People often tell reporters things their employers, or their government, want to keep suppressed. But leaking can serve the public interest, fueling revelatory and important journalism.
This publication was created in part as a platform for journalism arising from unauthorized disclosures by NSA contractor Edward Snowden. Our founders and editors are strongly committed to publishing stories based on leaked material when that material is newsworthy and serves the public interest. So ever since The Intercept launched, our staff has tried to put the best technology in place to protect our sources. Our website has been protected with HTTPS encryption from the beginning. All of our journalists publish their PGP keys on their staff profiles so that readers can send them encrypted email. And we’ve been running a SecureDrop server, an open source whistleblower submission system, to make it simpler and more secure for anonymous sources to get in touch with us.
But caution is still advised to those who want to communicate with us without exposing their real-world identities.
What Not To Do
If you are a whistleblower trying to figure out the best way to contact us, here are some things you should not do:
Don’t contact us from work. Most corporate and government networks log traffic. Even if you’re using Tor, being the only Tor user at work could make you stand out. If you want to leak us documents that exist in your work environment, first remove them from work and submit them using a personal computer on a different network instead.
Don’t email us, call us, or contact us on social media. Most of the ways that people communicate over the Internet or phone networks are incredibly insecure. Even if you take the time to learn how to encrypt your communications with us, your metadata will remain in the clear. From the standpoint of someone investigating a leak, who you communicate with and when is all it takes to make you a prime suspect, even if the investigators don’t know what you said.
Don’t tell anyone that you’re a source. Don’t risk your freedom by talking to anyone about leaking documents. Even if you plan on coming out as the leaker at some point in the future, you have a much better chance of controlling the narrative about you if you are deliberate.
As journalists we will grant anonymity to sources if the circumstances warrant it — for example, when a source risks recrimination by disclosing something newsworthy. If we make such an agreement with you, we will do everything in our power to prevent ourselves from being compelled to hand over your identity.
That said, in extreme cases, the best way to protect your anonymity may be not to disclose your identity even to us.
What To Worry About
And here are some things you should be aware of:
Be aware of your habits. If you have access to secret information that has been leaked, your activities on the internet are likely to come under scrutiny, including what sites (such as The Intercept) you have visited or shared to social media. Make sure you’re aware of this before leaking to us, and adjust your habits well before you decide to become our source if you need to. Tools like Tor (see below) can help protect the anonymity of your surfing.
Compartmentalize and sanitize. Keep your leaking activity separate from the rest of what you do as much as possible. If you need to use email, social media, or any other online accounts, don’t use your normal accounts that are connected to you. Instead, make new accounts for this purpose, and don’t login to them from networks you normally connect to. Make sure you don’t leave traces related to leaking laying around your personal or work computer (in your Documents folder, in your web browser history, etc.).
If possible, use a completely separate operating system (such as Tails, discussed below) for all of your leaking activity so that a forensics search of your normal operating system won’t reveal anything. If you can’t keep things completely separate, then make sure to clean up after yourself as best as you can. For example, if you realized you did a Google search related to leaking while logged into your Google account, delete your search history. Consider keeping all files related to leaking on an encrypted USB stick rather than on your computer, and only plug it in when you need to work with them.
Strip metadata from documents. Many documents, including PDFs, images, and office documents, include metadata that could be used to deanonymize you. Our policy is to remove metadata ourselves before publishing anything, but you might want to remove it yourself. Tails (discussed below) includes a program called Metadata Anonymization Toolkit that can strip metadata from a variety of types of documents. If you’re somewhat techie you can convert your documents to PDFs and then use pdf-redact-tools to completely remove any information hiding in them. You could also choose to go analog: print out a copy of the documents and then re-scan them before submitting them to us (but be careful to securely shred your printout and not leave traces in your printer’s/scanner’s memory).
How To Actually Leak
Now that we have that straight, here’s how to go about contacting us securely:
Go to a public WiFi network. Before following any further directions, grab your personal computer and go to a network that isn’t associated with you or your employer, such as at a coffee shop. Ideally you should go to one that you don’t already frequent. Leave your phone at home, and buy your coffee with cash.
Get the Tor Browser. You can download the Tor Browser here. When you browse the web using the Tor Browser, all of your web traffic gets bounced around the world, hiding your real IP address from websites that you visit. If your network is being monitored, the eavesdroppers will only know that you’re using Tor but not what you’re doing. Websites that you visit will only know that you’re using Tor, but not who you are (unless you tell them). It sounds complicated, but it’s actually quite easy to use. In order to start a conversation with us using our SecureDrop server, you must use Tor.
Consider using Tails instead. If you are worried about your safety because of the information you’re considering leaking, it might be prudent to take higher security precautions than just using Tor Browser. If someone has hacked into your computer, for example, they’ll be able to spy on everything you do even if you’re using Tor. Tails is a separate operating system that you can install on a USB stick and boot your computer to. Tails is engineered to make it hard for you to mess up:
- Tails leaves no traces that it was ever run on your computer
- It’s non-persistent, which means that if you got hacked last time you were using Tails, the malware should be gone the next time you boot up
- All Internet traffic automatically goes through Tor, so it’s much harder to accidentally de-anonymize yourself
- It has everything that you need to contact us through SecureDrop built-in, as well as other popular encryption tools
- It’s the operating system that Edward Snowden, Glenn Greenwald, Laura Poitras, and I used to keep the NSA journalism safe from spies
It sounds complicated, and it is. But if you’re risking a lot, it’s probably worth the effort. You can find instructions for downloading and installing Tails here.
Use SecureDrop to communicate with us. You can use our SecureDrop server to securely and anonymously send us messages, read replies, and upload documents. If you have access to information that you’re considering leaking, you can use SecureDrop to just start a conversation with us until you’re comfortable sending in any documents. Or you could choose to dump a set of documents and never check back again.
You can access our SecureDrop server by going to http://y6xjgkgwj47us5ca.onion/ in Tor Browser. This is a special kind of URL that only works in Tor (even though the URL starts with “http://” and not “https://”, the connection between Tor Browser and our SecureDrop server is encrypted). This is what you’ll see:
To learn more about safely using SecureDrop as a source, check the official guide for sources document.
If you’d like to submit tips to us and your anonymity isn’t important, you can email tips@theintercept.com. If you’d like to use PGP encryption, you can find every journalist’s PGP public key on their staff profile.
Questions? Have further advice for would-be leakers? Post them in the comments below.
rock on/ http://docs.house.gov/meetings/IF/IF02/20130709/101104/HHRG-113-IF02-Wstate-WortzelL-20130709-U1.pdf
How about something like the Sony leaks?
The content of the leaks has been pretty much eliminated from the internet. The Barrett Brown sentencing has a dramatic silencing effect on speech in this regard as well.
I’m in contact with an activist who believes that the leaks contain evidence of Title VII violations.
What would your opinion be on the correct procedure for starting to share and analyse these leaks?
It all depends on what you perceive the threats are. It should be fine to communicate about potential Sony leak stories using normal email (and that makes it much more convenient for all concerned). But if the source is potentially risking something, then I would say they should contact us through SecureDrop.
Be careful of the language you’re letting be redefined. A whistleblower is a patriot and a first rate American. A leaker is a security risk, or should look into a walkin’-around diaper. Don’t let language be redefined by fascists. You want to say “How to Blow the Whistle to The Intercept.”
I wouldn’t say the terms were that exclusive. Government employees ‘leak’ tidbits every day, for various nefarious purposes. Let whistle blowers ‘leak’ and then see how it plays out, and then we see to what degree they were blowing the whistle. If they leak responsibly there should be no risk – about 300,000 people had access to most of the material Snowden leaked.
This is an excellent, informative article Mr. Lee.
Many thanks for taking the time and effort to write it.
Looking forward to seeing more of your literary endeavors in TI publications.
Are you saying Snowden ran Tails? This is what is implied here: “It’s the operating system that Edward Snowden, Glenn Greenwald, Laura Poitras, and I used”
And the linked article only states that you and Greenwald used Tails, starting in May 2013 (Greenwald on 27th May, seven days after Snowden had arrived in Hong Kong and five months after five months after he had first tried to contact Greenwald).
I wonder if there is the possibility for a job as a Professional Leaker aka a Leak Artist. As in, pay me X amount of money and I will leak it securely for you.
Sounds like an idea for a novel. “The Big Leak”
There isn’t. Although someone with high skills would probably be able to leak for a long time, without being caught, the problem lies on the first link of the chain, the “real” leaker. How will he leak to the “professional leaker” in the first place?
Its a scary inquisitive world out there.
Been using the Tor browser and the following just occurred, after linking to a news article, with Tor browser giving me a pop up box with the following
“This website (www.13newsnow.com) attempted to extract HTMLS canvas image data, which may be used to uniquely identify your computer.
Should Tor Browser allow this website to extract HTMS5 canvass image data?”
I selected ‘not now’ but across the top a line read as follows;
“NoScript filtered a potential cross-site Scripting (XSS) attempt from (THE LINK ALREADY GIVEN).Technical details have been logged to the Console.”
Why are sites so interested in who visits them that they even try to undo your privacy attempts?
Wow This Tor Browser is the business.
I’m impressed after linking to a hhps site (https://www.rottentomatoes.com/top/) Tor saved me, with the following
“This Connection is Untrusted
You have asked Tor Browser to connect securely to http://www.rottentomatoes.com, but we can’t confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site’s identity can’t be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn’t continue.
http://www.rottentomatoes.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)”
Third attempt at posting this.
The Tor Browser is the business. It just gave me the following ;
https://www.rottentomatoes.com/top/
This Connection is Untrusted
You have asked Tor Browser to connect securely to “THE LINK”, but we can’t confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site’s identity can’t be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn’t continue.
“THE LINK” uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)
WAy to go Tor!
The problem with any or all of this is if you are being watched and already under extreme surveillance there is no way you can even attempt any of this without being tracked followed and harassed while doing so. It would be obvious to alphabet agencies that you are attempting to seek help. Essentially there is no way around any of this if the situation is as big as it is…
There is hope for news reporting on IT issues (never mind privacy and national security policy), and this piece demonstrates it. Great work, Micah and all at Intercept. I actually learned something reading a news story!
Question: Can you recommend Intel Chromebooks? I have a Samsung about a year and a half old. Obviously, it’s ARM. For ordinary purposes it works beautifully and it was inexpensive. Any suggestions for X86?
I’d recommend Tails over the Tor browser bundle. Tails is pretty easy for non-tech saavy people to use, can be run off of a CD to eliminate most of the evidence of what you used it for (at least on the your physical computer), and the live distro should be clean. You don’t have to worry about your host machine being infected with a keylogger or other malware. I can’t think of an easy implementation of PGP for encrypted email. It’s not very user friendly. Any thoughts on OTR?
I just emailed my nephew, a 22 year old whiz kid (he and Micah could have conversations I could only pretend to understand) about Tor and part of his reply was : Tor is inherently slow, and the CIA has a bunch of tor exit nodes, so while it is harder to monitor its not completely secure.
http://dailyanarchist.com/2011/02/02/tor-yes-or-no/
snip
There reason is that Tor has some rather severe limitations:
Tor is slow. Routing through an unpredictable path takes time, and varying lengths of time.
Tor is free. Yes, this is a serious problem. When someone owns something and generates income from it, they almost always take care of it, and usually work hard to improve it. No such efforts are routinely applied to free things. Fixing a problem at a Tor node may or may not happen; upgrading is done strictly when convenient.
Tor may include malicious nodes. When anyone can run a node, it’s not always nice people who do so. Think of it from a crook’s standpoint: Here we have lots of data traffic that people are trying to protect; it must be of some value. Anyone can open a node and gather information, with no path back to us – we’re just random people on the Internet, posing as humanitarians. Why not do it? When everyone (even groups like the CIA) can run a tor node anonymously and without any accountability, they can act badly and get away with it. And, in fact, several leaks of data through malicious Tor exit nodes have been confirmed.
Tor is only for web browsing. For example, at my last check, no one was allowing email to run over their Tor node; it is simply too problematic. There are a lot more things to protect than surfing.
Tor requires all the software on your computer that accesses the internet to be cooperative. Many programs, however, (whether created by shady marketers, governments, crooks, or just poorly written) are not cooperative, but bypass Tor and give away your network identity.
For most people, Tor is to hard to use regularly. This makes security errors and leaks much more likely.
THE BETTER ANSWER
Since I am involved with a professional anonymity network, you might expect me to prefer my own product. And, in fact, I do. We built the system because it needed to be built. If Tor had been sufficient, we wouldn’t have undertaken the job.
snip
Is ther anyway one can tell if the exit or end node is safe?
The advice on dailyanarchist is bad. The advantage that Tor has over all commercial anonymity products is that you don’t have to trust anyone, where with commercial services you have to trust the service–they know who you are, and you have to trust them not to log your traffic, not to give those logs to anyone, and not to get hacked. Anyone can run a malicious Tor node, but it’s designed so that this doesn’t matter: you don’t get enough information from spying on the traffic of your malicious node to deanonymize any Tor user. Also, the whole thing about no one putting effort into updating Tor nodes because they’re free is silly. I run 5 Tor nodes myself, and they’re always running the latest stable version of the Tor software.
