Forgot your password?
typodupeerror
Privacy Security News

Swartz-Designed Whistleblower Tool "SecureDrop" Launched 79

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes in with word of a new tool for whistleblowers: "The 'strongest-ever' whistleblowing tool for sources to speak anonymously with journalists, partly developed by the late Reddit co-founder Aaron Swartz, has been launched by the Freedom of The Press Foundation. Before his suicide in January 2013, Swartz had been working on a tool for sources to anonymously submit documents to journalists online, without using traceable email and in a way that could be easily catalogued by news organisations. Called SecureDrop, the tool can be installed on any news organisation's website as a 'Contact Us' form page. But where these pages usually require a name and email address, the encrypted SecureDrop system is completely anonymous, assigning the whistleblower two unique identifiers - one seen by the journalist, and one seen by the whistleblower. These identities stay the same, so a conversation can be had without names being shared or known."
This discussion has been archived. No new comments can be posted.

Swartz-Designed Whistleblower Tool "SecureDrop" Launched

Comments Filter:
  • Now, OUT the Bastards!

    • by Taco Cowboy (5327) on Wednesday October 16, 2013 @08:06PM (#45148433) Journal

      The problems that are plaguing our world is not only the power that be.

      The journalists are also part of the problem.

      You see, most journalists we have today do not even comprehend the ethic behind journalism.

      And worst of all, some of the journalists are willingly cooperating with the power-that-be (you can see the evidences of the so-called "news media" we have nowadays) - and I still remember a case back in the Bush (senior) days where CNN actually turned over the identity of a whistle blower to the Department of Defense.

      • by mrmeval (662166)

        Fat asses want a fat paycheck without working for it. Real investigative journalism is a passion, it is expensive and it is exhausting.

        I remember with Geraldo Rivera had a new TV show and had assembled an exceptional group of people and he did this and it was awesome. By the third episode he was a tripe spewing shill ... again.

        Slowly all that exceptional talent meandered away.

        • by schnell (163007)

          Real investigative journalism is a passion, it is expensive and it is exhausting.

          100% agree. Slashdotters, please remember this the next time you complain about any news source that does original, investigative journalism wanting to - gasp - show you ads or charge you for a subscription.

          Recycling press releases can be done for free. REAL journalism takes dedication and money to pay the people who are doing the work.

      • by Anonymous Coward

        The problems that are plaguing our world is not only the power that be.

        The journalists are also part of the problem.

        You see, most journalists we have today do not even comprehend the ethic behind journalism.

        And worst of all, some of the journalists are willingly cooperating with the power-that-be (you can see the evidences of the so-called "news media" we have nowadays) - and I still remember a case back in the Bush (senior) days where CNN actually turned over the identity of a whistle blower to the Department of Defense.

        It always been this way, the only time the media/press reports anything is after the fact people haven't bought into there government agenda, you could use several examples, the Vietnam War, the Iraq wars, the media/press peddled government propaganda in order to gain support from the general public, then people get wind of whats going on and start going against it, then the media/press reports what people already know.

      • by manu0601 (2221348)

        You see, most journalists we have today do not even comprehend the ethic behind journalism.

        The reason is perhaps that ethic had gone economically irrelevant in many medias. How do you want them to focus on ethic when their main motive is just to survive?

      • Reminds me of a quote I read somewhere and am to lazy to source:
        "Journalists print things people do not want to have printed. Everything else is public relations."

  • by Forbo (3035827) on Wednesday October 16, 2013 @08:08PM (#45148437)
    I certainly hope that the news orgs will include a warning that they should be using this only as one part of an attempt at anonymity. With the NSA's beam splitters hard at work in every major ISP backbone, it would be quite trivial for them to trace this back.
    • by drinkypoo (153816) <martin.espinoza@gmail.com> on Wednesday October 16, 2013 @08:43PM (#45148671) Homepage Journal

      Why print? uSDHC cards are cheap. 16GB for ten bucks is not unusual, for sixteen bucks is easy. Printing won't save you from identifiers hidden in the documents, if that's what you're worried about.

      I imagine if I wanted anonymity I'd take a directional wifi rig into the hills and point it at town...

