarted by Judges, But Patent Lawyers View Them as a 'Business' Opportunity

    Patent lawyers are salivating over the idea that trolls may be coming to their state/s; owing to courts and the Patent Trial and Appeal Board (PTAB) other trolls' software patents get invalidated



  24. Microsoft's Patent Moves: Dominion Harbor, Intellectual Ventures, Intellectual Discovery, NEC and Uber

    A look at some of the latest moves and twists, as patents change hands and there are still signs of Microsoft's 'hidden hand'



  25. Links 15/2/2018: GNOME 3.28 Beta, Rust 1.24

    Links for the day



  26. Bavarian State Parliament Has Upcoming Debate About Issues Which Can Thwart UPC for Good

    An upcoming debate about Battistelli's attacks on the EPO Boards of Appeal will open an old can of worms, which serves to show why UPC is a non-starter



  27. The EPO is Being Destroyed and There's Nothing Left to Replace It Except National Patent Offices

    It looks like Battistelli is setting up the European Patent Office (EPO) for mass layoffs; in fact, it looks as though he is so certain that the UPC will materialise that he obsesses over "validation" for mass litigation worldwide, departing from a "model office" that used to lead the world in terms of patent quality and workers' welfare/conditions



  28. IBM is Getting Desperate and Now Suing Microsoft Over Lost Staff, Not Just Suing Everyone Using Patents

    IBM's policy when it comes to patents, not to mention its alignment with patent extremists, gives room for thought if not deep concern; the company rapidly becomes more and more like a troll



  29. In Microsoft's Lawsuit Against Corel the Only Winner is the Lawyers

    The outcome of the old Microsoft v Corel lawsuit reaffirms a trend; companies with deep pockets harass their competitors, knowing that the legal bills are more cumbersome to the defendants; there's a similar example today in Cisco v Arista Networks



  30. The Latest Lies About Unitary Patent (UPC) and the EPO

    Lobbying defies facts; we are once again seeing some easily-debunked talking points from those who stand to benefit from the UPC and mass litigation


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts