Tuesday, February 2, 2010

How to be a good leaker


Have some secret information you want to share with the world? Wikileaks is there to help! By providing you with a secure environment and protecting your anonymity, Wikileaks helps you get the information out safely. However, there are still some risks that your identity be discovered. Here are some quick steps - I gathered from Ben Laurie himself - to make your leaking safer:
  • Scrub the document of all possible metadata

Metadata is "data about data". It is the information about your document (author's name, edits and editors, deleted information, versions ...) and it's usually hidden in your document.  In other words, it's the data that's going to help you get caught. Now, how exactly does one get rid of this damaging information? By using a metadata scrubber. Digital Confidence has a quite interesting article about why such tools are important. Check it out! There are quite a few out there. You might want to try this one. You might also want to look out for digital watermarking. Always be wary of digital "fingerprints", they might do you in.
  • Find an intermediary to do the submission for you, preferably someone who has no idea who you are
This second step is optional but highly recommended. As we all know, security goes hand in hand with paranoia and there's no reason why you should trust Wikileaks with your data, is there? So why not put an extra layer between you two, it certainly can't hurt. Who's to say that the folks at Wikileaks aren't actually a front for the CIA or some shady underground organization set on controlling the whole world for the coming Millennium? For all we know, it could be a front for Xenu or any other galactic overlord. You can never be too careful.

  • Get the material to the intermediary (or Wikileaks) using strong anonymizing technology

While it is true that Wikileaks works hard at providing you the best anonymity out there, it won't hurt to come up with your own. On its website Wikileaks boasts that  "[a]ll files are processed in cryptographically secure, isolated environments making use of AES256, US DoD TOP SECRET-approved encryption for long-term storage as well as system swap memory". In plain English, it means that the source material is protected at all times using the best encrypting technology to date, that is, even if you didn't follow the first two steps. Still, it is you putting this document out there and so if there's any repercussion you're the most at risk. This is where a strong anonymizing technology might prove helpful. Ben recommends mixminion anonymous remailers

Now, those three steps aren't going to eliminate all risks, quite evidently, but they will reduce them drastically. 

Happy leaking! 

No comments:

Post a Comment