If you’re using a malicious exit node, however, it’s possible for that node to spy on what you’re doing (but not know who you are, unless you leak your identity in your traffic, e.g. login to an HTTP website with your real email address). If your traffic is encrypted, like with HTTPS, the exit node can’t spy on the content of your traffic. (This is also true when you connect to any open wifi network, or really always if you’re counting your ISP and spy agencies as potential attackers. In short, avoid doing plaintext stuff on the internet no matter what, but especially when using Tor.)
But most importantly, none of this exit node stuff applies to The Intercept’s SecureDrop server. We use a Tor hidden service, which means that the traffic never exits the Tor network, and an exit node simply isn’t involved. The traffic between Tor Browser and our SecureDrop server is end-to-end encrypted, and there’s no place where the plaintext can be spied on.
Cheers for the info.
My nephew did not provide the dailyanarchist link, that is my fault. I only put it forth for discussion.
You have answered in spades.
Thank you.
Do you run just relays or exit nodes? I was under the impression running an exit node is pretty risky, but relays are relatively safe to operate. I heard if nefarious traffic leaves an exit node you’re running alphabet agencies will confiscate all of your devices. On another note, even if snoops are running the exit node, you’re still anonymous unless you do something to give yourself away while using Tor, such as checking an email address associated with you, or giving up your personal information, correct? I thought the only way to physically give up your location would be if the eavesdroppers control all of the nodes you connect to. Unless they find an unknown browser exploit to cause a Man in the Middle Attack.
I just run relays that aren’t exit nodes (you’re right, running exits is riskier). And yes, the purpose of Tor is to keep you anonymous (sites you visit don’t know who you are) but not necessarily to keep you secure (the only way to secure visit a site is if that site supports encryption — this is true with or without Tor). Tor doesn’t protect against a “global adversary”, an attacker that can spy on all hops through the Tor network at once. At least according to one Snowden doc, NSA doesn’t appear to be one right now. And otherwise, the only way to deanonymize Tor users would be to exploit some unknown bug in the Tor network–this happens sometimes, and whenever it does the software gets fixed immediately so it’s always important to run the very latest version of Tor. Or to exploit a bug in the client software that people use through Tor (like the Tor Browser) to hack your computer and trick it into making a request outside of Tor, to figure out your real IP address.
Ok thanks, that’s what I thought. Now given the risks of running exit nodes, who actually does it? I would think it would be limited to groups like EFF who have all their ducks in order in the case of a search or seizure, people living in other countries with less legal ramifications, and alphabet agencies whose computers can’t be seized and very well could be trying to monitor traffic leaving the network. I’m guessing the three letter agencies make up the largest group of exit node operators.
SecureDrop sounds really solid if as you mentioned in another post, that the traffic doesn’t leave the Tor network, thus never exposing plaintext to eavesdroppers. On another note, you mention scanning physical documents to strip away metadata, isn’t there a form of document control involving watermarks that identifies what copier and time something was scanned? I’m not sure if that would be in the document itself, or if special paper the original was printed on has this kind of feature. I actually wasn’t aware of tools for stripping metadata away from PDFs before reading this. Most people and even techies like myself are pretty oblivious to tracking and security in PDFs.
Also you mention leaking from public wi-fi from a place you don’t often frequent, paying cash and leaving your phone at home. For added anonymity protection, would using say a USB wi-fi dongle instead of the built in network card be beneficial? I’m thinking of a scenario where someone leaking compartmentalized information could potentially give themselves away via their built in network card if the investigating agency tries to canvass an area, like public wi-fi nearby the department where the leak came from. Can they reliably pull information such as MAC addresses for who connected to various hotspots for a period of time? If so then they could theoretically check with the laptop manufacturer to see what computer the network card shipped with and ultimately who purchased the computer.
http://www.cio.com.au/article/565081/mozilla-puts-old-hardware-new-use-runs-tor-relays/
Mozilla puts old hardware to new use, runs Tor relays
The organization opted for running middle relays, although exit relays would have probably helped the anonymity network more
Lucian Constantin (IDG News Service) on 30 January, 2015 03:10
Mozilla has dusted off some decommissioned servers and networking gear and used them to set up high-speed relays on the Tor anonymity network.
