Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wikileaks Sidesteps Publishing Public PGP Key

Posted by timothy on from the these-things-take-time dept.

An anonymous reader writes "Repeated requests toward the Wikileaks staff regarding their use of PGP have gone unanswered. The current public PGP key posted has been expired since November 2nd, 2007. A response on their PGP talk page notes that the 'SSL based mail submission system' will be the secure online method of document submission. At the current time, there is no method to safely encrypt any postal communications with Wikileaks or verify that any given communication actually originated from a Wikileaks staff member." Doubtless there are some complicating factors here -- but what is the best way to keep a confidentiality-centric site like Wikileaks trustworthy?

96 comments

  1. Whoo boy by iminplaya · · Score: 4, Interesting

    Generally we recommend against using PGP in its simplest form, since the traffic is easily detected and provides proof of intention to conceal, which depending on the context may pose a significant difficulty. - emph mine

    Gut reaction to that statement makes me feel a bit queasy.

    --
    What?
    1. Re:Whoo boy by kestasjk · · Score: 5, Insightful

      It makes sense, really. Anything you send to WikiLeaks you intend to be told to everyone.

      I think what they mean by "provides proof of intention to conceal" is that they don't want people leaking something and then saying "aha! You just told everyone something that I meant to be kept private, I'm going to sue! Why would I have encrypted it if I had meant you to release it?"

      And that person would have a point. It's hard to think how someone could post something to WikiLeaks, so that it can be publicly posted, but desire that their information be transmitted encrypted. The assumption should always be anything you send to WikiLeaks is public, and allowing encrypted submissions may make this unclear.
      If they need to submit the information anonymously they should do it anonymously, PGP can't help with that.

      --
      // MD_Update(&m,buf,j);
    2. Re:Whoo boy by Anonymous Coward · · Score: 0

      In any /. news article that could concern risks of open wireless access points, someone always says they drive around until they find one and then does whatever business they need to do - all with complete anonymity.

      The evidence trail may lead back to some home user that never thought to secure their WAP, but the real perp is long gone.

      And anyone concerned about embedded MAC addresses and such could either filter and modify the packets, or toss their wireless card if it was that big of a deal.

    3. Re:Whoo boy by DaffyDuck101 · · Score: 5, Insightful
      Quite obviously they (the submitters) would like to be able to deny they sent the information in the first place. PGP or not is not going to help a lot with that.

      "Proof of intention to conceal" would refer to the fact that when the next scandal at ACME is published, and only one of their faithful employees ever used PGP as evidenced by their router logs, that would constitute enough proof to sue, even without being able to read the actual contents of the mail.

      So what the nice folks at wikileaks are saying is that you might as well ditch PGP and use web-based SSL forms so you can just claim you were paying your annual Playboy magazine subscription, or whatever. Or you could send all your mail with PGP and try to convince everybody else to do so as well.

      So yes, PGP isn't going to do you much good, but not for the reasons you stated.

    4. Re:Whoo boy by ceejayoz · · Score: 3, Insightful

      I think you're misunderstanding them.

      I read it as "the Chinese or other totalitarian governments might punish you solely for using PGP".

    5. Re:Whoo boy by spottedkangaroo · · Score: 1

      But it's complete BS... You can use PGP to *sign* documents. Encrypting is optional. You can do both. In some implementations you can actually do neither... odd.

      Signing a document does not conceal anything.

      --
      Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
    6. Re:Whoo boy by cwebster · · Score: 1

      yes, but when you sign a document you use your private key, not the reciever's public key, which is the issue.

    7. Re:Whoo boy by RKBA · · Score: 1

      ... the traffic is easily detected and provides proof of intention to conceal, which depending on the context may pose a significant difficulty. All the more reason why EVERYONE should use PGP or some variant thereof ALL THE TIME for ALL email, even if you're only encrypting your favorite cookie receipt.
      --
      9/11 Eyewitnesses to Explosive WTC Demolition 1 of 2
    8. Re:Whoo boy by spottedkangaroo · · Score: 1

      why should that be an issue?

      This is all about the web of trust and authenticating data. Why does it matter that the sender keeps their private key private?

      Pretty sure their SSL setup will have a private key too. I suspect they'll have to conceal that too...

      --
      Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
    9. Re:Whoo boy by perlchild · · Score: 1

      The SSL Private key's is WikiLeaks, not the correspondants...

    10. Re:Whoo boy by cwebster · · Score: 1

      why should that be an issue?

      This is all about the web of trust and authenticating data. Why does it matter that the sender keeps their private key private?

      because, like you say, its about trust and authentication. The only way that is possible is to sign with a private key and keep it private. If you sign with a private key and then distribute the private key, then anyone can sign the document as that person and you no longer have a signature that is meaningful.
    11. Re:Whoo boy by Anonymous Coward · · Score: 0

      Kudos to /. on the new style and comment system!


      What a fucking suck up. It's slow and cumbersome.
    12. Re:Whoo boy by spottedkangaroo · · Score: 2, Insightful

      That's silly, you don't have to distribute the private key, that's the whole point.

      Take the wikileak's SSL key. How do you know that's their private key and it's not a MiM attack? You know that because verisign (or someone) signed the public key. They did that with a private key -- and wikileak doesn't have it!! Oh nos!!!

      There's always a private key you don't have. That's the whole point of asymetric cryptography. PGP is no different.

      So this argument is all very silly.

      --
      Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
    13. Re:Whoo boy by Anonymous Coward · · Score: 0

      Which would be great, but everyone already uses SSL. What's wrong with SSL-based Web submission?

    14. Re:Whoo boy by cwebster · · Score: 1

      forgive me if i'm mistaken, but SSL is used to encrypt and the post i replied to was specifically in reference to signing a document. I recognize your argument with wikileaks and agree that in that context it is stupid. At the same time i stand by my point that distributing a private key pretty much negates being able to sign a document with the purpose of trust.

    15. Re:Whoo boy by spottedkangaroo · · Score: 1

      The only problem I have with what you said is that that it's either false or willfully ignorant. It's otherwise ok.

      You can use a private key to create a signature that was verifiable created with that private key using the public key that's paired with it. If that public key was signed by other private keys and those are signed by other private keys, then using that web of trust you can confirm the sender is who they claim to be.

      That is the other purpose of asymmetric crypto. You can use it to encrypt and you can use it to authenticate. Those are two totally separate things and neither requires you give up your private key. It's private.

      More, SSL is used for enryption, yes, but that's a smallish way to look at it. It has several parts. It's also used to verify identity.

      There's a diffe-helman key exchange that gives you a shared secret you can use to encrypt the traffic. If anyone hears it, it doesn't matter! DH is magic, look it up. The problem is that it's subject to man in the middle attacks. Enter the X.509 certificates.

      They are used to prove the sender is who they claim to be and not someone in the middle maintaining two separate encryption sessions.

      You use your keyring of public keys to prove that the sender's public key is from the person it's supposed to be.

      You don't get to see the sender's private key or the private key of any of the signers. You do not need to encrypt things using X.509 or pgp... you can use it purely for authentication purposes without revealing any private keys.

      Cheers.

      --
      Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
  2. What happened on November 2nd, 2007? by Anonymous Coward · · Score: 0

    How can an algorithm stop working after a certain date? Do the laws of logic subtly change over time, and all known encryption algorithms are affected by this?

    1. Re:What happened on November 2nd, 2007? by fintler · · Score: 5, Informative

      Expiration of PGP keys is a feature and does not prevent the key from being used in the future (although it should not be considered secure if used after the expiration date). The purpose is to prevent the impact of a compromised key by limiting its validity period.

      Expiry can also be useful in the event that a private key is lost. Revocation of a public key requires access to the private keys.

  3. I wish the world would use GPG more by CRCulver · · Score: 5, Insightful

    A decade ago, every geek had a PGP key, keysigning parties were a great way to spend a Friday night, and everyone was raving about Schneier's eggheaded but useful tome Applied Cryptography . Now when I ask otherwise normal geeks if they have a PGP key, they just look at me like I'm from Mars. I don't understand, PGP has gotten only easier to use, there's a great Firefox extension for it, but it has faded in popularity.

    1. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 1, Informative

      The thing is, there is no point to PGP/GPG these days. S/MIME and SSL are real standards and integrated with practically every browser and e-mail package out there.

      PGP was and still is just a hack.

    2. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 3, Insightful

      There is the problem of webmail.

      I know there are extensions to firefox to get s/mime support, PGP and a few other (proprietary) methods of encrypting emails, but you don't always have ontrol over the browser you're using.

      I'd love to use encryption on my email, but if I can't read it, there's no point.

    3. Re:I wish the world would use GPG more by kestasjk · · Score: 2, Interesting

      Not easy enough though; why isn't it automatic? Why isn't it just a basic part of e-mail by now? How can Flash and JavaScript in e-mail be supported but not encryption?

      --
      // MD_Update(&m,buf,j);
    4. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 3, Insightful

      There was a time that I used PGP/GnuPG for all my e-mails. But at some point I realized that this only gave me the impression that I had real privacy. Most of the recipients run Windows and they open those e-mails and files on their insecure machines.
      Also, what has changed is that nowadays the reason I want more privacy is because of the government and not because of regular people/crooks. And there are various ways in which the government could still read my files even when I use encryption, both by checking my screen and what I type.
      Finally, even when encryption would be really secure right now, if they keep the files for 10 years, there's still the possibility that they may be able to open them. That's not real privacy to me.
      The same goes for people who use Skype because they know it encrypts their conversations. But, of course the government can listen in on those conversations when they really want that, and of course eBay won't tell you about that, because then they'd lose many customers.

    5. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 4, Insightful

      why isn't it automatic? Because the most bothersome part of all cryptographic systems is also the most important part: key management. Both trust architectures, web of trust and hierarchic trust, require that trust relations are established by verifying keys/certificates. Hierarchic trust centralizes the verification. The certificate authorities do all the work, so they want compensation. The web of trust distributes the work among its participants. Consequently it's usually free, but you have to do work. That's why it's not automatic.
    6. Re:I wish the world would use GPG more by pwizard2 · · Score: 1

      If I'm ever downright paranoid about keeping something really important secure, I prepare several GPG keys (4096 bit) and encrypt the data, and then encrypt the encrypted text, again and again. I then keep the different keys in different places, so to read my message someone would have to acquire multiple private keys and passwords.

