
GlobaLeaks - Open Source Whistleblowing Framework - yaph
http://globaleaks.org/
======
olalonde
I've noticed yet another interesting double-standard on HN: privacy should
always be respected except when it comes to the "bad guys". It's all good as
long as you agree on who the bad guys are. This is an extremely slippery slope
as we can all witness with the US war on terror slowly eroding personal rights
for the greater good. In my mind, this line of thinking is analog to the "free
speech unless you say something I don't like" mentality. Do we really want to
devalue privacy so we can catch a few bad guys? Just saying we should all be
extremely careful around the topic.

~~~
nextparadigms
You don't really have to make that choice, because these leaks are targeted at
Governments. Governments _should_ be transparent with their citizens. When
they are not, the leaks will start showing up. I think that's ultimately good
for society, even if now and then some secrets are not supposed to come out.

~~~
J3L2404
Good luck with diplomacy if you have no private communications.

~~~
magicjuand
Good luck with "diplomacy" when you have secret communications discussing a
secret alternative agenda.

------
aubergene
> The Target receives the submitted material as a tulip that will expire after
> a certain amount of downloads

Perhaps I am hopeless behind the times, but what is a tulip?

~~~
ewest
From what I found reading through some stuff, 'tulip' is the term used to
describe whatever a whistle-blower uploads. It also has some meta-data
including a point of discussion, so that the Global Leaks provider (the
recipient of information) can ask the sender (the whistle-blower) to upload
some more material or explain something. It seems tulips can be set, by the
sender, to expire.

Here's a link to the tulip controller - you can mostly figure out what it does
reading through the well-structured code:

[https://github.com/globaleaks/GlobaLeaks/blob/master/globale...](https://github.com/globaleaks/GlobaLeaks/blob/master/globaleaks/applications/globaleaks/controllers/tulip.py)

------
denzil_correa
It would be interesting to see how governments around the world react to this.
They haven't taken WikiLeaks to kind and in some ways we know their decision.
However, it would be great if some governments accept such a framework.

~~~
readme
If a government reacts to this, then you know the project was a success.

~~~
denzil_correa
I think if a government reacts, we would know that this Whistle Blow framework
has good potential. Unless adopted, I wouldn't label it as success. It would
be another project like WikiLeaks which is waiting to be back door squeezed by
the FBI and their equivalents.

------
sparknlaunch12
Whistle blowing is not limited to wiki leaks style government secrets
publication. What about employees stumbling onto corporate mis behaviour?
Victims of war etc etc This may help the Arab spring type scenarios.

------
aw3c2
The website does not work without Javascript. Javascript is unsafe. I would
not trust them with my sensitive revelations.

~~~
driverdan
Saying JavaScript is unsafe is like saying driving a car is unsafe. If you
intentionally run into a wall sure, it's unsafe.

If you don't trust a site enough to let them use JS do you really trust them
enough to send them your leaked data?

~~~
streptomycin
JavaScript just adds another thing that could go wrong, in exchange for a
potential increase in usability. On a site like this, it's almost certainly
not worth it.

~~~
neilk
Usability is the entire focus of what they are doing. They aim to make it
possible for non-programmers/non-sysadmins/non-security geeks to set up their
own whistleblowing framework. Think journalists, volunteer orgs, activists,
dissenters...

~~~
Hrundi
I think the word here is accessibility, not usability. Every step of the
process can be made usable without the need for JavaScript.

From a security stand-point, I don't trust whatever JavaScript engine is
running, even more when considering non tech-savvy people.

An activist could find himself in a delicate position and discover that many
CPU cycles ate away whatever battery was left in their mobile devices, just to
display three Canvas elements in a row, with the text "Tulip", "not", "found"
in a cool font.

Now the browser can crash due to a flaky HTML5 Canvas implementation in
addition to the JS engine.

------
mooneater
It looks like mostly icing on top of <http://tor2web.org/>

------
ktizo
Good to see someone trying the Dissent As A Service turnkey business model.

------
9k9
What happened to openleaks?

~~~
freshhawk
Note enough people fell for that con I guess

------
taphangum
I worry about things like this. I'm all for freedom of information and all
that, but if that information is all that's keeping one country from launching
nuclear weapons at another. That information should be kept very very private
indeed,

~~~
mkup
The only reason keeping one country from launching nuclear weapons at another
one is Mutual Assured Destruction principle. Without nuclear weapons, the
world would be a much more dangerous place to live.

We had two world wars in the first half of previous century. It was a like a
loop: as soon as new generation of youth eligible for combatant service grew
up, world war started again.

Fortunately, nuclear weaponry ended that loop, and Mutual Assured Destruction
principle is the only reason for protracted peace at the global scale.

~~~
linschn
I find your statement

> Mutual Assured Destruction principle is the only reason for protracted peace
> at the global scale

very hard to believe. Do you have any source I could read that may change my
mind ? For the moment I am a proponent of global nuclear disarmament, I don't
have any source in english but the argument that draw me in was can be phrased
as :

During the one true nuclear crisis, the Cuba missiles, Kennedy did not send
the Air Force because the chance of getting nucleary hit, even "a little", was
not 0%. Still, the doctrine of Mutual Assured Destruction posits that one
enemy must be sure to be completely destroyed.

So we have a doctrine that leads to enormous arsenals, yet the only data point
we have shows it is probably not true, as a mere chance of getting a small hit
was enough for Kennedy to back down.

Hence, our arsenal are, at best, far too huge. I furthermore believe that we
would be better off with no nuclear weapon at all, but I wanted more info
about your precise statement.

~~~
excuse-me
So you think that what kept Stalin from marching into West Germany in the
1950s was a respect for the principle of freedom and independence in the
Federal republic? Or perhaps he feared the awesome military capabilities of a
conventional British army of the Rhine?

And similarly Washington didn't start a war with the USSR because it believed
in "live and let live" with regards to world communism.

~~~
linschn
From my questioning of (emphasis mine) :

> Mutual Assured Destruction principle is the ONLY reason for protracted peace
> at the global scale

you seem to derive that I think something along the line of "Equilibrium in
nuclear abilities played no role in global stability during the cold war."

The answers to your rhetorical questions are of course all no. But do you
truly think the huge size of our nuclear arsenals are a necessary feature for
global stability nowadays ? If yes, could you explain to me why a smaller
arsenal could not do the trick ?

~~~
excuse-me
I think a big enough nuclear fleet on bath sides has led to the first half-
century in the history of europe without a major war.

I think it's also odd how politicians 'claim' that Iran/Korea/Belgium mustn't
be allowed to get nuclear weapons because then they would be unstoppable. So
MAD works against the USSR but not against Iran?

