Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy The Internet

Cryptome Accidentally Leaks Its Own Visitor IP Addresses (dailydot.com) 40

An anonymous reader writes with this Daily Dot story about an accidental leak of user info from Cryptome. Cryptome, the Internet's oldest document-exposure site, inadvertently leaked months worth of its own IP logs and other server information, potentially exposing details about its privacy-conscious users. The data, which specifically came from the Cartome sub-directory on Cryptome.org, according to Cryptome co-creator John Young, made their way into the wild when the site logs were included on a pair of USB sticks sent out to a supporter.
This discussion has been archived. No new comments can be posted.

Cryptome Accidentally Leaks Its Own Visitor IP Addresses

Comments Filter:
  • I am serious, and I am sure no one in the Government has ~ever~ monitored this web site's traffic or users ever never... (I always assume I am always logged by some alphabet agency and added to some bad-list for checking out the very cool stuff at cryptome.org throughout the years...) It sounds like John just accidentally sent out logs on a USB archive stick. I am sure the recipient considered it value-added. (don't see any politics going on here either, not taking the troll bait)
    • by RDW ( 41497 )

      I always assume I am always logged by some alphabet agency and added to some bad-list for checking out the very cool stuff at cryptome.org throughout the years...

      Good luck TLA, I'm behind SEVEN PROXIES whenever I access Cryptome.

      • by Anonymous Coward

        Seven proxies might slow down the FBI or the Secret Service. The NSA can't even tell the difference: they automate that shit and pipe it straight in to their TIA farm.

    • by Stoutlimb ( 143245 ) on Monday October 12, 2015 @02:23AM (#50707347)

      It makes me wonder why a site so concerned about Internet privacy is keeping logs in the first place.

      • by KGIII ( 973947 )

        Given that they are premised on exposing secrets why would you conclude that they're interested in your privacy? That seems a strange assumption to make.

  • by popo ( 107611 ) on Sunday October 11, 2015 @05:33PM (#50705843) Homepage

    Why does an anonymous leak site even store identifying information? Isn't the best defense to never even keep the data?

    • by Anonymous Coward

      Why does an anonymous leak site even store identifying information? Isn't the best defense to never even keep the data?

      Absolutely! And on top of it, why would these logs ever get anywhere "close" to the outside world--to just a supporter?

    • by Anonymous Coward

      John Young is a good man who has been doing good things for Americans for a long time. He's never been the most computer-savvy person, though (and maybe his age is interfering with his judgment). It would appear in this case that he kept logs in order to parse them with awstats, gathering his own intelligence on who his visitors were. Frankly, I'd do similar if I were running such a site. Unfortunately he had the awstats installation within the document root of cartome and he neglected to sanitize the logs

      • by Anonymous Coward

        John Young says since 2013, blames ISP

  • we're gonna be dizzy and we're gonna make mistakes. Mel Brooks
  • by Anonymous Coward

    WTF!? Why would a privacy conscious website even keep logs? DuckDuckGo for example doesn't keep logs so that privacy can actually be maintained.

    • Re:Why log (Score:4, Insightful)

      by dmbasso ( 1052166 ) on Sunday October 11, 2015 @06:05PM (#50705943)

      Honest question from my ignorance: how can you be sure they don't keep logs? Did they make pinky promises?

      • Yes, yes they did.

        I wonder if they have to install monitor recording software in response to a warrant or seciruty letter. Can they be forced to?

    • I see that the site is dedicated to spreading information that some people would prefer to keep private. They publicize things that they think should not be private, "violate the privacy" of those whom they think should have their information revealed and publicized (rightly or wrongly).

      So in some sense, it's an anti-privacy site, for better or worse. I don't immediately see any indication that the operator is "privacy conscious ". Do you? Or is it more like "I think he -should- be privacy consc

    • This. This is exactly the question I wanted to ask.
    • by kmoser ( 1469707 )
      Perhaps the logs were faked.
  • That should be "months' worth".

  • goes to show (Score:5, Insightful)

    by Osgeld ( 1900440 ) on Sunday October 11, 2015 @06:09PM (#50705957)

    the robustness of any security is based on the stupidest person

  • Seriously, this data should not even be recorded on such a site. And it it is, it should not even be written locally and immediately exported to a machine that is specially protected and not reachable from the Internet. So that is _two_ massive screw-ups right there.

  • Up until just a few years ago (when Google claimed the Usenet) a posters IP address was always displayed in the headers. It was no big deal.

  • by Anonymous Coward

    Cryptome is hosted on web.com, formerly Network Solutions, it's a shared platform with like 750k other sites on it all run wild hair PHP applications and 8 year old WP installs on a giant NFS mount. It's all horribly insecure.

A person with one watch knows what time it is; a person with two watches is never sure. Proverb

Working...