Swartz-Designed Whistleblower Tool "SecureDrop" Launched

An anonymous reader writes in with word of a new tool for whistleblowers: "The 'strongest-ever' whistleblowing tool for sources to speak anonymously with journalists, partly developed by the late Reddit co-founder Aaron Swartz, has been launched by the Freedom of The Press Foundation. Before his suicide in January 2013, Swartz had been working on a tool for sources to anonymously submit documents to journalists online, without using traceable email and in a way that could be easily catalogued by news organisations. Called SecureDrop, the tool can be installed on any news organisation's website as a 'Contact Us' form page. But where these pages usually require a name and email address, the encrypted SecureDrop system is completely anonymous, assigning the whistleblower two unique identifiers - one seen by the journalist, and one seen by the whistleblower. These identities stay the same, so a conversation can be had without names being shared or known."

LET THE GAMES BEGIN!

[Jeremiah Cornelius]

Now, OUT the Bastards!

The problem - yellow dog journalists

[Taco Cowboy]

The problems that are plaguing our world is not only the power that be.

The journalists are also part of the problem.

You see, most journalists we have today do not even comprehend the ethic behind journalism.

And worst of all, some of the journalists are willingly cooperating with the power-that-be (you can see the evidences of the so-called "news media" we have nowadays) - and I still remember a case back in the Bush (senior) days where CNN actually turned over the identity of a whistle blower to the Department of Defense.

Re:

[mrmeval]

Fat asses want a fat paycheck without working for it. Real investigative journalism is a passion, it is expensive and it is exhausting.

I remember with Geraldo Rivera had a new TV show and had assembled an exceptional group of people and he did this and it was awesome. By the third episode he was a tripe spewing shill ... again.

Slowly all that exceptional talent meandered away.

Re:

[schnell]

Real investigative journalism is a passion, it is expensive and it is exhausting.

100% agree. Slashdotters, please remember this the next time you complain about any news source that does original, investigative journalism wanting to - gasp - show you ads or charge you for a subscription.

Recycling press releases can be done for free. REAL journalism takes dedication and money to pay the people who are doing the work.

Re:

[Anonymous Coward]

The problems that are plaguing our world is not only the power that be.

The journalists are also part of the problem.

You see, most journalists we have today do not even comprehend the ethic behind journalism.

And worst of all, some of the journalists are willingly cooperating with the power-that-be (you can see the evidences of the so-called "news media" we have nowadays) - and I still remember a case back in the Bush (senior) days where CNN actually turned over the identity of a whistle blower to the Department of Defense.

It always been this way, the only time the media/press reports anything is after the fact people haven't bought into there government agenda, you could use several examples, the Vietnam War, the Iraq wars, the media/press peddled government propaganda in order to gain support from the general public, then people get wind of whats going on and start going against it, then the media/press reports what people already know.

Re:

[manu0601]

You see, most journalists we have today do not even comprehend the ethic behind journalism.

The reason is perhaps that ethic had gone economically irrelevant in many medias. How do you want them to focus on ethic when their main motive is just to survive?

Re:

[CarbonShell]

Reminds me of a quote I read somewhere and am to lazy to source:
"Journalists print things people do not want to have printed. Everything else is public relations."

Re:

[Yomers]

I can answer one of your questions - why some Russians have dash cameras on their cars.

- Dash cam means in case of any kind of traffic accident that can lead to legal conflict you have video of accident and an ability to use it or not. If recorded evidence is not in your favour - delete it. If it shows how this cute child jumped on the road from behind the truck right in front of your car - it might help you to avoid some jailtime.
- Set ups are not frequent any more - everybody have liability insurance s

Re:

[icebike]

I have to agree with your last paragraph, Russian dash cam videos are addictive. You can learn a lot about dangerous driving practices that cause accidents. Watching them makes you a more defensive driver.

I've seen it alleged that the reason these are so popular in Russia is that the police are so easily corrupted and bribed into writing up the accident as being the fault of who ever offers the smallest bribe.

Of course I have no way of knowing if this is true. In most places in the US and Canada, any sug

Re:

[cold fjord]

Russian automobile insurance companies have required dash cams.

Re:

[icebike]

Source?

Re:

[ArbitraryName]

Maybe not de jure required, but certainly de facto [animalnewyork.com].

Re:

[gl4ss]

the cams _are_ the insurance for the insurance.

they might not require them per se but they aren't paying money out without the footage.. though apparently you can get lower rates at least with it.

source: various online publications.