      --
      "It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
    7. Re:I wish the world would use GPG more by buanzo · · Score: 1

      I use GnuPG to sign my outgoing eMail. I also use it to encrypt files for me and other friends. From time to time, to transfer sensitive information like passwords.

      Also, I mixed OpenPGP with HTTP and created Enigform (firefox extension) and mod_openpgp (apache module, formerly known as mod_auth_openpgp).

      There you go, more things to use pgp with.

      --
      Buanzo Consulting - 15 Years of GNU/Linux experience, for you.
    8. Re:I wish the world would use GPG more by shutdown+-p+now · · Score: 1

      It's because of proliferation of Web mail, and, for geeks in particular, GMail.

    9. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 0

      I forget exactly which algorithms are used by default, so this might not apply in your particular case, but encrypting something multiple times with different usually isn't more secure than encrypting it just once. Applying the same transformation with different keys on data often ends up being equivalent to doing a single transformation with a different key. For example, consider a simple shift cipher, like ROT. Shifting three times, first by 2, then -5, then 19, is the same as shifting a single time with a key of 16. The same property is held by many "real" ciphers.

    10. Re:I wish the world would use GPG more by fuego451 · · Score: 1

      "there's a great Firefox extension for it"

      I've used gpg for Icedove and I considered it for Iceweasel but I'll be damned if I will 'register' with mozilla.org, now required, just to download it. When did they start that crap?

    11. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 0

      There is another reason to _not_ use PGP/GPG. If everything is readable, it is still pretty easy to deny I wrote the email. If you sign it, someone might think they have proof you wrote it (even though your computer might be cracked). Plausible deniability.

      Second, the stuff that really deserves to be encrypted should also be covertly communicated. There is a reason that intelligence agencies do 'traffic analysis'.

    12. Re:I wish the world would use GPG more by RKBA · · Score: 3, Insightful

      You don't need any special web client, browser plug-in, or anything else to use PGP. Although I do sometimes use a GnuPgp extension to Thunderbird, I mostly just use the older versions of PGP that let you encrypt/decrypt, sign/verify, etc., either the contents of the clipboard or a text file. I then simply copy/paste the encrypted/signed message text file into the email I'm sending. The encryption/decryption can be totally separate from the email client.

      --
      9/11 Eyewitnesses to Explosive WTC Demolition 1 of 2
    13. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 0

      That still doesn't explain why we don't have it on, at least, the domain level. Most domains (certainly most large domains) have certificates already so that people can use SSL webmail if nothing else. There isn't any decent reason why those email servers shouldn't be at a minimum signing the emails they send with a cert that says "email sent from foo@thisdomain.com to bar@whatever.com with xyz hash" to avoid tampering in transit.

    14. Re:I wish the world would use GPG more by Beetle+B. · · Score: 1

      Also, what has changed is that nowadays the reason I want more privacy is because of the government and not because of regular people/crooks. And there are various ways in which the government could still read my files even when I use encryption, both by checking my screen and what I type. That's the same as saying, "Why lock my door? The lock can be picked anyway."

      And some would say it's the same as, "Why try to hide any secrets? They've probably figured out how to read my mind anyway."
      --
      Beetle B.
    15. Re:I wish the world would use GPG more by RiotingPacifist · · Score: 1

      Assuming that it the encryption cant be broken. He is just setting up the plot to a geek movie, where the hero has to go round and find 4 keys before the bad guy, only to be deceived at the last moment by an advert to wipe his computer! Ofc he realises this and switches the order of the keys and the bad guy gets hit by a stenographic virus.

      --
      IranAir Flight 655 never forget!
    16. Re:I wish the world would use GPG more by Haeleth · · Score: 1

      Now when I ask otherwise normal geeks if they have a PGP key, they just look at me like I'm from Mars. I don't understand, PGP has gotten only easier to use, there's a great Firefox extension for it, but it has faded in popularity.
      Of course it has; it's a solution looking for a problem. Sorry to say, but most of us don't have anything to hide, and that does mean that there's not much point hiding it.

      What's happened is that we have, in general, grown up a bit and realised that encrypting everything is not "protecting our freedoms" or "sticking it to the man", it's just making our own lives inconvenient for no real gain whatsoever. I don't believe the government has orbital mind control satellites, I don't believe that CCTV cameras have secret face-recognition software that is tracking my every move in public, I don't believe that HM the Queen and George W. Bush are actually reptilian aliens in human costumes, and I don't believe that there is a magical Echelon system reading all my emails and using magical AI to separate the sheep from the terrorists.

      Amazingly enough, growing out of childish conspiracy theories is tremendously liberating. Paranoia is not liberty. Get too obsessed with "protecting your freedom" and you will find that you've locked yourself up in a prison of your own making. Instead, recognise that you are not the centre of the universe and that, frankly, the government doesn't give a damn about your emails unless you're actually plotting a terrorist atrocity, and you can get on with enjoying your life.

