Search Mailing List Archives
[liberationtech] AdLeaks - a whistleblowing platform
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Mon Jun 24 02:04:29 PDT 2013
Il 6/23/13 2:53 PM, Jens Christian Hillerup ha scritto:
> Quickly noting that I'm not affiliated with AdLeaks, just passing on
> the information.
> On Sun, Jun 23, 2013 at 1:56 PM, Andrea St <andst7 at gmail.com
> <mailto:andst7 at gmail.com>> wrote:
> it sounds different from globaleaks project. Am i right?
> Yes. GlobaLeaks seeks to establish an open-source version of the
> submission system of Wikileaks such that any and everyone can make
> their own leaks site. The core development team of GlobaLeaks is also
> on this list, so I'll let them describe it further.
GlobaLeaks mission is to be a framework with support for different
digital whistleblowing workflow and security threat model.
The AdLeaks concept is very cool (http://arxiv.org/abs/1301.6263), even
if it appear to me very difficult to be deployed and used in a real
See 6.1 (submission duration), it would keep the whistleblower 21 days
to upload a single 2MB file.
Passive traffic analysis with correlation of timing/size/destination is
*extremely difficult and unlikely* to be easy to be protected without
"awareness and actions of the whistleblower" (like using an open wifi,
an internet caffè, using Tor from another persons communication line, etc) .
For a whistleblowing project we're working on, we are going to develop a
Widget to support covert-traffic generation:
This will work with inclusion into the websites of all the partners's
website of this whistleblowing inititives.
This "does not guarantee protection to the whistleblower" doing submission.
Our widget for covert-traffic is specifically designed only to provide
some "additional aid" in some specific case we've discussed (and that
should be better documented in TM).
It help for Whistleblowers that access a submission site from their
corporate/governmental networks, trough proxy servers that save detailed
access logs. In context where Whistleblowers are prevented from doing a
submission (because hind a proxy) but can access it.
In such context the WB will leave trace that maybe interpreted like "he
intended to do a submission, but then he haven't done" .
If in the Enterprise/Government organization's proxy logs, there are
traces of thousands of users connecting to the submission interface (due
to the Widget being embedded in third party popular websites), there
will not be a single, incriminating "log entry" generated by the
unaware/unconscious whistleblower, but thousands of them making slightly
more difficult the analysis.
Supporting covert-traffic generation it's something that "help", but
doesn't fix the real problem that i think *require* Whistleblower awareness.
Anyhow i'm excited to meet at OHM2013 the AdLeaks team and do a
brainstorming on it! :)
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech