Swartz-Designed Whistleblower Tool "SecureDrop" Launched

An anonymous reader writes in with word of a new tool for whistleblowers: "The 'strongest-ever' whistleblowing tool for sources to speak anonymously with journalists, partly developed by the late Reddit co-founder Aaron Swartz, has been launched by the Freedom of The Press Foundation. Before his suicide in January 2013, Swartz had been working on a tool for sources to anonymously submit documents to journalists online, without using traceable email and in a way that could be easily catalogued by news organisations. Called SecureDrop, the tool can be installed on any news organisation's website as a 'Contact Us' form page. But where these pages usually require a name and email address, the encrypted SecureDrop system is completely anonymous, assigning the whistleblower two unique identifiers - one seen by the journalist, and one seen by the whistleblower. These identities stay the same, so a conversation can be had without names being shared or known."

LET THE GAMES BEGIN!

[Jeremiah+Cornelius]

Now, OUT the Bastards!

Re:LET THE GAMES BEGIN!

[Yomers]

I can answer one of your questions - why some Russians have dash cameras on their cars.

- Dash cam means in case of any kind of traffic accident that can lead to legal conflict you have video of accident and an ability to use it or not. If recorded evidence is not in your favour - delete it. If it shows how this cute child jumped on the road from behind the truck right in front of your car - it might help you to avoid some jailtime.
- Set ups are not frequent any more - everybody have liability insurance so it does not make sense now, everybody is calling insurance after incidents as small as a scratch.
- You might get lucky and record plane crash,
http://www.youtube.com/watch?v=iHqFDsKq5DA
or meteorite,
http://www.youtube.com/watch?v=2FCJOuLXIz4
or, at least, just a deadly accident.
http://www.youtube.com/watch?v=gRWtf0000e0
- Dash cams are cheap.
- In Russia you do not need permit to use dash cam.
- So why not to get dash cam?

P.S. You say "have to have dash cameras on their cars" as if it is something bad. I disagree - youtube would be boring without Russian dash cams! And while cams are not feeding stream to central location but just record it on a flash - to be erased on a next day, if nothing of interest has happened - cams are not really a threat to privacy.

Re:LET THE GAMES BEGIN!

[icebike]

I have to agree with your last paragraph, Russian dash cam videos are addictive. You can learn a lot about dangerous driving practices that cause accidents. Watching them makes you a more defensive driver.

I've seen it alleged that the reason these are so popular in Russia is that the police are so easily corrupted and bribed into writing up the accident as being the fault of who ever offers the smallest bribe.

Of course I have no way of knowing if this is true. In most places in the US and Canada, any suggestion of a bribe will get you in handcuffs. (I'm sure there are exceptions in some places in the US, but it is rare enough that the traveler never dares make such an offer.) In Mexico the cuffs appear only if your bribe offer is too small).

So dash cams are not that necessary in the US, and most of Western Europe because most accidents will be reported fairly, and most insurance companies will conduct their own investigation for large claims.

So "have to" as mentioned by the GP refers to protecting one's self from corrupt police.

Re:LET THE GAMES BEGIN!

[cold+fjord]

Russian automobile insurance companies have required dash cams.

Re:LET THE GAMES BEGIN!

[icebike]

Source?

Re:LET THE GAMES BEGIN!

[ArbitraryName]

Maybe not de jure required, but certainly de facto .

Re:LET THE GAMES BEGIN!

[gl4ss]

the cams _are_ the insurance for the insurance.

they might not require them per se but they aren't paying money out without the footage.. though apparently you can get lower rates at least with it.

source: various online publications.

Re:LET THE GAMES BEGIN!

The press has free reign in the US. They can expose "atrocities" all day long.

Michael Hastings, an investigative journalist who was was working on a story about the CIA director and who warned his friends and associates that he was being investigated by the FBI, was killed by a mysterious explosion.

Freedom of the press indeed.

Derp

reddit*

The NSA could trace this.

Believe it.