      (Now, using public-key technology to sign emails is a different matter. It would be great if that kind of thing were more common; it would deal a bitter blow to phishing if all bank emails were signed, for example.)
    17. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 0

      That's the same as saying, "Why lock my door? The lock can be picked anyway."
      Which is why it's not worth wasting vast sums of money trying to find an unpickable lock, or installing dozens of locks and boarding up all your windows, or whatever. You lock your door to keep people honest, in full knowledge that if skilled burglars (or the government) want to get in, they will be able to do so in such a way that you don't even know they've been until you realise something valuable has been stolen. In other words, locking your door only keeps out amateurs, and you must rely on the police and the legal system to protect you from professionals.

      That isn't necessary with email because the average person does not have the ability to read your email anyway; only the professionals and governments are going to be able to intercept email in transit with any degree of reliability. The amateurs might be able to send you a trojan that will read the email from your hard disk, but that's why you lock your computer with anti-malware software (or use Linux). For protection against regular interception, just like protection against professional burglars, it's not really worth boarding up your email windows and making both your and everyone else's life inconvenient with encryption; you can simply rely on the police and the legal system again. In Britain, for example, intercepting someone's email without a warrant will land you in jail (ironically, the law that guarantees this protection is the much-reviled-on-Slashdot RIPA).
    18. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 0

      And that helps when you're sending a quick e-mail to your grandmother... how?

      I think most reasonable geeks have just come to accept that they have no reasonable expectation of privacy in their e-mail. If they need to secure it, then they'll take extra measures. Otherwise, the effort doesn't seem worth it.

      Also, at one point using PGP was a cause celebre, because of the US restrictions on the export of strong crypto, and the Zimmerman suit. Those legal issues have largely fallen by the wayside; US crypto policy is something most people can live with, strong encryption is widely available internationally anyway, and the Zimmerman suit was resolved.

    19. Re:I wish the world would use GPG more by Anonymous Coward · · Score: 0

      I don't believe that CCTV cameras have secret face-recognition software that is tracking my every move in public Not yet. They're working on it.
    20. Re:I wish the world would use GPG more by Sloppy · · Score: 1

      A hack?! WTF? PGP has the WoT and multiple certifiers per key. It's better. S/MIME and SSL are the ones that reek of hackishness; they are stopgaps until more people start using the Real Thing.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  4. There isn't by binaryspiral · · Score: 3, Insightful

    Doubtless there are some complicating factors here -- but what is the best way to keep a confidentiality-centric site like Wikileaks trustworthy?


    Unfortunately, there isn't - information is only as trustworthy as the source.
    1. Re:There isn't by iminplaya · · Score: 1

      ...information is only as trustworthy as the source.

      I believe the saying goes, "Trust no one but yourself."

      --
      What?
    2. Re:There isn't by Anonymous Coward · · Score: 0

      Why would anyone expect wikileaks to keep information secret? Isn't that the exact opposite of what they're known for?

    3. Re:There isn't by Anonymous Coward · · Score: 0

      "Trust no one but yourself."

      Bad advice, at least in my case ... Do you know how often that guy lies, cheats and steals?
  5. The issue is more than encrypting and signing by Kevinv · · Score: 5, Insightful

    Once documents have been leaked, organizations know they can't put the cat back in the bag but they want to close the bag to prevent further escapes. Sure they sue but they sue to get the names of submitters (i.e. Apple vs. Think Secret, or Craig what's his name at Microsoft threatening to find the leaker of the Halloween documents via secret Exchange magic)

    Wikileaks appears to want to provide a way for submitters to deny they even submitted anything to Wikileaks. Sending an e-mail to wikileaks with the contents encrypted is a clear indication that you're sending something to them. By the time the leaks are made public all they want to do is find the person, searching for something that sent pgp encrypted mail, even without being able to decrypt the actual contents, is going to be good enough for them.

    An ssl page, especially if wikileaks sets up some sort of drop system with other domains so you aren't obviously submitting to wikileaks, is much harder to track because people use ssl pages all over the internet all the time. If PGP were used more frequently then they could probably use that with a drop system as well, but it's just too rarely used.

    1. Re:The issue is more than encrypting and signing by syzler · · Score: 3, Insightful

      An ssl page, especially if wikileaks sets up some sort of drop system with other domains so you aren't obviously submitting to wikileaks, is much harder to track because people use ssl pages all over the internet all the time.

      Why would you submit something to Wikileaks from your organization's network or through your organization's mail servers? I would think that act alone would scream, "Fire me," at the top of its figurative lungs to your soon to be ex-employers.

    2. Re:The issue is more than encrypting and signing by BorgCopyeditor · · Score: 1

      Because it's the only way to get the info out the door?

      --
      Shop as usual. And avoid panic buying.
    3. Re:The issue is more than encrypting and signing by syzler · · Score: 4, Insightful

      If an organization has security so tight that an individual is unable to carry a medium such as a sheet of paper, a thumb drive, digital camera, mp3 player, or cell phone off the premise, I seriously doubt the organization would allow the individual unrestricted access to the public Internet from within the organization's network.

