Tor at the Heart: GlobaLeaks

by ssteele | December 15, 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom. Donate today!

GlobaLeaks

GlobaLeaks is an open source whistleblowing framework that empowers anyone to easily set up and maintain a whistleblowing platform. GlobaLeaks focuses on portability and accessibility and can help many different types of users—media organizations, activist groups, corporations and public agencies—set up their own submission systems. It is a web application running as a Tor Hidden Service that whistleblowers and journalists can use to anonymously exchange information and documents. Started in 2011 by a group of Italians, the project is now developed by the Hermes Center for Transparency and Digital Human Rights.

One of the main goals of GlobaLeaks is to provide a configurable system to meet the needs of under-resourced groups and activists who are communicating in their native languages. By default the platform enforces a strict data deletion policy, encryption of file content on disk, and routing of all network requests through the Tor Network. But configurability allows implementing organizations to make choices about how they engage in the process. The tool makes it easy to choose what languages to use, how long data is stored on the system, and the questions a source must answer before they create a submission.

To date over 60 organizations in more than 20 languages have used GlobaLeaks to set up whistleblowing systems. Investigative journalists are using it to produce evidence in controversial stories, NGOs and public agencies are using it to better handle their communication with sources, and we have even seen businesses adopt the tool to handle internal corruption reporting.

At the end of 2015 Ecuador Transparente, a GlobaLeaks user, uncovered political manipulation by state organizations. MexicoLeaks has produced award winning journalism while fighting local corruption with the help of the software. You can even see how the Elephant Action League uses the software to combat wildlife crime in the documentary The Ivory Game.

NGOs also use GlobaLeaks to manage the communication process with sources. Organizations like Transparency International Italy and Amnesty International rely on the system to provide a communication channel off email and telephone networks. The PubLeaks project in the Netherlands uses it to provide a contact point for over 42 Dutch media groups.

A project that uses GlobaLeaks has even helped provide the justification for improving legal protection for whistleblowers. The Serbian parliament recently passed a legal framework for whistleblower protection. Pijstrka.rs was acknowledged by the prime minister of Serbia at an anti-corruption conference in Belgrade for its exemplary role in protecting Serbians reporting on corruption.

In all of these contexts, it is crucially important for sources to remain anonymous. Without the work of the Tor Project, the existence of the Tor Network and the larger Tor community, none of this work would be possible.

Going forward, the development of the project is focused on making it easier to install and maintain a node and improving the resilience of the platform to attacks. If you would like to get involved, you can help translate the project, hunt for bounty, author new code, or donate to the project.

Comments

Please note that the comment area below has been archived.

December 15, 2016

Permalink

This series is so awesome! Thanks.

One theme which I hope Tor media team will bear in mind: currently whistleblowing sites (particularly Wikileaks) are under intense political attack from US politicians (mostly Democrats) who insist (counterfactually) that Julian Assange was a willing collaborator with Putin in disseminating DNC/DCCC campaign documents during the recent US elections, resulting in major loses for the Democratic Party. Since Wikileaks helped publish the Panama Papers, which exposed a massive international money laundering operation by intimates of Putin, such claims are absurd on their face, but the US mainstream mass media has nonetheless enthusiastically endorsed the view that Wikileaks is "anti-American" [sic], even a terrible threat to US "national security" [sic].

It cannot be repeated often enough: attribution of cyberattacks is difficult. In the case of the intrusions into DNC/DCCC (and Republican counterparts), many rival intelligence services are quite cognizant of Fancy Bear and Cozy Bear habits, and thus in a position to manipulate an adversary nation into attributing their own cyberwar activity to a mutual adversary such as RU--- and intelligence agencies frequently attempt to do just this. (I do not however endorse the somewhat amusing viewpoint of John Bolton, who is being considered for a high level national security post by the incoming DJT administration, that the Democrats hacked their own party and is trying to get the Russians blamed, or something to that effect.) The attribution to RU is plausible, but Occam's Razor does not apply here with the same force as it would if extremely devious actors were not involved, and on the basis of evidence published so far, the attribution to RU could be fairly said to be suggestive, but hardly conclusive.

The enthusiastic acceptance by US mainstream mass media of the attribution to Russia and the too easy acceptance of the proposition that whistleblowing generally and leak sites generally pose a "clear and present danger" [sic] to US "national security" [sic] is dangerous to all leak software developers and all leak sites. For decades, the USG has been in the habit of pressuring governments (e.g. Spain, Poland) to pass oppressive legislation enabling the brutal suppression of all domestic political dissent, and the new administration has stated they intend to do this with even greater ferocity than any previous administration. We must be prepared for rapidly expanding political and legal hazards, even as we try to overcome technical attacks.

