
GlobaLeaks: Open-Source Whistleblowing Software - kungfudoi
https://github.com/globaleaks/GlobaLeaks
======
JohnStrangeII
My number 1 addresses for whistleblowing would be the NYTimes simultanesously
with a German news outlet like Zeit, Spiegel, or Sueddeutsche Zeitung. My
number 2 address would be Wikileaks.

These have actual, proven expertise in publishing leaks.

All those new "leak sites" have a trust problem. Although it's likely that
most of them have noble intentions, it's equally likely that some of them have
been funded by or have been undermined by intelligence services. I wouldn't
even trust any open source software that is specifically developed for leaking
sensitive information - it's simply too easy to slip an obfuscated security
hole in it, and it's not as if the developers could afford regular
professional audits.

I suspect some people will downvote me for this, but in highly sensitive
matters I'd rather stick to those with a proven track record and evidence of
having been persecuted by governments in the past.

To the people who think this is paranoid: It's not. Getting informants or
people working on their behalf in crypto projects is the bread & butter of
what intelligence agencies do, and it's much easier for them than their usual
targets such as foreign military and agencies of state adversaries.

~~~
abecedarius
GlobaLeaks has had at least one professional audit of the software. I haven’t
been following in recent years and they should definitely make it easier to
find their current status on that score. (I just poked around on mobile and
didn’t see it.)

~~~
antimatterx
It seems they got at least one penetration test every year since 2012:
[https://github.com/globaleaks/GlobaLeaks/wiki/Penetration-
Te...](https://github.com/globaleaks/GlobaLeaks/wiki/Penetration-Tests)

Im not that expert to evaluate them but the reviews seems good and performed
by relevant auditors to the community.

------
alexandercrohde
I don't get why we are making websites that are supposed to be whistle-blowing
platforms. It's already been established that numerous corruptible parties can
break https (e.g. by hacking a cert).

Depending on the nature of the leak, perhaps it'd be best to get it into a
safe public store that won't be disappeared (e.g. the blockchain) in an
encrypted fashion, and then release the key to select parties.

~~~
therein
There is really no reason to involve the blockchain here unless you care about
who leaked it first and who gets to claim credit for it.

Just put it up as a torrent and share the magnet link.

~~~
tajen
The IP of the source torrent is published.

~~~
Sir_Substance
So stick a raspberry pi rigged to automatically upload the file in your pocket
and go use the free wifi at your local library?

~~~
senectus1
given how many camera's are around I wouldn't be surprised if they tracked you
down fairly quickly.

~~~
GW150914
How about bolting it to a small drone and flying around until you find an open
WiFi you can use? Then fly it into the nearest body of water.

~~~
Sir_Substance
Possibly, depends on how generic a drone you can get though, it might be
possible to trace through the drone purchase and/or serial number. If you
don't care about time and are willing to spend a bit of money, you could
potentially attach an automatic wifi connecting and uploading raspberry pi or
similar to the underside of a random car and just let it drive around. In most
cities it'll eventually park near an open wifi. You might want to deploy two
or three I guess.

------
boramalper
Related: SecureDrop - [https://securedrop.org/](https://securedrop.org/)

------
tribby
I don't really understand the point of this project or similar efforts like
securedrop, while understanding their motivation just fine. moving information
from point A to point B is a very, very small part of the whistleblowing
process, and it's already solved by other projects that are not specific to
whistleblowing. trusting the recipient of sensitive information to use it well
is a much more difficult problem, and it can't be solved by software. if
reality winner had used _the intercept_ 's securedrop instance to transmit her
information, it clearly wouldn't have prevented them from mishandling it.

~~~
antpls
> trusting the recipient of sensitive information to use it well is a much
> more difficult

Just curious, why is that even in the process? If you want to spread
information, would you not distribute it to as many people as possible? Why do
you have to trust the recipient?

~~~
tribby
ethics and time constraints. whistleblowing and radical transparency aren't
the same thing; every whistleblower has a different reason for doing so and
spreading all available information is just one possible desired outcome.

one of the reasons snowden sent his information to journalists was to remove
his own biases from the process -- he wanted journalists to help go through it
all, determine what was in the public interest, what could be unnecessarily
damaging, etc. he wouldn't have had time to do that himself before being
caught.

this is in stark contrast to documents found on wikileaks for example that
contain social security numbers and other sensitive information completely
unrelated to the thing the whistle is being blown on.

~~~
antpls
> one of the reasons snowden sent his information to journalists was to remove
> his own biases to be part of the process -- he wanted journalists to help go
> through it all, determine what was in the public interest, what could be
> unnecessarily damaging, etc.

Now, you introduced biases from the journalists, which is arguably not better.
Journalists could be influenced or controled by states or other parties, and
then surely control a part of public opinion. (See the scandal with the Tesla
employee who sent data to a reporter from Business Insider, and that reporter
is then accused of being systematically biased against Tesla)

> this is in stark contrast to documents found on wikileaks for example that
> contain social security numbers and other sensitive information completely
> unrelated to the thing the whistle is being blown on.

That's a better argument to me.

~~~
tribby
> Now, you introduced biases from the journalists, which is arguably not
> better. Journalists could be influenced or controled by states or other
> parties, and then surely control a part of public opinion.

sure, but he significantly reduced that risk by going to a number of
journalists working for different organizations in different countries,
creating a disincentive for any single publisher to become known as the one
that publishes misinformation.

I agree there's a stronger argument against radical transparency than there is
in favor of intermediaries, but whistleblowing is realistically never going to
be a scenario in which the circumstance or timing is perfect... going to
journalists is a good solution, not a magic one.