    4. Re:The issue is more than encrypting and signing by beeblebrox · · Score: 1

      An ssl page, especially if wikileaks sets up some sort of drop system with other domains so you aren't obviously submitting to wikileaks, is much harder to track because people use ssl pages all over the internet all the time. The problem with SSL, as implemented in browsers, is that there is a crapload of root certification authorities that are blindly trusted by default. On my Firefox browser for example I can see:

      - AOL
      OK, I might trust them for something like an online forum login page, but not for online banking.

      - TurkTrust
      Seems to be a Turkish quasi-government entity related to international trade. Since I'm not trading with any Turkish entities right now, this one went bye bye from the list.

      - GoDaddy: Holy Fucking Shite! GoDaddy, of pullinng-your-domain-cause-we-feel-like-it infamy, is in a position of certifying my - and probably yours too - SSL sessions. No further comments needed.

      You get the idea.

      How safe should you feel relying on the certificate chain you [assume] is coming from Wikileaks' server? Any government/corporation that deploys a subpoena/national security letter can create a fake chain that enables a man-in-the-middle attack.

      If I ever get the time to write a firefox extension, I'd like to write one that maintains a history of certificate chains indexed by domain, and enables widespread comparison/sharing of these among the users at large. This should make it much easier to automate alarm bells when an SSL site you trust suddenly "changes" certificate chain on you.

      Of course, there are valid reasons for certificate chain changes - site certificates expiring being by far the most common. But there are heuristics that would probably help fine-tune alerts.
    5. Re:The issue is more than encrypting and signing by Anonymous Coward · · Score: 0

      Uh, maybe it's intended as an additional precaution - it's certainly wise to use a different network than that of your organization but if your choices are limited to e.g. a couple of Internet Cafes under a repressive regime that could easily get their hands on those logs as well, such an additional precaution can make it harder to trace to you.

    6. Re:The issue is more than encrypting and signing by BorgCopyeditor · · Score: 0

      Yeah, good point.

      --
      Shop as usual. And avoid panic buying.
    7. Re:The issue is more than encrypting and signing by Kevinv · · Score: 1

      Why would this have to go through the company's servers? Organizations with leaks, hell the RIAA does it all the time, has been known to ask for ISP's logs and ISPs are pretty willing to roll over for just about anyone.

      DNS logs, e-mail logs, etc.... then back track the trail looking for a server that keeps copies of e-mail as it passes through (how many ISP's now require you use their SMTP server instead being able to send your own e-mail straight to another server?) or starts keeping copies of your mail when they realize someone is actively leaking information and it's still going on. How many cable companies now have transparent proxies on their web traffic just for network optimization?

    8. Re:The issue is more than encrypting and signing by Shadow-isoHunt · · Score: 1

      Here's the thing though, while PGP sort of lets the cat out of the bag that you're hiding something, the same thing happens over an SSL page on wikileaks IP, it doesn't give you any protection because instead of just searching for "PGP" in packet logs(if they're being kept), you're searching for 88.80.13.160 or "wikileaks"(which would come up in a DNS request). The only real solution is transmitting the materials over an anonymous link(such as wifi across town). If I was leaking something, I wouldn't even use tor from the same LAN(have to install software, leaks DNS requests sometimes).

      --
      www.isoHunt.com
    9. Re:The issue is more than encrypting and signing by Anonymous Coward · · Score: 0

      The easiest solution would be to steal WiFi. That'd be close to untraceable.

    10. Re:The issue is more than encrypting and signing by Anonymous Coward · · Score: 0

      If an organization has security so tight that an individual is unable to carry a medium such as a sheet of paper, a thumb drive, digital camera, mp3 player, or cell phone off the premise, I seriously doubt the organization would allow the individual unrestricted access to the public Internet from within the organization's network. Depends on how well security policies are enforced.

      It may be fairly trivial to sneak a thumb drive (or similar) into "secured" room with a standalone network, copy a file to the drive, and sneak it back out to your desk. Certainly that is against policy, but it may not be easily detectable/enforceable. Then again, by nature of what you're doing, it's against policy.

      Posted anon for various reasons.
    11. Re:The issue is more than encrypting and signing by threat_or_menace · · Score: 1

      From the wording ("intent to conceal") it sounds as if they're primarily interested in legal action taken against leakers. PGP throws up big flags if you're looking for it, and there are undoubtedly governments that look for it as well as businesses.

      The real problem is that it sounds as if they intend to trust SSL, which is a mistake. I know (and apply URL filtering policy on) any SSL connections made at my job site. If I wanted to, I could MITM the SSL as well, but I don't have a policy to back me up nor do I care to break it and then deal with the headache of securing the decrypted traffic. If I had a serious budget, there are tools to run very high capacity (think backbone traffic) pipes through similar analysis toolkits. Cisco and I think Bluecoat have gotten beaten up for selling some of these tools to China; the Feds and the UK government buy the boxes and of course no one gets slapped on the wrist over that, since the US and UK are Protecting Our Freeeeeedoms.