The plan to run Tor relays was revealed in November, when the software developer announced its Polaris Privacy Initiative, a collaboration with other non-profit organizations to enhance privacy on the Web.
One of those organizations was the Tor Project, which develops the client and server software for the Tor anonymity network. As part of the partnership, Mozilla said that it will make some changes in Firefox to ease the work of Tor Project developers who maintain the Tor Browser, a modified version of Firefox that allows users to access the Web through the Tor network.
The organization also said at the time that it will host its own “high-capacity Tor middle relays to make Tor’s network more responsive and allow Tor to serve more users.”
snip
snip
The Tor network has three main types of relays, or nodes: middle relays, exit relays and bridges. Internet traffic routed through the Tor network will randomly pass through at least three Tor relays before it exits back onto the Internet to reach its final destination.
Middle relays are responsible for passing data within the Tor network. Over time, middle relays can automatically become entry guard nodes as they build trust according to a network consensus algorithm — in fact one of Mozilla’s middle relays has already become an entry guard. Entry guards serve as the first links between users and the Tor network.
At the other end are exit relays, which act as the last hops in the network and whose purpose is to send the traffic back on the Internet. A site that receives a request from a Tor user will see the request originating from the Internet Protocol (IP) address of a Tor exit relay, not the real IP address of the user.
snip
I have used the tor browser and some sites have blocked me because the ip address used is on a list of blocked ips. I looked up the ips and could find them quickly. So it appears running exit nodes is problematic, i.e you are clearly seen.
I find the legal threat of running an exit node to be the biggest hurle in the Tor setup.
http://www.cio.com.au/article/565081/mozilla-puts-old-hardware-new-use-runs-tor-relays/
Mozilla puts old hardware to new use, runs Tor relays
The organization opted for running middle relays, although exit relays would have probably helped the anonymity network more
Lucian Constantin (IDG News Service) on 30 January, 2015 03:10
Mozilla has dusted off some decommissioned servers and networking gear and used them to set up high-speed relays on the Tor anonymity network.
The plan to run Tor relays was revealed in November, when the software developer announced its Polaris Privacy Initiative, a collaboration with other non-profit organizations to enhance privacy on the Web.
One of those organizations was the Tor Project, which develops the client and server software for the Tor anonymity network. As part of the partnership, Mozilla said that it will make some changes in Firefox to ease the work of Tor Project developers who maintain the Tor Browser, a modified version of Firefox that allows users to access the Web through the Tor network.
The organization also said at the time that it will host its own “high-capacity Tor middle relays to make Tor’s network more responsive and allow Tor to serve more users.”
snip
snip
The Tor network has three main types of relays, or nodes: middle relays, exit relays and bridges. Internet traffic routed through the Tor network will randomly pass through at least three Tor relays before it exits back onto the Internet to reach its final destination.
Middle relays are responsible for passing data within the Tor network. Over time, middle relays can automatically become entry guard nodes as they build trust according to a network consensus algorithm — in fact one of Mozilla’s middle relays has already become an entry guard. Entry guards serve as the first links between users and the Tor network.
At the other end are exit relays, which act as the last hops in the network and whose purpose is to send the traffic back on the Internet. A site that receives a request from a Tor user will see the request originating from the Internet Protocol (IP) address of a Tor exit relay, not the real IP address of the user.
snip
I have used the tor browser and some sites have blocked me because the ip address used is on a list of blocked ips. I looked up the ips and could find them quickly. So it appears running exit nodes is problematic, i.e you are clearly seen.
I find the legal threat of running an exit node to be the biggest hurdle in the Tor setup.
The fact that Tor is slow (which it isn’t, actually, with the addition of many high bandwidth relays in the last two years) is not a point against it in this context. High latency is better for security (ex. Pond).
I am using Tor now. It is slower. This is an observable fact.
However that is not a reason not to use it.
blog.torproject.org/blog/why-tor-is-slow put a header on this
http://gizmodo.com/tor-the-anonymous-internet-and-if-its-right-for-you-1222400823
snip
Limitations to Using Tor
The most noticeable drawbacks to using Tor are performance-related. Since internet traffic is being routed through at least three relays, it tends to get held up along the way. This is especially noticeable for heavier elements like audio and video tracks, and based on the number of users signing up to act as relays, it gets worse with more users on the network. Tor is well aware of its speed issues, though, and maintains a pretty comprehensive troubleshooting guide.
snip
I will try again to post to you.
I installed the Tor browser yesterday. It runs slow but I do not care as this is a small price to pay for the anonimity it gives.