At the same time, USG is overhauling one of it's major "soft propaganda" arms, BBG, and it appears that in future BBG will refocus on propaganda targeting US persons rather than people in RU, CN, VN, DPRK, etc:

http://www.politico.com/story/2016/12/donald-trump-voice-of-america-232…
Trump to inherit state-run TV network with expanded reach
A provision tucked into the defense bill guts the Voice of America board, stoking fears that Trump could wield a powerful propaganda arm.
Tara Palmeri
12 Dec 2016

> President-elect Donald Trump is about to inherit a newly empowered Voice of America that some officials fear could serve as an unfettered propaganda arm for the former reality TV star who has flirted for years with launching his own network.

https://www.salon.com/2016/12/12/will-donald-trump-have-complete-contro…
Will Donald Trump have complete control of America’s propaganda arm?
Changes to the Broadcasting Board of Governors could allow Trump to build a propaganda arm — paid for by taxpayers
Taylor Link
12 Dec 2016

> Thanks to the National Defense Authorization Act that passed last week, President-elect Donald Trump could have the power to transform the Broadcasting Board of Governors — an independent U.S. agency that runs Radio Free Europe, Radio Free Asia, the Middle East Broadcast Networks and Voice of America — into a state-sponsored propaganda arm of the White House.

Tor Project has in the past relied upon BBG funding, so these changes show which way the wind is blowing in the US, and underline the critical need for the Project to diversify funding sources so that it is never again reliant upon USIC-tied sources such as BBG. (The CIA was deeply involved in Radio Free Europe from the beginnings of US soft propaganda in the very early years of the CIA's existence as a "intelligence" [sic] and "covert" [sic] action agency. See Tim Weiner's book Legacy of Ashes.)

One nation which may be moving in a more encouraging direction may be Iceland, which could be a suitable world headquarters for development of whisteblower protection systems during the next few years. Newly authoritarian nations like USA, UK, and too many other "Western" nations would on the other hand appear to be very unsuitable places to do this kind of work, which is *already* effectively illegal in overtly repressive nations like RU, CN, SA.

http://www.katoikos.eu/interview/icelandic-minister-who-refused-coopera…
Ögmundur Jónasson: The Icelandic minister who refused cooperation with the FBI
7 Dec 2016

> Katoikos spoke to Mr. Jónasson about whistleblower protection, countering the rise of populism and Iceland’s unique approach to the financial crisis...

sorry but i had to bail out and pass out from the long post from this poster...

personally i would be more interested if very short initially and the poster provided an link to the longer message just saying ..

just to let you know i skipped your post as important it maybe to you.. i feel to consider as spam, i turn blind. you lose traction and bore me and many other in split seconds.

short and sweet you will get my and other attention and maybe respect included.

To: bail out and pass out

Your nonsense non-english post (comment) is too long as it is of no-value. If you can not read and will not be bothered by reading why comment at all? Unless torproject.org has been charging for the amount of material you read on the site.
It would be best if you kept such opinions to yourself rather than spamming this medium to undermine someone else's viewpoint, or is it that you totally missed the point of liberating speech through liberated media?
Unless something in this person's post really bothered you, and possibly those you work and operate for. In such case there can be many conclusions drawn about your reaction, and most are hostile to this medium and those that steadily have been supporting it.
I hope by reading my reply you have gotten your money's worth of feedback.
I wasn't too long, was I?

Another very dangerous development is the attack by the Washington Post on independent media outlets, including Truthdig, a progressive news site. The danger is that this type of (verifiably false) hysteria is likely to lead to censorship of the worst type, in which government agencies such as FBI literally shut down independent media sites which publish critical opinion and news stories which embarrass the government. Just like what frequently happens in countries with overtly repressive governments, such as Russia:

truthdig.com
Investigation Into ‘PropOrNot Blacklist Case’ Finds Shoddy Methods and an Ominous Potential
Bill Boyarsky
15 Dec 2016

> If you believe the shadowy organization PropOrNot—a subject of a recent article in The Washington Post—I’m a Russian intelligence agent or a “useful idiot.” Maybe a violator of the Espionage Act and the Foreign Agent Registration Act. PropOrNot also thinks I should be investigated by the FBI and the Justice Department.
>
> It’s not because I have a Russian surname, Boyarsky. It’s because I write for Truthdig, one of more than 200 websites named in a study by PropOrNot, short for Propaganda Or Not. The sites, the study said, were pro-Russian, either intentionally or by being stupid enough to be tools of the Kremlin.

According to WaPo reporter Craig Timberg's notorious story, numerous left-leaning news sites are peddling "fake news", when in fact (in my rather extensive reading experience at Truthdig and some of the other sites Timberg wants the FBI to shut down), they cover genuine issues of public concern that mainstream news does not, such as NORTHCOM training for urban warfare in US cities, including unannounced "live fire" training. The WaPo prefers to ignore the frightful indications of this training, indeed to ignore it's very existence, but many citizens have seen it with their own eyes and know it is happening. And the US military itself has published numerous news releases acknowledging that unannounced "live fire" "training" and low level cyberwar "training" overflights are happening.