Re:The NSA could trace this.

The NSA could trace this

Trace it? They could flood it with red herrings. When enough fake leads cause editors to abandon it the NSA will send them all one last "Mission Accomplished" message.

Re:The NSA could trace this.

[AHuxley]

Yes expect to see a lot of front organisations offering US legal and press advice.
Security cleared, stay in the USA, talk to the press and congress will 'protect you'.
Security cleared just means your trial will be in a closed court.
Staying in the USA subjects you to color of law.
The tame press will re work your interview into strange soundbites.
Congress will 'protect you' all the way to your closed court with a short list of security cleared lawyers to select from.
Fake leads seem harder after http://en.wikipedia.org/wiki/Yellowcake_forgery ... the press now knows to look into docs a bit more now :)
Like East Germany the US will allow its press total freedoms but over time the press will get the http://en.wikipedia.org/wiki/2013_Department_of_Justice_investigations_of_reporters message.

The problem - yellow dog journalists

[Taco+Cowboy]

The problems that are plaguing our world is not only the power that be.

The journalists are also part of the problem.

You see, most journalists we have today do not even comprehend the ethic behind journalism.

And worst of all, some of the journalists are willingly cooperating with the power-that-be (you can see the evidences of the so-called "news media" we have nowadays) - and I still remember a case back in the Bush (senior) days where CNN actually turned over the identity of a whistle blower to the Department of Defense.

Re:The problem - yellow dog journalists

[mrmeval]

Fat asses want a fat paycheck without working for it. Real investigative journalism is a passion, it is expensive and it is exhausting.

I remember with Geraldo Rivera had a new TV show and had assembled an exceptional group of people and he did this and it was awesome. By the third episode he was a tripe spewing shill ... again.

Slowly all that exceptional talent meandered away.

Re:The problem - yellow dog journalists

The problems that are plaguing our world is not only the power that be.

The journalists are also part of the problem.

You see, most journalists we have today do not even comprehend the ethic behind journalism.

And worst of all, some of the journalists are willingly cooperating with the power-that-be (you can see the evidences of the so-called "news media" we have nowadays) - and I still remember a case back in the Bush (senior) days where CNN actually turned over the identity of a whistle blower to the Department of Defense.

It always been this way, the only time the media/press reports anything is after the fact people haven't bought into there government agenda, you could use several examples, the Vietnam War, the Iraq wars, the media/press peddled government propaganda in order to gain support from the general public, then people get wind of whats going on and start going against it, then the media/press reports what people already know.

Re:The problem - yellow dog journalists

[manu0601]

You see, most journalists we have today do not even comprehend the ethic behind journalism.

The reason is perhaps that ethic had gone economically irrelevant in many medias. How do you want them to focus on ethic when their main motive is just to survive?

Re:The problem - yellow dog journalists

[schnell]

Real investigative journalism is a passion, it is expensive and it is exhausting.

100% agree. Slashdotters, please remember this the next time you complain about any news source that does original, investigative journalism wanting to - gasp - show you ads or charge you for a subscription.

Recycling press releases can be done for free. REAL journalism takes dedication and money to pay the people who are doing the work.

Re:The problem - yellow dog journalists

[CarbonShell]

Reminds me of a quote I read somewhere and am to lazy to source:
"Journalists print things people do not want to have printed. Everything else is public relations."

Re:The problem - yellow dog journalists

"Journalists print things people in power do not want to have printed. Everything else is public relations."

FYP.

This is only one layer.

[Forbo]

I certainly hope that the news orgs will include a warning that they should be using this only as one part of an attempt at anonymity. With the NSA's beam splitters hard at work in every major ISP backbone, it would be quite trivial for them to trace this back.

Re:This is only one layer.

[drinkypoo]

Why print? uSDHC cards are cheap. 16GB for ten bucks is not unusual, for sixteen bucks is easy. Printing won't save you from identifiers hidden in the documents, if that's what you're worried about.

I imagine if I wanted anonymity I'd take a directional wifi rig into the hills and point it at town...

Re:This is only one layer.

[madclicker]

I would think there is a serial number embedded somewhere, that points to the pos for the unit. Then you can trace from there.

Re:This is only one layer.

[complete+loony]

Source code seems to be available online here. A quick look at the User Manual indicates that all communication is routed via tor which raises the bar for tracing connections significantly.

Re:This is only one layer.

[lxs]

I think you severely overestimate the logistic capabilities of electronics retailers. They don't keep track of the serial number (if it even has one) or batch number of every bargain bin item that passes through a store.

Re:This is only one layer.

[cbope]

Maybe so, but you can bet the manufacturer keeps track of the items shipped by serial number and to whom they have been shipped.

Re:This is only one layer.

[lxs]

The manufacturer usually is somewhere in China and they generally don't deal with individual stores. It either goes to a wholesaler or to the central warehouse of a chain of retailers. We're talking about bulk goods here, not about printers or PCs. Worst case, there is an RFID embedded in the packaging. IME (the place where I work sells SD cards amongst other stuff) 9 times out of 10 the packaging ends up in the trash before leaving the store. The card goes into the device while the customer stands at the counter. After a week nobody knows which individual card was sold to which customer.

Re:This is only one layer.

Exactly, I'm sure XKCD calculated how much bandwidth a truck filled with SD cards would create and it was some hugely large value.

And another, directional WiFi would create a great sense of anonymity, especially if you transmit to repeaters that were in a town that actually transmitted the signal to others nearby, self-destructing, no clue where it came from.

I'm not a spy or terrorist, honest, pls no bag me oh no not the nipple clamps p

How I hope Mr. Aaron Swartz is still alive !

[Taco+Cowboy]

The NSA could trace this.

Believe it.

It's too unfortunate that Mr. Swartz had to end his life, no thank to those who run MIT.

If Mr. Swartz were still alive, he would have put in a lot of effort to counter many of the NSA's threats.

Re:How I hope Mr. Aaron Swartz is still alive !

i was sad to hear he committed suicide, nonetheless. We are none of us perfect, and it is still what we do that counts. I have a modicum of sympathy for the idea that the Govt coming down on you with a vengeance is definitely a life changing experience for anyone of us - unfortunately too much for this man.

Let us not forget the whole point about this spat between the journalists and the govt is because in many respects they are acting exactly like a pathological bully.

We the people...

Re:How I hope Mr. Aaron Swartz is still alive !

[rmdingler]

All we know for certain, is that if Mr. Schwartz was still alive, he would be clawing the hell out of his coffin lid.

Re:How I hope Mr. Aaron Swartz is still alive !

[ihtoit]

you might not agree with everything he says, but he has every right to say it just as you have every right to change the fucking channel.

Traditional Mail?

[OldJuke]

What about printing the documents and submitting them via traditional post? USPS, UPS, or Fedex? Honestly that seems to be the most anonymous/un-traceable way to send documents.

Re:Traditional Mail?

They can still narrow it down to the nearest post office or mailbox or courier depot where you drop off the package. Last time I talked to the courier, they are keeping records of 2 years. There is also the usual fingerprints etc they can collect from the letter assuming if they find the actual package.

Re:Traditional Mail?

[lxs]

So you wear gloves and stick it in a letterbox far from your home. In a big city the other side of town should be far enough. Don't wear your AFDB when using public transport. It makes you look suspicious or a least memorable to potential witnesses.

Re:Traditional Mail?

[K.+S.+Kyosuke]

Don't wear your AFDB when using public transport. It makes you look suspicious or a least memorable to potential witnesses.

Well, I can definitely see how wearing your African Development Bank on public transport could raise some eyebrows...

Re:Traditional Mail?

[lxs]

You're not familiar with the Aluminum Foil Deflector Beanie? You have seven (7) days turn in your geek card at your nearest LUG. Delays will not be tolerated.

Re:Traditional Mail?