Tor is slower, this is an observable fact.
Videos and audio files stop all the time.
http://gizmodo.com/tor-the-anonymous-internet-and-if-its-right-for-you-1222400823
snip
Limitations to Using Tor
The most noticeable drawbacks to using Tor are performance-related. Since internet traffic is being routed through at least three relays, it tends to get held up along the way. This is especially noticeable for heavier elements like audio and video tracks, and based on the number of users signing up to act as relays, it gets worse with more users on the network. Tor is well aware of its speed issues, though, and maintains a pretty comprehensive troubleshooting guide.
snip
Tor really isn’t meant for that type of usage. Speed wise, using it reminds me of the old dial up days. All of the .onion sites I’ve gone to are really barebones for this reason. AlsoI’m pretty sure scripts can be embedded in audio and video files.
@ Keith.
Cheers mate.
It is a pity there are not more nodes as sometimes videos and audio files can be associated with things you would prefer to watch and not have others know you are viewing them (and I am not talking about porn.)
All the best.
“Tor is slow. Routing through an unpredictable path takes time, and varying lengths of time”
When compared to the days of modem cradles and bulliten boards, which one is slower? Trading a little time for a layer of security is a very good deal and worth the patience. Not everything needs to be done using the McDonald’s fast food approach, besides, any day now, some scientist will break that pesky speed of light thing.
totally off topic, but why doesn’t drudge link to you guys??? you’d think the intercept being the source for leaks that it is drudge would be sending folks your way
I set up an anon drop spot on Onion ageas ago, feel free to use it as well.
dke34xlun4xa3w4z.onion/files
.
The Intercept: The best place in cyberspace to take a leak.
.
Start a large download on your computer before you go to a public WiFi
Use a different laptop/computer that can not be traced to you for Tails
This way you create evidence that your computer was not connected to the public WiFi
https://www.techdirt.com/articles/20150122/08332129778/eus-counter-terrorism-co-ordinator-finally-says-it-force-internet-companies-to-hand-over-their-crypto-keys.shtml
EU’s ‘Counter-Terrorism Co-ordinator’ Finally Says It: Force Internet Companies To Hand Over Their Crypto Keys
from the just-a-fig-leaf dept
Although calls to ban or backdoor encryption have been made in the past, David Cameron’s rather vague threats against crypto clearly mark the start of a new, concerted campaign to weaken online privacy. Thanks to a leaked paper, written by the EU Counter-Terrorism Co-ordinator and obtained by Statewatch, we now have a clear statement of what the European authorities really want here (pdf):
Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys).
snip
Just when you think its safe to go back in the water, that white pointer, Cameron shows his fin. Shark nets not internets.
Does it has to be a story of success? Some died, some are in jail, some friends became enemies, some are in foreign countries like Germany or Russia and some stayed. Maybe even for very different reasons. Is the world a better place now? Did it feed the perpetual hunger of the intellectual world? Yes and No.
keller, if you’re alluding to my previous comment, I’m afraid you misunderstood what I meant by “success story.” I was thinking strictly in journalistic terms—i.e., a leak via the cited anonymization tools that succeeded in generating an actual report by The Intercept. The consequences of such a story would be another issue entirely.
Image a secret court thinking strictly in legal terms… And no, I did not allude to your comment but was inspired by one of its keywords :-)
What’s missing is a post-Snowden success story. Naturally I don’t expect you to betray a source’s confidentiality. But can you please cite an anonymized example of a leak, by someone other than Snowden and using SecureDrop or any other tool you write about, that has led to an actual report published by The Intercept? At minimum, could you at least state for the record that there has been even one such case? The Intercept has now been online for nearly a year, which would seem to allow plenty of time for these anonymizing tools to yield fruitful results. Thank you.
Yes, we have published stories based on leaks from SecureDrop from sources other than Snowden. I obviously can’t go into details, but check out the last 10 minutes of CitizenFour.
Mr. Lee, the segment of Citizenfour to which you refer begins with a typed message from Laura Poitras to Glenn Greenwald: “This should stay on an airgapped machine. There is a new submission. We need to set up a code name for working on this. We should be very careful this is not a set-up.”
Soon, William Binney advises Jeremy Scahill that a journalist must handle a confidential whistleblower source “like Deep Throat did in the Nixon years—meet in the basement of a parking garage, physically.”
Next, in Moscow, Glenn Greenwald updates Edward Snowden in what appears to be a comfortable hotel room—definitely not the basement of a parking garage.
