Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'

Fabio Pietrosanti (naif) lists at
Thu May 16 01:45:59 PDT 2013

On 5/16/13 12:05 AM, Eleanor Saitta wrote:
> Which parts of the Dead Drop architecture do you think are unnecessary
> for a leaking platform?
First of all "leaking" is not necessarily "whistleblowing" (it's like 
cracking vs hacking "wording debate" :P) .

The act of protecting someone identity that "speak up" within a specific 
topic (for public interest) can also be "whistleblowing" or "speaking 
up", depending on the area of (media, activism, corporation, public 
administration) and security context (risk of retaliation via life 
threatening vs. legal threatening).

If i would had to take actions on DeadDrop i would simplify as follow:
- Make everything work only with 1 server
- Make everything to be installed with few command lines
- Don't use custom-modified-software but only standard one (that you can 
update with standard linux's packaging procedures)
- Find a tradeoff between the need of "efficiency" and "security" for 
the journalist (there may be many different ways) not forcing them to go 
trough a custom, read-only, secure viewing workstation for all submissions

Those actions mostly for the following reasons:

- The "Secure Viewing Workstation" is unrealistic

A journalist (or a group of journalist) need to work on received 
material "online" and not "offline" because they need to search 
databases, browse google and apply investigative techniques to 
investigate on the topic.
And do it in an efficient way, because time is always a scarce resource.

Additionally they need, for efficiency purpose, to "collaborate" on the 
received material and to do so there are excellent platform for sharing 
it like or DMS (document management system) 
like Alfresco ( that can help extracting text, 
applying semantic analysis, collaborating on documents.

A that kind of process are to be done "online"
So i really think it's unrealistic to handle dozen or hundreds of 
submission per month by copying received data offline, decrypting and 
analyzing it offline trough a different workstation.

IMHO in a realistic workflow, at first the journalist "evaluate" the 
data received quickly, identifying if it's spam or ham, define how 
securely he should handle that data, and then will apply "appropriate 
operational security procedure" depending on the data received.

- Too Many Servers
Looking at we 
see that there are 4 servers, 1 switch, several dedicated hardware for 
operational security (external encrypted hard drive) with a quite 
complex installation procedure .

This increase the cost and effort required to startup a whistleblowing 
initiative in terms of hardware, software, services and skill set required.

- Too Much Customized Software
Looking at the installation procedure there are several customized 
procedures and software such as using "Hardened GRSecurity" linux 
kernel, requiring to manually maintain security update for all kernel 
release, and manual setup of a Certification Authority (with OpenSSL), 
requiring manual handling and management of certificate via command line.

Anyhow "DeadDrop" has it's own design, it's cool, is *extremely* 
paranoid and i like it.

I just find it overkill for a general use.

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights - -

More information about the liberationtech mailing list