------
jakecraige
First step in trying it out requires inputting my full name and email address
:/

~~~
boomboomsubban
That's the first step in trying out the projects public demo, where they host
an instance on their servers and give you a subdomain. Setting up your own
server does not give them your personal information.

------
arkadiyt
I think SecureDrop is the gold standard in this area - does GlobaLeaks offer
anything over SecureDrop?

~~~
schoen
I haven't seen a feature comparison recently (I remember a panel discussion
about this some years ago, but don't recall much substance), but I just wanted
to point out that GlobaLeaks is a similar age to SecureDrop and may well be
pretty mature. My impression is that SecureDrop is developed mainly by
Americans and GlobaLeaks mainly by Europeans, and each might also have been
_deployed_ primarily on the continent where it was developed. If my impression
is right, there might be an ongoing reason that particular groups of people
are more familiar with one than the other.

~~~
tgragnato
Side note, but GlobaLeaks requires JavaScript. This is an issue if you fear
someone might try to exploit your browser.

~~~
jerheinze
> Side note, but GlobaLeaks requires JavaScript. This is an issue if you fear
> someone might try to exploit your browser.

JS is not the only surface attack. Also what's the point of targeting anyone
who goes into *.onion if it risks burning up your high-price exploit?

------
charlieanon
its seems that the same software has been just adopted by the municipal office
against fraud and corruption of Madrid:
[https://news.ycombinator.com/item?id=17534287](https://news.ycombinator.com/item?id=17534287)

------
ljw1001
The single biggest "success" of the whole leaks thing has been to help put
Trump in office, which shows three things.

First, it's ridiculously easy for powerful and dubious players (example here
Russian intelligence, not Trump) to twist this well-meaning idea into a
horrible parody of itself.

Second, the most vulnerable to manipulation from this technique are
democracies (and to a much lesser extent) public corporations, who I would
argue, are less of a problem than either autocracies or super-rich
individuals. You can't embarrass Putin out of office no matter what gets
leaked. Anyone who tries to use it against him will fall out of a window and
it will be forgotten. Nor can you easily make the Koch brothers behave, even
if an award winning journalist writes a best-selling and award winning book
about their shenanigans [https://www.amazon.com/Dark-Money-History-
Billionaires-Radic...](https://www.amazon.com/Dark-Money-History-Billionaires-
Radical/dp/0307947904)). You'd pretty much have to leak photos of them holding
severed heads to get the US government to move against them effectively.

Third. Often, it's politically dangerous for a leader to do the 'right thing'.
This technique is just as useful to prevent someone from doing the right thing
as it is to prevent them from doing the wrong thing. The difference is how
controversial the action is, not whether it is right or wrong.

So, regardless of whether this can be done securely, it's really important to
ask yourself how it is likely to be used, by whom, and to what end. People
tend to forget that stuff when they have a cool new technology.

~~~
ljw1001
So many down-votes, so few coherent arguments. :)

Maybe somebody can show me why I'm wrong in stating that democracies are
asymmetrically more vulnerable, or that this can be used as readily by bad
actors for bad ends as it can by well-intentioned people for good ends.

~~~
vivekd
I didn't down-vote but pretty good counter arguements is there really is no
evidence that Russia was actually behind the leaks other than the CIA and the
department of homeland security said so. Seeing as these are the same
organizations that lied to us time and time again, like lying about the cause
of Benghazi, I'm not inclined to believe anything they say without evidence.
These people are known liars and pretty much everything they say is a
politically motivated manipulation.

Sure Russia could be behind the DNC leak, but so could a 14 year old who
guessed that podesta's password was password (if you believe Julian Assange's
claims which haven't been denied by the DNC). It could also be a disgruntled
Democratic party staffer who saw what Hillary and Podesta were like behind the
scenes and said "fuck these people, the public needs to know what they're
really like"

Second, why is it a bad thing that Hillary's email was leaked? It gave an
insight into how corrupt the Democratic party is and how corrupt our
politicians are and how the democratic process is being rigged. This is a lady
who ran a private email server as secretary of state. I'm happy that we were
able to find out how the Democratic party rigged the campaign against Sanders
and worked a little too closely with the media to ensure a Hillary victory.
I'm also glad we found out the real reason for the attacks on Libya (gold
reserves not protection of people).

Sure it had a bad result for Trump opponents who didn't want Trump to win. But
imagine it was not Trump but Obama running against Hillary and the emails had
been leaked. I'm sure you and everyone else would be saying that it was a
great moment for democracy instead of regarding it as a terrible mockery.

~~~
ljw1001
You can change all the names, but all of the criticisms remain valid. It's
super-easy to game an anonymous "leak" distribution platform, in particular if
you're an intelligence agency. That alone should give people pause, but it
doesn't.

~~~
boomboomsubban
An intelligence agency can already leak stuff to the press while remaining
largely anonymous, this doesn't improve their situation nearly as much as an
actual whistleblower.

~~~
ljw1001
who was the whistle-blower in the Hillary emails?

Someone else gave the Pentagon papers as an example of a "good leak" and it
was. But I think good leaks tend to be those, like the pentagon papers that
are handled by responsible organizations (NY Times and Wash. Post in that
case). The people who created this code may be just such people, but there's
no reason to think someone who does git-clone on this repo is.

By the way, both the Post and the Times openly solicit leaks.

~~~
boomboomsubban
You're missing the point. If you assume some intelligence agency was behind
the Clinton email leak, they could have anonymously leaked them to a range of
press outlets and generated the same result. Meanwhile, Ellsberg had to work
incredibly hard to prevent being caught before the Pentagon Papers went
public. A site like this makes Ellsberg's life easier, while making no
difference to the intelligence agency.

The method of leaking has little to do with the value of the leak, someone
will print almost anything. The Times and the Post regularly print items
intentionally leaked for propaganda purposes, the classic example is the
buildup to the Iraq War.