Informing Snowden of the new source, Greenwald says, “It’s all being done through this.” Greenwald scribbles something we don’t see on a sheet of paper and passes it to Snowden. “And they’re all talking this way,” adds Greenwald, scribbling and passing another unseen note to Ed. We do see a subsequent note, which says, “One key thing—ALL drone strikes are done through Ramstein Air Base in Germany—German gov’t has always denied this—will be a huge controversy.” Another note says, “There are 1.2M people on various stages of their watch list.” Greenwald tells Snowden, “That’s what we’re working on.”
There is no mention of SecureDrop or any other anonymization tool.
As far as I can tell, The Intercept has reported nothing about Ramstein, nor can I find any reference to SecureDrop in any of The Intercept’s stories involving watchlists.
Evidently, then, your disclosure here that The Intercept has published stories based on leaks from SecureDrop from sources other than Snowden will come as news to most readers. Thank you for replying.
There’s a scene where you can see the word “SecureDrop” ever so briefly written on the sheet of paper. Also SecureDrop is thanked, along with other free software security tools, in the credits of the film.
If you mean the split-second glimpse of a sheet where Glenn has scrawled “Jabber,” I defy anyone who doesn’t already know what it says to make out “SecureDrop” written above that. But I’ll take your word for it.
Perhaps the headline for this article should have read “Don’t click on this article if you’re at work and might one day want to leak information”.
Yeah … Lol!! But if you do please follow the above instructions to scrub the web of you having been here
The “analog approach” of printing and scanning sounds great, but …
https://www.eff.org/press/archives/2005/10/16 — the printers have secret little dots to identify them. Then there’s the issue that digital watermarking in the original document is specifically designed to resist such treatment, and who knows if one is applied? And what are the odds the scanner isn’t also inserting its own codes on top of them all?
I feel like the only thing these methods are actually good enough for is getting The Intercept prosecuted someday for conspiring in the original espionage or “material support” by providing advice like to compartmentalize to people intending to ‘steal’ proprietary information.
It seems like there are a vast number of holes in the system. To begin with, the TAILS page lists a number of impressive vulnerabilities in the previous version. But suppose you take your USB stick, poke it into the coffeeshop computer in a camera free zone, reboot to a secure OS to send your message… they already have you. Because Windows will have saved a serial number from the USB stick to the registry on that computer for them to find, then they have the video camera footage from whatever store sold you the USB stick. There’s a reason why the Unabomber used a manual typewriter and shopping bag paper … because nobody who did it any other way stayed out of jail long enough to become worthy of notice.
Well, one thing that should have been mentioned in the article, that wasn’t, I think because for most of us technologists is obvious, and post snowden was even more obvious, to the entire world, is that you shouldn’t even get a mile near any windows operating system if you’re serious about it. But I believe it was worth mentioning in the article that you should not use a machine that you use in your daily life for your leaking activities. If possible go to a store far from your home with cash and buy a laptop with linux, and then format it and install other linux, or BSD. But never put a windows on it and only use that for your leaking activities. It’s part of compartmentalizing.
I was thinking that you could also upload the files from an app on the android market(if there is such an app) through a VM(virtual machine) using GenyMotion. But of course I’m not sure if it is or not possible. Just mentioning an idea out there. ????
Please write a book on this subject Micah. Your articles are really good. Please run this idea by your spouse and see what she thinks. I have great faith in ladies/partners behind courageous men and vice versa.
I think it’s only worth mentioning that, when using TAILS, if you get hacked, you will leak your real ip address, because tails can’t do anything to prevent this. And, since tor browser doesn’t block javascript per default, it’s much easier to get hacked than you might think. There are some solutions for this problem, but they are somewhat harder to use than using TAILS.
Suggestion: If the information is truly sensitive then a one-time-use thumb-drive OS (Operating System) like Tails might be used for a one-time leak. The guts of a thumb drive can be burned, pulverized, or microwaved to make data recovery impossible.
Correction: microwaving might fail, but burning and physical pulverization will probably succeed.
You might be successful in a one time leak with TAILS, there’s no denying in that. But that is just if:
a) you’re not being targeted or suspected already.
b) you do only use tails for leaking the documents. No other web browsing involved.