[capedgirardeau]

Also do not forget that we know some color printers and copiers are encoding traceable information in the pages they print. I thought more than just color printers did that, but I can't find a reference.

I would err on the safe side and assume the practice has expanded since first discovered.

https://www.eff.org/issues/printers

*-_-*

[jmhobrien]

I wonder if this is what Glen Greenwald is joining... http://news.slashdot.org/story/13/10/16/1216218/glenn-greenwald-leaves-the-guardian-to-start-his-own-site

Re:*-_-*

The Village People?

Reddit cofounder

I wish people would stop billing him as this. It's really not true (he joined via merger 6mo after founding). The guy accomplished a lot but this wasn't one of the things.

spam

And they get filled with TB of encrypted spam and fiction. Going to be hell separating the signal from the noise.

Why is his death considered a suicide?

[t0qer]

There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius.

Re:Why is his death considered a suicide?

I think you're thinking of Michael Hastings, not Aaron Swartz.

Re:Why is his death considered a suicide?

[artor3]

Good point. The NSA could have had a remote controlled Prius tie that noose around his neck!

Re:Why is his death considered a suicide?

[Frosty+Piss]

There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius

There's little question that he was a smart guy, and that the charges against him were unjust.

But it is talk like this that only goes to further support the information that is known about his personal mental state. This type of talk is classic paranoia, and very unlikely to be in the realm of reality.

Re:Why is his death considered a suicide?

[...] A few days after his death, there was a video posted showing how a hacker could control a toyota prius.

...which might be interesting if his mode of death anything at all to do with a Toyota Prius rather than, you know, hanging from a noose.

Sheesh

Re:Why is his death considered a suicide?

[AHuxley]

Depends how you relate the issue to past people with unique information facing governments.
Costas Tsalikidis, the Greek telco whistleblower was found hanged.
http://en.wikipedia.org/wiki/Kostas_Tsalikidis
http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005
Adamo Bove head of security at Telecom Italia who exposed the CIA renditions via cell phones ‘fell’ to his death.
http://en.wikipedia.org/wiki/SISMI-Telecom_scandal
Deborah Jeane Palfrey, the D.C. Madam was found hanged.
http://en.wikipedia.org/wiki/Deborah_Jeane_Palfrey

Re:Why is his death considered a suicide?

1.) His car blew up and the manufacturer stated it was extremely unlikely. 2.) Sparks were observed flying out from under his car as if he was trying to brake. 3.) I believe the incident remains under investigation by the FBI.

Re:Why is his death considered a suicide?

[Anubis+IV]

There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius.

Not true, on all three counts. Aaron Swartz hung himself after something really bad happened to him. Perfectly reasonable, and an utter shame. It sounds like you're confusing him with Michael Hastings, the investigative journalist who died a few months later under somewhat suspicious circumstances involving an out of control Mercedes he was driving after he had told his friends that he needed to lay low while doing an investigation on the intelligence community.

Re:Why is his death considered a suicide?

[Anubis+IV]

Aaron's car never blew up. He hung (hanged?) himself. You're likely thinking of Michael Hastings, who died recently under circumstances that are closer to what you're describing.

Re:Why is his death considered a suicide?

lol wut

Re:Why is his death considered a suicide?

[cold+fjord]

None of those are quite so odd as that of MI6 Agent Gareth Williams.

Re:Why is his death considered a suicide?

[AHuxley]

Cold he was GCHQ http://en.wikipedia.org/wiki/Death_of_Gareth_Williams press mentions he was seconded to the Secret Intelligence Service ~MI6.
The press hinted at NSA, FBI past work too, with the GCHQ part been a bit more 'left' out of some news reports :)
To be trusted by the US is interesting too.
The inquest seems like that of http://en.wikipedia.org/wiki/David_Kelly_(weapons_expert)
For all the fun of a security clearance, contractor or permeant staff I wonder how many people who rushed to join in the past 15 years really understand what they signed up for.