Tor is needed more than ever.

Not sure we yet have seen in this blog any unambiguous examples of either hate speech or creative/innovative attempts to defuse same, but this initiative may be worth bearing in mind:

techdirt.com
Do You Have Examples Of Constructive Responses To Hateful/Abusive/Trollish Speech Online?
from the please-share dept
Mike Masnick
15 Dec 2016

> Do you have examples of communities or individuals coming up with unique, creative or innovative ways to respond to hateful, abusive or trollish speech? Please let us know in the comments as we're trying to help an important research project on this -- including getting people past the kneejerk reactions to seeing speech they dislike by assuming that the only thing one can do it about it is ban it. I'll explain more below -- but if you have good examples, please share them -- preferably with links so that they can be investigated further.
>
> This is a project that we're trying to help out with, put together by Susan Benesch from American University and the Berkman Klein Center at Harvard. Over the last year or so, I've been fortunate to get to spend some time talking to Susan. Coming from a human rights background, she's done some amazing work on free speech, and on how speech can lead to violence or other dangers. She's also behind the related Dangerous Speech Project, which has looked at examples of the kind of inflammatory and violent rhetoric that often precedes mass violent outbursts to find patterns. I know that, among many free speech advocates (like ourselves), hearing some of that may raise the hairs on our necks, fearing that what comes after that is a demand to shut down that kind of speech. Yet, Susan has focused not just on understanding what kind of speech precedes violence, but also on what works in counteracting that -- and she argues (and we agree!) that censorship rarely does.

Be careful there too! There is no such thing as "the" hidden wiki. Or rather, there was, and its operator shut it down in like 2005. After that there have been dozens of random sites, run by random people, who each call themselves "the hidden wiki". So you might be suckered by the name into thinking it's official in some way, but it's not, it's just some person running some website with an official sounding name. Good luck. :)

December 17, 2016

Permalink

There is a political drawback in whistleblowing, that a clear and open (no secrets among public agencies) capitalist pseudo-representative democracy is possible. The system of inequality and injustice whether open and clear of based on secrets-lies and extortion, is still a system of inequality and injustice.
Then there is a second drawback to general whistleblowing. The position of those fighting against inequality and injustice, due to the nature of the beast they are fighting, they must be able to hold secrets and deceive authorities. Infiltrators can whistleblow just as easily, but of course with the advantage of being on the side of the rich and powerful, which can be translated to cold black hard cash any day any where.

And now there is this other question that stems out of this topic's nature. If you and I can perceive possible to store, share, exchange information, secretly over "their" network, how can we possibly accept that "they" do not know at least as much as we do (and have access freely to such tools), to protect their information and someone can break through and release them in public. Are we this small enlightened minority that know better than the "bad guys"? Are they as arrogant and clumsy that they allow information "to leak"? I hope you are getting what I am trying to say.

If I have a nice encrypted and signed disk of information, and my "associate" has the same, and we use our secret little encrypted and dedicated onion exchange transport, with gpg and all other goodies, nobody can see and decode diddlysquat. But Hilary's top secret email is hackable, and so are TTIP secret drafts and so on and so forth.

Am I, or are we, missing something?
Transparent and open capitalism, give NSA to the people! Com'on!!

i do not understand that you are saying : inequality & injustice are not a system and whistle-blowing is not based on these "foundations" .
Are the 'unknown' funds redistributed to the tresor/poors/victims ?
The congress or the parliament of your state could answer but not a whistle-blower ...so the Inequality cannot be reverse or be a step for a revolution as long as you will not re-appropriate your fortune (they did it with the funds of the organized crime).
Injustice ? because a bad job is better payed than a nice ... because i must be agree that ugly is > than beauty ... i am not their boss or the nephew of a judge in the supreme court ... facts could show you something real but will the world or you change after realizing that they are living in a comfortable home doing Not correctly their job ?
give names and ask with the help of real fact that the person who did & do be judged & lost his remuneration & pay compensation : knock on the gold-wallet:dirty-wallet whatever the importance of his job & his nationality ( i am thinking about the boss of the fmi e.g) and about french bank (maddof helps one to commit suicide but no money was found : great magician of wall street , you burn more money you print).

December 27, 2016

Permalink

Whistleblowing websites can be flooded with any kind of crap because it is impossible for the site owners to check the document's genuineness.

You should check out the designs of Globaleaks and Securedrop -- they let the two sides interact with each other, so authenticity and so on can be confirmed to the extent that the submitter is comfortable doing so.

I don't mean to suggest that it's an easy problem, but I don't think "whistleblowing websites" make the problem any harder.