How I hope Mr. Aaron Swartz is still alive !

[Taco Cowboy]

The NSA could trace this.

Believe it.

It's too unfortunate that Mr. Swartz had to end his life, no thank to those who run MIT.

If Mr. Swartz were still alive, he would have put in a lot of effort to counter many of the NSA's threats.

Re:

[ihtoit]

you might not agree with everything he says, but he has every right to say it just as you have every right to change the fucking channel.

Re:How I hope Mr. Aaron Swartz is still alive !

[rmdingler]

All we know for certain, is that if Mr. Schwartz was still alive, he would be clawing the hell out of his coffin lid.

Re:

[Anonymous Coward]

i was sad to hear he committed suicide, nonetheless. We are none of us perfect, and it is still what we do that counts. I have a modicum of sympathy for the idea that the Govt coming down on you with a vengeance is definitely a life changing experience for anyone of us - unfortunately too much for this man.

Let us not forget the whole point about this spat between the journalists and the govt is because in many respects they are acting exactly like a pathological bully.

We the people...

Re:

[AHuxley]

Yes expect to see a lot of front organisations offering US legal and press advice.
Security cleared, stay in the USA, talk to the press and congress will 'protect you'.
Security cleared just means your trial will be in a closed court.
Staying in the USA subjects you to color of law.
The tame press will re work your interview into strange soundbites.
Congress will 'protect you' all the way to your closed court with a short list of security cleared lawyers to select from.
Fake leads seem harder after http://e [wikipedia.org]

This is only one layer.

[Forbo]

I certainly hope that the news orgs will include a warning that they should be using this only as one part of an attempt at anonymity. With the NSA's beam splitters hard at work in every major ISP backbone, it would be quite trivial for them to trace this back.

Re:This is only one layer.

[drinkypoo]

Why print? uSDHC cards are cheap. 16GB for ten bucks is not unusual, for sixteen bucks is easy. Printing won't save you from identifiers hidden in the documents, if that's what you're worried about.

I imagine if I wanted anonymity I'd take a directional wifi rig into the hills and point it at town...

Re:

[madclicker]

I would think there is a serial number embedded somewhere, that points to the pos for the unit. Then you can trace from there.

Re:

[lxs]

I think you severely overestimate the logistic capabilities of electronics retailers. They don't keep track of the serial number (if it even has one) or batch number of every bargain bin item that passes through a store.

Re:

[cbope]

Maybe so, but you can bet the manufacturer keeps track of the items shipped by serial number and to whom they have been shipped.

Re:

[lxs]

The manufacturer usually is somewhere in China and they generally don't deal with individual stores. It either goes to a wholesaler or to the central warehouse of a chain of retailers. We're talking about bulk goods here, not about printers or PCs. Worst case, there is an RFID embedded in the packaging. IME (the place where I work sells SD cards amongst other stuff) 9 times out of 10 the packaging ends up in the trash before leaving the store. The card goes into the device while the customer stands at the c

Re:This is only one layer.

[complete loony]

Source code seems to be available online here [github.com]. A quick look at the User Manual [github.com] indicates that all communication is routed via tor which raises the bar for tracing connections significantly.

Traditional Mail?

[OldJuke]

What about printing the documents and submitting them via traditional post? USPS, UPS, or Fedex? Honestly that seems to be the most anonymous/un-traceable way to send documents.

Re:

[Anonymous Coward]

They can still narrow it down to the nearest post office or mailbox or courier depot where you drop off the package. Last time I talked to the courier, they are keeping records of 2 years. There is also the usual fingerprints etc they can collect from the letter assuming if they find the actual package.

Re:

[lxs]

So you wear gloves and stick it in a letterbox far from your home. In a big city the other side of town should be far enough. Don't wear your AFDB when using public transport. It makes you look suspicious or a least memorable to potential witnesses.

Re:

[K. S. Kyosuke]

Don't wear your AFDB when using public transport. It makes you look suspicious or a least memorable to potential witnesses.

Well, I can definitely see how wearing your African Development Bank [afdb.org] on public transport could raise some eyebrows...

Re:

[lxs]

You're not familiar with the Aluminum Foil Deflector Beanie [zapatopi.net]? You have seven (7) days turn in your geek card at your nearest LUG [wikipedia.org]. Delays will not be tolerated.

Re:

[capedgirardeau]

Also do not forget that we know some color printers and copiers are encoding traceable information in the pages they print. I thought more than just color printers did that, but I can't find a reference.