      • I would think there is a serial number embedded somewhere, that points to the pos for the unit. Then you can trace from there.
        • by lxs (131946)

          I think you severely overestimate the logistic capabilities of electronics retailers. They don't keep track of the serial number (if it even has one) or batch number of every bargain bin item that passes through a store.

          • by cbope (130292)

            Maybe so, but you can bet the manufacturer keeps track of the items shipped by serial number and to whom they have been shipped.

            • by lxs (131946)

              The manufacturer usually is somewhere in China and they generally don't deal with individual stores. It either goes to a wholesaler or to the central warehouse of a chain of retailers. We're talking about bulk goods here, not about printers or PCs. Worst case, there is an RFID embedded in the packaging. IME (the place where I work sells SD cards amongst other stuff) 9 times out of 10 the packaging ends up in the trash before leaving the store. The card goes into the device while the customer stands at the c

    • by complete loony (663508) <Jeremy.Lakeman@noSpam.gmail.com> on Thursday October 17, 2013 @12:01AM (#45149567)
      Source code seems to be available online here [github.com]. A quick look at the User Manual [github.com] indicates that all communication is routed via tor which raises the bar for tracing connections significantly.
  • What about printing the documents and submitting them via traditional post? USPS, UPS, or Fedex? Honestly that seems to be the most anonymous/un-traceable way to send documents.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      They can still narrow it down to the nearest post office or mailbox or courier depot where you drop off the package. Last time I talked to the courier, they are keeping records of 2 years. There is also the usual fingerprints etc they can collect from the letter assuming if they find the actual package.

      • by lxs (131946)

        So you wear gloves and stick it in a letterbox far from your home. In a big city the other side of town should be far enough. Don't wear your AFDB when using public transport. It makes you look suspicious or a least memorable to potential witnesses.

    • Also do not forget that we know some color printers and copiers are encoding traceable information in the pages they print. I thought more than just color printers did that, but I can't find a reference.

      I would err on the safe side and assume the practice has expanded since first discovered.

      https://www.eff.org/issues/printers [eff.org]

  • There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      I think you're thinking of Michael Hastings [wikipedia.org], not Aaron Swartz.

    • by artor3 (1344997)

      Good point. The NSA could have had a remote controlled Prius tie that noose around his neck!

    • There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius

      There's little question that he was a smart guy, and that the charges against him were unjust.

      But it is talk like this that only goes to further support the information that is known about his personal mental state. This type of talk is classic paranoia, and very unlikely to be in the realm of reality.

    • by AHuxley (892839)
      Depends how you relate the issue to past people with unique information facing governments.
      Costas Tsalikidis, the Greek telco whistleblower was found hanged.
      http://en.wikipedia.org/wiki/Kostas_Tsalikidis [wikipedia.org]
      http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005 [wikipedia.org]
      Adamo Bove head of security at Telecom Italia who exposed the CIA renditions via cell phones ‘fell’ to his death.
      http://en.wikipedia.org/wiki/SISMI-Telecom_scandal [wikipedia.org]
      Deborah Jeane Palfrey, the D.C. Madam was found hanged.
    • There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius.

      Not true, on all three counts. Aaron Swartz hung himself after something really bad happened to him. Perfectly reasonable, and an utter shame. It sounds like you're confusing him with Michael Hastings, the investigative journalist who died a few months later under somewhat suspicious circumstances involving an out of control Mercedes he was driving after he had told his friends that he needed to lay low while doing an investigation on the intelligence community.

  • Secure for the whistleblower to talk to the journo anonymously. If they drop signed chats over the proverbial wall hoping the chat finds its way to the proper recipient in the system. The system knows...hence the trust is in the system.

    Any questions how that ends?

  • How does it works against Man in the Middle attacks? If it must be defended against NSA, then we cannot take for granted that a browser SSL connection is safe from observers.
    • Re: (Score:3, Informative)

      by watice (1347709)
      Looks like with PGP & Tor, & USB Keys. It's detailed here. https://github.com/freedomofpress/securedrop/blob/master/docs/user_manual.md [github.com]
  • ...but in reality it still sucks because the NSA will be continue to log and sniff all traffic between the host and web site.

How often I found where I should be going only by setting out for somewhere else. -- R. Buckminster Fuller

Working...