Slashdot Mirror

← Back to Stories (view on slashdot.org)

Swartz-Designed Whistleblower Tool "SecureDrop" Launched

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes in with word of a new tool for whistleblowers: "The 'strongest-ever' whistleblowing tool for sources to speak anonymously with journalists, partly developed by the late Reddit co-founder Aaron Swartz, has been launched by the Freedom of The Press Foundation. Before his suicide in January 2013, Swartz had been working on a tool for sources to anonymously submit documents to journalists online, without using traceable email and in a way that could be easily catalogued by news organisations. Called SecureDrop, the tool can be installed on any news organisation's website as a 'Contact Us' form page. But where these pages usually require a name and email address, the encrypted SecureDrop system is completely anonymous, assigning the whistleblower two unique identifiers - one seen by the journalist, and one seen by the whistleblower. These identities stay the same, so a conversation can be had without names being shared or known."

13 of 79 comments (clear)

  1. The problem - yellow dog journalists by Taco+Cowboy · · Score: 5, Insightful

    The problems that are plaguing our world is not only the power that be.

    The journalists are also part of the problem.

    You see, most journalists we have today do not even comprehend the ethic behind journalism.

    And worst of all, some of the journalists are willingly cooperating with the power-that-be (you can see the evidences of the so-called "news media" we have nowadays) - and I still remember a case back in the Bush (senior) days where CNN actually turned over the identity of a whistle blower to the Department of Defense.

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:The problem - yellow dog journalists by mrmeval · · Score: 2

      Fat asses want a fat paycheck without working for it. Real investigative journalism is a passion, it is expensive and it is exhausting.

      I remember with Geraldo Rivera had a new TV show and had assembled an exceptional group of people and he did this and it was awesome. By the third episode he was a tripe spewing shill ... again.

      Slowly all that exceptional talent meandered away.

      --
      I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
  2. This is only one layer. by Forbo · · Score: 5, Insightful

    I certainly hope that the news orgs will include a warning that they should be using this only as one part of an attempt at anonymity. With the NSA's beam splitters hard at work in every major ISP backbone, it would be quite trivial for them to trace this back.

    1. Re:This is only one layer. by drinkypoo · · Score: 3, Insightful

      Why print? uSDHC cards are cheap. 16GB for ten bucks is not unusual, for sixteen bucks is easy. Printing won't save you from identifiers hidden in the documents, if that's what you're worried about.

      I imagine if I wanted anonymity I'd take a directional wifi rig into the hills and point it at town...

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:This is only one layer. by complete+loony · · Score: 3, Informative

      Source code seems to be available online here. A quick look at the User Manual indicates that all communication is routed via tor which raises the bar for tracing connections significantly.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    3. Re:This is only one layer. by lxs · · Score: 2

      The manufacturer usually is somewhere in China and they generally don't deal with individual stores. It either goes to a wholesaler or to the central warehouse of a chain of retailers. We're talking about bulk goods here, not about printers or PCs. Worst case, there is an RFID embedded in the packaging. IME (the place where I work sells SD cards amongst other stuff) 9 times out of 10 the packaging ends up in the trash before leaving the store. The card goes into the device while the customer stands at the counter. After a week nobody knows which individual card was sold to which customer.

  3. Re:Traditional Mail? by Anonymous Coward · · Score: 2, Informative

    They can still narrow it down to the nearest post office or mailbox or courier depot where you drop off the package. Last time I talked to the courier, they are keeping records of 2 years. There is also the usual fingerprints etc they can collect from the letter assuming if they find the actual package.

  4. Re:Why is his death considered a suicide? by Anonymous Coward · · Score: 3, Informative

    I think you're thinking of Michael Hastings, not Aaron Swartz.

  5. Re:The NSA could trace this. by AHuxley · · Score: 2

    Yes expect to see a lot of front organisations offering US legal and press advice.
    Security cleared, stay in the USA, talk to the press and congress will 'protect you'.
    Security cleared just means your trial will be in a closed court.
    Staying in the USA subjects you to color of law.
    The tame press will re work your interview into strange soundbites.
    Congress will 'protect you' all the way to your closed court with a short list of security cleared lawyers to select from.
    Fake leads seem harder after http://en.wikipedia.org/wiki/Yellowcake_forgery ... the press now knows to look into docs a bit more now :)
    Like East Germany the US will allow its press total freedoms but over time the press will get the http://en.wikipedia.org/wiki/2013_Department_of_Justice_investigations_of_reporters message.

    --
    Domestic spying is now "Benign Information Gathering"
  6. Re:How I hope Mr. Aaron Swartz is still alive ! by rmdingler · · Score: 3, Funny

    All we know for certain, is that if Mr. Schwartz was still alive, he would be clawing the hell out of his coffin lid.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  7. Re:Why is his death considered a suicide? by Anubis+IV · · Score: 2

    There's been a lot of discussion after his death that it might have been a hit. He told close friends that he was under watch. A few days after his death, there was a video posted showing how a hacker could control a toyota prius.

    Not true, on all three counts. Aaron Swartz hung himself after something really bad happened to him. Perfectly reasonable, and an utter shame. It sounds like you're confusing him with Michael Hastings, the investigative journalist who died a few months later under somewhat suspicious circumstances involving an out of control Mercedes he was driving after he had told his friends that he needed to lay low while doing an investigation on the intelligence community.

  8. Re:Why is his death considered a suicide? by Anubis+IV · · Score: 3, Informative

    Aaron's car never blew up. He hung (hanged?) himself. You're likely thinking of Michael Hastings, who died recently under circumstances that are closer to what you're describing.

  9. Re:How does it work? by watice · · Score: 3, Informative

    Looks like with PGP & Tor, & USB Keys. It's detailed here. https://github.com/freedomofpress/securedrop/blob/master/docs/user_manual.md