I would err on the safe side and assume the practice has expanded since first discovered.

https://www.eff.org/issues/printers [eff.org]

*-_-*

[jmhobrien]

I wonder if this is what Glen Greenwald is joining... http://news.slashdot.org/story/13/10/16/1216218/glenn-greenwald-leaves-the-guardian-to-start-his-own-site [slashdot.org]

Why is his death considered a suicide?

[t0qer]

There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius.

Re:

[Anonymous Coward]

I think you're thinking of Michael Hastings [wikipedia.org], not Aaron Swartz.

Re:

[artor3]

Good point. The NSA could have had a remote controlled Prius tie that noose around his neck!

Re:

[Frosty Piss]

There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius

There's little question that he was a smart guy, and that the charges against him were unjust.

But it is talk like this that only goes to further support the information that is known about his personal mental state. This type of talk is classic paranoia, and very unlikely to be in the realm of reality.

Re:Why is his death considered a suicide?

[Anubis IV]

Aaron's car never blew up. He hung (hanged?) himself. You're likely thinking of Michael Hastings, who died recently under circumstances that are closer to what you're describing.

Re:

[AHuxley]

Depends how you relate the issue to past people with unique information facing governments.
Costas Tsalikidis, the Greek telco whistleblower was found hanged.
http://en.wikipedia.org/wiki/Kostas_Tsalikidis [wikipedia.org]
http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005 [wikipedia.org]
Adamo Bove head of security at Telecom Italia who exposed the CIA renditions via cell phones ‘fell’ to his death.
http://en.wikipedia.org/wiki/SISMI-Telecom_scandal [wikipedia.org]
Deborah Jeane Palfrey, the D.C. Madam was found hanged.

Re:

[cold fjord]

None of those are quite so odd as that of MI6 Agent Gareth Williams [bbc.co.uk].

Re:

[AHuxley]

Cold he was GCHQ http://en.wikipedia.org/wiki/Death_of_Gareth_Williams [wikipedia.org] press mentions he was seconded to the Secret Intelligence Service ~MI6.
The press hinted at NSA, FBI past work too, with the GCHQ part been a bit more 'left' out of some news reports :)
To be trusted by the US is interesting too.
The inquest seems like that of http://en.wikipedia.org/wiki/David_Kelly_(weapons_expert) [wikipedia.org]
For all the fun of a security clearance, contractor or permeant staff I wonder how many people who rushed to join in t

Re:

[Anubis IV]

There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius.

Not true, on all three counts. Aaron Swartz hung himself after something really bad happened to him. Perfectly reasonable, and an utter shame. It sounds like you're confusing him with Michael Hastings, the investigative journalist who died a few months later under somewhat suspicious circumstances involving an out of control Mercedes he was driving after he had told his friends that he needed to lay low while doing an investigation on the intelligence community.

Proverbial trust me...

[ElitistWhiner]

Secure for the whistleblower to talk to the journo anonymously. If they drop signed chats over the proverbial wall hoping the chat finds its way to the proper recipient in the system. The system knows...hence the trust is in the system.

Any questions how that ends?

How does it work?

[manu0601]

How does it works against Man in the Middle attacks? If it must be defended against NSA, then we cannot take for granted that a browser SSL connection is safe from observers.

Re:

[watice]

Looks like with PGP & Tor, & USB Keys. It's detailed here. https://github.com/freedomofpress/securedrop/blob/master/docs/user_manual.md [github.com]

Re:

[PrimeNumber]

Yes you are correct, which is why I am astounded people continually recommend Tor as if it is a privacy panacea.

Re:

[watice]

I haven't heard/read that. As I understood it, a different 3 letter govt agency (FBI was it?) was exploiting weaknesses in Firefox to track TOR users, but I don't believe the TOR network was "compromised by the NSA". I could be wrong though, I tend to not pay attention to conspiracies.

Re:

[ihtoit]

that's what I thought!

Please, people, STOP recommending Tor! Here's a bit of forgotten history: Silk Road operated on the Tor network, it was TRACED then TAKEN DOWN by the Met's National Crime Agency.

A primer on the NCA [telegraph.co.uk].

Also, please bear in mind that the Tor protocol was developed by the US NAVY. If you do decide to use Tor consider it INSECURE.

Re:

[ArbitraryName]

No, he didn't.

Sounds good.

[PrimeNumber]

...but in reality it still sucks because the NSA will be continue to log and sniff all traffic between the host and web site.