      So, if the idea of discouraging PGP is to make people less likely to be officially harassed for submitting to Wikileaks, considerable attention needs to be paid to implementing the SSL submission as well, because site access and flow volume (indicative of an upload) are pretty simple to log and tie to Wikileaks and to the client IP address. It sounds as if the folks at Wikileaks know this and are working to address it.

      There's lots of this gear out there that's still relatively unknown. Last year I saw early samples of stuff that could easily do national infrastructure at wireline speed and which purportedly has some ability against SSH (I don't believe against SSH v2) from an outfit called Netronome. I am told that their gear is 'in the wild' now in the employ of plenty of TLA outfits. PCI-X cards with 4 x gigabit ports and a 1.4 Ghz network processing chip onboard. Plug it into the appliance or 'nix of your choice. Oh, and it's CALEA friendly, too.

      All your packets are belong to us.

    12. Re:The issue is more than encrypting and signing by Antique+Geekmeister · · Score: 1

      It's a good point, but not complete. You may not have a thumb drive at the moment, or access to a printer where the jobs are unobserved, or may not have the technical skills to transfer the data in a more subtle way. But web access is pretty common place, even inside allegedly 'secure' environments.

  6. Through video by caspy7 · · Score: 1

    Have a video run at 3 in the morning on PBS or something. Have a recognizable figure say what the key is while it is displaying on the screen.
    I suppose he could also sign it while he talks.

    1. Re:Through video by perlchild · · Score: 2, Informative

      The private key you mean?
      If you mean the public key, that proves nothing, if you mean the private key, anyone who uses it in the future can attribute documents to you. I know 3am PBS isn't popular, but I still wouldn't broadcast it.

  7. Reading between the lines by Anonymous Coward · · Score: 2, Interesting

    hmm.. no encryption and no answers. I smell an FBI national security letter and gag order.

    1. Re:Reading between the lines by Anonymous Coward · · Score: 1, Funny

      hmm.. no encryption and no answers. I smell an FBI national security letter and gag order. I see hats.

      Tinfoil hats.
    2. Re:Reading between the lines by Anonymous Coward · · Score: 1, Insightful

      Indeed - or a UK member of staff has been forced to turn the old key over under the terms of RIPA, and Wikileaks are interpreting RIPA's provisions in such a way as to be sure to keep that staff member out of prison.

    3. Re:Reading between the lines by number11 · · Score: 3, Interesting

      no encryption and no answers. I smell an FBI national security letter and gag order.

      And why should wikileaks care about that? The domain is registered to an address in Kenya, and the web server appears to be in Sweden.

    4. Re:Reading between the lines by Anonymous Coward · · Score: 0

      Hah. Wikileaks has defied the Pentagon, (published the Camp Delta SOP), Powerful banks, and the Chinese government, and is still going strong. A letter from the FBI is the least of their worries.

    5. Re:Reading between the lines by noz · · Score: 1

      hmm.. no encryption and no answers. I smell an FBI national security letter and gag order.
      They should have leaked them to Wikileaks. Wait...
  8. open projects, closed governance? by Anonymous Coward · · Score: 0

    Open projects should have open source governance.

    FWIW, the software is being developed right now. (SF says they just kicked off this month.)

    1. Re:open projects, closed governance? by Anonymous Coward · · Score: 0

      Absolutely! Why should we trust the "staff" of any project? Who exactly are they, and how sure are you of that?

  9. I don't understand one thing by Post-O-Matron · · Score: 1

    I don't understand one thing: If someone performs a man-in-the-middle attack, isn't it likely that they are also able to mangle other traffic between Wikileaks and the submitter, i.e they can present a different PGP key to the submitter? So doesn't this go back to the old "The system is as secure as its key" ?

  10. maybe if gmail supported it.... by HelloKitty · · Score: 0

    maybe if gmail supported it.... then it'd catch on...

    --
    music - http://www.subatomicglue.com
    1. Re:maybe if gmail supported it.... by AnyoneEB · · Score: 3, Informative

      Here you go.

      --
      Centralization breaks the internet.
    2. Re:maybe if gmail supported it.... by ettlz · · Score: 2, Informative

      So enable IMAP and SMTP support in Google Mail and use a PGP-equipped client.

    3. Re:maybe if gmail supported it.... by Anonymous Coward · · Score: 0

      So how does it prevent Gmail from sniffing the decrypted text from your DOM? Can you use it with Javascript disabled?

    4. Re:maybe if gmail supported it.... by RiotingPacifist · · Score: 1

      Nothing, the same way that PGP cant protect you from a trojan used to read your mail.
      But if you want: open the mail, go offline, then decrypt the email, read it, close it, clear your cookies, then go back online.

      the point of encrypted emails was never to protect you from your email reader, it was to protect it from between sender & receiver

      --
      IranAir Flight 655 never forget!
  11. gmail won't support it. by Dr_Barnowl · · Score: 4, Insightful

    The gmail revenue stream depends on targeted advertising, which means they need to have a daemon read your mail. If they supported encryption as standard, they'd be cutting off some not-insignificant portion of that revenue ; regardless of how much they'd like to support the feature, their responsibilities are to their shareholders ; unless they can find a way of making equivalent or greater revenue from encrypted mail, they can't field it as a feature.

    I can't envisage an encrypted mail service that has an externalized revenue source, so the only way to fund it is by the customer paying. Which then begs the question, who do you trust enough to pay them to keep your secrets safe? In my case, I no secrets worth keeping, but if I did, I wouldn't trust anyone else to keep them for me.

    Open-source, peer-reviewed encryption, under my own control, is the only technique I would trust to keep digital secrets transmitted across a wire.

    The best kept secrets are of course the ones you keep solely in your own head.

    1. Re:gmail won't support it. by Aladrin · · Score: 1

      That makes no sense. Webmail doesn't -work- if they can't decrypt the mail. During that decryption is when they'd choose the targeted ads.

      This has absolutely nothing to do with targeted ads and everything to do with the encryption itself. Webmail -can't work- with encryption since you'd have to give your private key to the webmail. That would completely invalidate the encryption automatically.

      No, this isn't a capitalist conspiracy. It's just logic at work.

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    2. Re:gmail won't support it. by Beryllium+Sphere(tm) · · Score: 1

      Google encrypted email:
      http://www.google.com/a/help/intl/en/security/message.html#utm_campaign=en&utm_source=en-ha-na-us-content&utm_medium=ha

      searchability without resorting to completely plaintext, though admittedly that doesn't have the privacy properties a whistleblower needs.

      Wonder why Wikileaks doesn't get a Hushmail acount.

      >Open-source, peer-reviewed encryption, under my own control, is the only technique I would trust to keep digital secrets transmitted across a wire.

      Your reasoning is sound.

    3. Re:gmail won't support it. by Beryllium+Sphere(tm) · · Score: 1

      Gahh, screwed up the second link, sorry. https://mice.cs.columbia.edu/getTechreport.php?techreportID=483 (PDF).

    4. Re:gmail won't support it. by dissy · · Score: 1

      The gmail revenue stream depends on targeted advertising, which means they need to have a daemon read your mail. http://getfiregpg.org/

      This is a firefox plugin that adds pgp support to firefox, and integrates fully with gmail.
      Adds encrypt decrypt and sign buttons down by the send and save buttons.
    5. Re:gmail won't support it. by tyler_larson · · Score: 1

      The gmail revenue stream depends on targeted advertising, which means they need to have a daemon read your mail. If they supported encryption as standard, they'd be cutting off some not-insignificant portion of that revenue...

      Not really.

      Webmail systems have to decrypt everything server-side before they can display it. All mail readers need to be able to decrypt messages before displaying them-- here, the mail reader is Google's server, not your browser. This should be obvious with even the most basic understanding of these technologies.

      If you want the message to be encrypted all the way to your computer, then you need a client-side mail reader (which you're free to use with Gmail and PGP--think IMAP).

      In other words, Gmail does support PGP to the extent that is possible without requiring you to divulge your private keys.

      Now run along and quit spreading FUD.

      --
      "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
      RFC 1925
    6. Re:gmail won't support it. by NizzyWizzy4Shizzy · · Score: 1

      The best kept secrets are of course the ones you keep solely in your own head. Just as the most secure computer is the one without a power cord.
  12. there isn't by kris.montpetit · · Score: 2, Insightful
    Doubtless there are some complicating factors here -- but what is the best way to keep a confidentiality-centric site like Wikileaks trustworthy?

    There isn't. By verifying that anyone is anyone the cover is blown. Regardless the best use of it is still to post anonymously and link as many people as humanly possible. Then even if your cover is blown, the message still gets out. If you're a whistleblower, this is something you should have accepted long before you blew the whistle

  13. Tomorrow's headlines: by Cctoide · · Score: 2, Funny

    - Wikileaks Changes Headings to Times New Roman
    - Wikileaks Director Recommends Ivory Soap
    - Wikileaks to Sponsor Next Super Bowl
    - Wikileaks leaks Wikileaks' Wikileaks leaks
    - Wikileaks wikileaks wikileaks, Wikileaks wikileaks

    --
    "Let's face it, it's a good story. Accuracy would kill it."
    1. Re:Tomorrow's headlines: by sadgoblin · · Score: 0

      What this has to do with Wikileaks?

  14. Another option by TheSpengo · · Score: 2, Insightful

    Well, since people can't use PGP with their regular email addresses anymore to correspond with wikileaks, what's stopping them from making a dummy gmail account or something? It takes all of a couple seconds and that way you don't even have your regular email address associated with them at all.

    --
    Weaksauce as they say...
  15. Secure proof of sending, reading by PhotoGuy · · Score: 0

    This is a bit offtop, apologies, but it's not a terrible place to ask a mail security/signature related question.

    I'm in a situation where I need to *prove* that someone has opened/read an email. I know there are paid "registered email" services, but they seem a bit overkill to me. And return receipts are jokes, since they aren't widely supported.

    Is there *any* service out there that can post a letter to a person, send them the link (presumably) information (via email) to read that note, and log when they did indeed read it? It's not that complicated, but I'm not having much luck finding anything. (Even a bulletin-board that shows confirmation of specific users reading a note would suffice.)

    I could implement it myself, without much difficulty, but where I'm one of the parties wanting a *third party* site/service to confirm the sending and reading of a message, unfortunately that won't do (I'll just be told "well, you could have faked the data.")