Re:Why is his death considered a suicide?

There is nothing reasonable about killing yourself. Being offered a plea deal of four months when you were caught red handed is not "really bad." Every day, thousands of people are facing a decade or more in federal prison. Even though those people have neither the resources for defending themselves nor the talent and connections that Swartz had for getting on with their lives after they get out, they do not despair and attempt to kill themselves.

Swartz killed himself because he was sick and needed help.

Proverbial trust me...

[ElitistWhiner]

Secure for the whistleblower to talk to the journo anonymously. If they drop signed chats over the proverbial wall hoping the chat finds its way to the proper recipient in the system. The system knows...hence the trust is in the system.

Any questions how that ends?

How does it work?

[manu0601]

How does it works against Man in the Middle attacks? If it must be defended against NSA, then we cannot take for granted that a browser SSL connection is safe from observers.

Re:How does it work?

[watice]

Looks like with PGP & Tor, & USB Keys. It's detailed here. https://github.com/freedomofpress/securedrop/blob/master/docs/user_manual.md

Re:How does it work?

TOR network? *FAIL* Didn't Snowden already provide whistleblower evidence the TOR network is compromised by the NSA?

Re:How does it work?

[PrimeNumber]

Yes you are correct, which is why I am astounded people continually recommend Tor as if it is a privacy panacea.

Re:How does it work?

[watice]

I haven't heard/read that. As I understood it, a different 3 letter govt agency (FBI was it?) was exploiting weaknesses in Firefox to track TOR users, but I don't believe the TOR network was "compromised by the NSA". I could be wrong though, I tend to not pay attention to conspiracies.

Re:How does it work?

[ihtoit]

that's what I thought!

Please, people, STOP recommending Tor! Here's a bit of forgotten history: Silk Road operated on the Tor network, it was TRACED then TAKEN DOWN by the Met's National Crime Agency.

A primer on the NCA.

Also, please bear in mind that the Tor protocol was developed by the US NAVY. If you do decide to use Tor consider it INSECURE.

also

he also helped invent bitcoin

Re:also

[ArbitraryName]

No, he didn't.

Names No Problem: The Problem Is "traceroute"

Who cares about "Names".

The "real money" will pay $$$$ to obfuscate traceroute!

And THE question is: How do we obfuscate ip routes in traceroute?

Let the "Real Money" pay! :)

I am not impressed

Sorry folks - you may starting throwing stones now. But this technology doesn't impress me. Server side encryption is NOT secure and should not be used if people's safety and livelihoods are at risk. There are several examples around using client-side encryption providing true end-to-end protection.

'nuff said-

Michaela

also co-founder of

the TOR and Free Net projects

Not quite the 99 percent solution

Thank you for your thoughtful solution to the personal communications
privacy problem. We regret to inform you that your plan will not work
because:

  [*] The government and big business are against it,
          now you're fighting a two front war.
  [*] NSA is tapping into the carriers backbone networks.
  [*] If NSA is tapping, do you think the carriers aren't looking at
          their own traffic?
  [*] Your crypto is back-doored by NSA.
  [ ] It's not legal. We all know what the law says, but judges say
          what the law really means.
  [*] The Microsoft "_NSAKEY" registry key is for REAL!
  [ ] Your customers can be found "Guilty by Assosciation."
  [*] You'd be shut down in an instant if it worked.
  [*] You have no privacy. Get over it.

tripcodes?

So they 'invented' tripcodes that 2chan has HAD for years n years?!

Sounds good.

[PrimeNumber]

...but in reality it still sucks because the NSA will be continue to log and sniff all traffic between the host and web site.

Can I pick the journalist?

I would hope I could pick the journalist, since the vast majority seem so politically minded that they could very well aid in covering up or discrediting me to preserve their loyalty to their chosen party, whatever it may be.

Over the years, we have expected our journalists to be less and less the unemotional, unbiased recorder of that which happens around them, and more of an emotional, combative and idealogical superhero.