Search Mailing List Archives
[liberationtech] Safer submission of content to news organizations
steveweis at gmail.com
Wed Jan 18 11:31:56 PST 2012
Just to throw up a strawman design: GPG + Tor.
The news organization posts a public key. Use that key to GPG-encrypt a
submission. Then while using Tor, send the encrypted submission by FTP, a
throwaway email account, or web submission form.
This is a common practice. Most large web sites post a public key for
submitting encrypted security vulnerability reports via email. They don't
want the details of a live security vulnerability on their site floating
around in plaintext email. By running Tor, you have some assurance that
your IP address is not associated with the submission.
The main issue here is usability. Most people will not be able to get it to
work on their own. You might make it easier with an app that streamlines
the process, but is built on well-understood technologies like GPG and Tor.
On Tue, Jan 17, 2012 at 8:39 AM, Martyn Williams <martyn at stanford.edu>wrote:
> Hi to all on this list. I've been following discussions here for a while
> but this is the first time I'm posting.
> I'm a Knight Journalism Fellow at Stanford this year, which means I have
> a year off from reporting to follow projects that interest me and help
> innovate in journalism in some way.
> One of my two projects is focused on the security of consumers who
> supply content (text, photo or video) to news organizations.
> I see a lot of work being done on how citizens/activists/bloggers and
> others can secure information on their end but I haven't seen much done
> on the other end by the news organizations. Sometimes they offer little
> more than an email address or Facebook page for submissions.
> So my project asks: If news organizations are to solicit content from
> people on the ground (and there are no signs this will stop), what can
> they do to make it safer for those submitting the information?
> Should they set up a dedicated server, rely on a cloud service, use a
> certain type of encryption, base it on a particular technology, etc etc?
> The goal isn't anonymity like Wikileaks - that brings a heap of
> editorial problems with it - but making it harder for tracking to link
> person A with news organization B. It should also be practical to
> It will ideally be based on open-source technologies that are freely
> available and can be implemented by news organizations of any size.
> If successful, I hope to present this to news organizations, push for
> its adoption, and raise awareness of the need for media groups to think
> about the safety of those sending content.
> I welcome comments off list. If anyone has heard of or is working on
> similar technology or has an interest in collaborating I'd love to hear
> from you.
> Martyn Williams
> 2012 John S. Knight Journalism Fellow
> Stanford University
> Cell: 650-391-4868
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> Should you need to change your subscription options, please go to:
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
> Should you need immediate assistance, please contact the list moderator.
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
More information about the liberationtech