    Thanks for any insights.

    --
    Love many, trust a few, do harm to none.
    1. Re:Secure proof of sending, reading by WuphonsReach · · Score: 3, Insightful

      I'm in a situation where I need to *prove* that someone has opened/read an email. I know there are paid "registered email" services, but they seem a bit overkill to me. And return receipts are jokes, since they aren't widely supported.

      The short answer is "don't try to make SMTP do something that it wasn't designed to do".

      The long answer - send people unique links to a web server that you control.

      --
      Wolde you bothe eate your cake, and have your cake?
    2. Re:Secure proof of sending, reading by SpaceLifeForm · · Score: 1
      Well, you could setup a system with sftp, one-time login/password to access the document in question, log when the document was accessed, but even so, access does not prove that it was read.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
    3. Re:Secure proof of sending, reading by Anonymous Coward · · Score: 0

      No, sftp is ***NASTY*** for uploading use. You see, sftp and scp both rely on an active shell account on the target server, with no chroot cage. Despite numerous supplied sets of patches and instructions on setting it up, the managers of OpenSSH have never accepted the need for a chroot cage technology for file servers, and thus it doesn't exist in any well-supported format. (ssh.com's server supposedly has one, but I have not had a chance to test it.)

      If you need upload capability, WebDAV over HTTPS works well, has Java clients for every OS, and is built right into Windows' 'Network Neighborhod' tools. And Apache as the web server can be set up in a much safer fashion than publishing SSH keys and trying to keep the users out of your system files.

    4. Re:Secure proof of sending, reading by alcourt · · Score: 1

      OpenSSH 5.0 has chroot and sftp only accounts support in the sshd_config file.

      --
      "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire
  16. Crazy concept by Anonymous Coward · · Score: 0

    I realize I could be pilloried for such a non-tech idea.

    But why not put the material on CD-ROM and snail-mail it in. Encrypt the data with the outdated PGP key. Mail it from a different town/city and use a bogus return address. Yes if you are incredibly concerned take care to avoid fingerprints.

    Overall I would think it would be equally or less trackable than communicating via HTTPS, email etc to wikileaks.org from your home PC or similar.

    Might not help if the assasins hired by the corporation follow you to the mailbox, but I think you are screwed either way at that point.

  17. I beg to differ by IBitOBear · · Score: 1

    I can neither confirm nor deny that I have sat in a classified lab with info controls that has a non-trivil number of points of access to the unrestricted internet. The labs may or may not have restricted the movement of cell phones, thumb drives, CD ROMS, etc.

    When push comes to shove, "the individual persons" are both the weakest and most important of a security plan. Plans based on having "no bad actors" inside the security ring is important and everyday useful.

    One of the major reasons to restrict the aforementioned items and movements it to prevent the _accidental_ transmission of data.

    You can only inconvenience a bad actor who is deliberately trying to transmit information. That is why they don't let just anybody into classified circumstances and depend on preventing leaks with technology and security measures as a primary approach.

    --
    Innocent people shouldn't be forced to pay for inferior software development.
    --"Code Complete" Microsoft Press
  18. Anonymous Remailers by LM741N · · Score: 1

    But thats so early 90's. Still might be useful, although I don't think there any left that will anonymously send the recipient plain text.

  19. Anyone dumb enough to ... by celtic_hackr · · Score: 1

    Anyone dumb enough to submit information to wikileaks from their work deserves any humiliation that follows.
    Furthermore, anyone using SSL to send data to Wikileaks from work is equally stupid. The logs you speak of can just as easily identify who connected to Wikileaks over a secure connection and thus are just as easily identified as the PGP encrypted fool who does so.

    Besides, they don't seem to get much pgp tagged submissions, according to them. Or perhaps it's all someone pretending to be them, and the real wikileaks people are now in the hands of unknown blacksuits and everything submitted to them now goes directly to a white farmhouse somewhere in Virginia to be analyzed.

  20. Re:Anyone dumb enough to ... by DaffyDuck101 · · Score: 1

    Furthermore, anyone using SSL to send data to Wikileaks from work is equally stupid. The logs you speak of can just as easily identify who connected to Wikileaks over a secure connection and thus are just as easily identified as the PGP encrypted fool who does so.

    Ha! That's the beauty of it!

    You see, in phase #2 of their plan for global domination, wikileaks is planning to offer annual Playboy subscriptions at 50% rate, at which point their SSL servers are going to be taking hits like there's no tomorrow ;-)

  21. ssl is secure- but should distr. w/rss bittorrent by happyjack27 · · Score: 1

    ssl provides an encrypted layer which is secure enough to transmit credit card information over the internet on a regular basis. it should be plenty sufficient.

    what i don't think is sufficient is how the info is distributed. the thing can be shut down / censored too easily. to make the information distribution resiluant, it needs to be decentralized. that's why i think the website should provide an rss feed that can serve new leaks as torrents. torrent clients equiped with rss scanners can automatically download and seed the leak - this would essentially create thousands of backups of the data as quickly as possible, while also creating thousands of backup connections ("mirrors").