Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Privacy The Internet

Cryptome Accidentally Leaks Its Own Visitor IP Addresses (dailydot.com) 40

An anonymous reader writes with this Daily Dot story about an accidental leak of user info from Cryptome. Cryptome, the Internet's oldest document-exposure site, inadvertently leaked months worth of its own IP logs and other server information, potentially exposing details about its privacy-conscious users. The data, which specifically came from the Cartome sub-directory on Cryptome.org, according to Cryptome co-creator John Young, made their way into the wild when the site logs were included on a pair of USB sticks sent out to a supporter.
This discussion has been archived. No new comments can be posted.

Cryptome Accidentally Leaks Its Own Visitor IP Addresses

Comments Filter:
  • I am serious, and I am sure no one in the Government has ~ever~ monitored this web site's traffic or users ever never... (I always assume I am always logged by some alphabet agency and added to some bad-list for checking out the very cool stuff at cryptome.org throughout the years...) It sounds like John just accidentally sent out logs on a USB archive stick. I am sure the recipient considered it value-added. (don't see any politics going on here either, not taking the troll bait)
    • by RDW ( 41497 )

      I always assume I am always logged by some alphabet agency and added to some bad-list for checking out the very cool stuff at cryptome.org throughout the years...

      Good luck TLA, I'm behind SEVEN PROXIES whenever I access Cryptome.

      • by Anonymous Coward

        Seven proxies might slow down the FBI or the Secret Service. The NSA can't even tell the difference: they automate that shit and pipe it straight in to their TIA farm.

    • by Stoutlimb ( 143245 ) on Monday October 12, 2015 @02:23AM (#50707347)

      It makes me wonder why a site so concerned about Internet privacy is keeping logs in the first place.

      • by KGIII ( 973947 )

        Given that they are premised on exposing secrets why would you conclude that they're interested in your privacy? That seems a strange assumption to make.

  • by popo ( 107611 ) on Sunday October 11, 2015 @05:33PM (#50705843) Homepage

    Why does an anonymous leak site even store identifying information? Isn't the best defense to never even keep the data?

    • by Anonymous Coward

      Why does an anonymous leak site even store identifying information? Isn't the best defense to never even keep the data?

      Absolutely! And on top of it, why would these logs ever get anywhere "close" to the outside world--to just a supporter?

    • by Anonymous Coward

      John Young is a good man who has been doing good things for Americans for a long time. He's never been the most computer-savvy person, though (and maybe his age is interfering with his judgment). It would appear in this case that he kept logs in order to parse them with awstats, gathering his own intelligence on who his visitors were. Frankly, I'd do similar if I were running such a site. Unfortunately he had the awstats installation within the document root of cartome and he neglected to sanitize the logs

      • by Anonymous Coward

        John Young says since 2013, blames ISP

  • we're gonna be dizzy and we're gonna make mistakes. Mel Brooks
  • by Anonymous Coward

    WTF!? Why would a privacy conscious website even keep logs? DuckDuckGo for example doesn't keep logs so that privacy can actually be maintained.

  • That should be "months' worth".

  • goes to show (Score:5, Insightful)

    by Osgeld ( 1900440 ) on Sunday October 11, 2015 @06:09PM (#50705957)

    the robustness of any security is based on the stupidest person

  • Seriously, this data should not even be recorded on such a site. And it it is, it should not even be written locally and immediately exported to a machine that is specially protected and not reachable from the Internet. So that is _two_ massive screw-ups right there.

  • Up until just a few years ago (when Google claimed the Usenet) a posters IP address was always displayed in the headers. It was no big deal.

  • by Anonymous Coward

    Cryptome is hosted on web.com, formerly Network Solutions, it's a shared platform with like 750k other sites on it all run wild hair PHP applications and 8 year old WP installs on a giant NFS mount. It's all horribly insecure.

Disc space -- the final frontier!

Working...