For the persistent leaker, one which plans not to be caught and still be able to leak documents, a more sophisticated setup is needed and you operational security will have to be better. And, saying that TAILS do not leave any traces in your system isn’t factually correct. There are some ways of detecting that TAILS was probably used on a computer, given physical access to it. And, some malware can persist, and infect other operating systems in the machines. There are hardware firmware malware, bios malware, badusb, etc. More care should be taken with these statements, given that they might be the difference between life or death. Just saying.
Thank you. Could you please tell us what the solutions are? My encrypted smartphone has already been hacked and I’ll take advice anywhere I can get it to secure my communications.
For this reason, when you visit our SecureDrop page there’s helpful instructions explaining how to disable javascript in your browser. But also, it’s incredibly difficult for attackers to target someone who is using Tor to begin with. Because they can’t tell Tor users apart, they would have to target all Tor users they see — which would generally either mean running an exit node and hoping your target randomly chooses it (and attempt to hack everyone else who uses it), or running a malicious website and try to trick your target into visiting it from Tails. But it’s also important to know that you would need to burn multiple zero days to deanonymize a Tails user: a Firefox exploit to get arbitrary code exec, plus a Linux privilege escalation exploit, before you can make a request that doesn’t go through Tor. Obviously there are attackers with this capability, but it’s far from trivial, even for an attacker like NSA.
Good basics this article. “Is it safe,” there are a thousand ways to get caught, if you can think of 500 you are a genius. The real question is do you know something so important and so wrong you cannot live in a land that does this and are you willing to pay a very high price. Do you have the reason and resolve?
Even the ultimate whistleblower insider with extreme skilled in the art, Snowden took some time to think and carefully plan. It still was a close run thing and he did not achieve his desire destination and so far his revelation have made little change in the system of governance. I would not suggest someone blow or not blow the whistle but if you do best have identified a big crime. Hang for a sheep not for a lamb, we need a real America horror story to cause real change.
Secure Droppings
Why in the hell would you guys rely on anything written by Kevin Poulsen–software or otherwise? Was Daniel Domscheit-Berg unavailable?
How in the hell is Kevin Poulsen on the Technical Advisory Board of the Freedom of the Press Foundation? Do you guys just not care?
I would be hard pressed to come up with a better way to look stupid/malicious than to get in bed with Kevin Poulsen. What in the world are you people thinking? Is this really the best you can do, or is it that nobody really gives a shit, and you guys are just going through the motions?
Anyone recommending security software written by Kevin Poulsen is either a complete idiot or a spy.
Pick one.
Also, you would think Poulsen’s treatment of whistleblowers alone would prevent his appointment to the Freedom of the Press Foundation.
While I understand your concern, Aaron Swartz also collaborated on Secure Drop. Mashable:
If anyone has unimpeachable credibility, it is surely Aaron Swartz.
Kevin Poulsen didn’t write SecureDrop. These 3 commits (2 of them editing documentation) are his entire contribution to the code of the project. You can see who the actual authors are here. SecureDrop is a free software project, developed completely in the open on github, and with public security audits after every release. Aaron Swartz was friends with Kevin early on while he was developing the first prototype, but this has nothing at all to do with how safe and secure SecureDrop is for whistleblowers to use.
@Mona
That Poulsen found himself in very close proximity to yet another young hacker who ended up in trouble with the law is in no way reassuring to me.
@Micah Lee
Thank you for your reply. That is good to know, but it seems to contradict Kevin Poulsen’s bio on the Freedom of the Press Foundation web site…
https://freedom.press/about/tech/kevin-poulsen
If Poulsen had nothing to do with SecureDrop, you guys should probably update your website so that it is accurate. I’m not sure why you would want to give him credit for something he didn’t do.
You say that Poulsen had nothing to do with this specific implementation of SecureDrop but did Poulsen develop the system, or the design of the system, or any of the algorithms or protocols? Or is the Freedom of the Press Foundation web site just completely inaccurate here?
Because we might normally think of implementations being vulnerable, and in that case we would look at code commits, but as the Snowden documents show with the example of the NSA and encryption, the idea itself can be insecure.
In other words, if Poulsen developed the system, or parts of the system, a lack of code commits on his part does not really address the issue.
If Poulsen, as you say, has nothing to do with SecureDrop, why in the hell is he on the Technical Advisory Board of the Freedom of the Press Foundation? Is it not enough that Chelsea Manning is in prison?
Also, how much is Freedom of the Press Foundation paying Kevin Poulsen?
Aaron, Kevin, and James Dolan were the people who originally made deaddrop. Aaron wrote the code and came up with the design and James did security hardening. Kevin worked for Wired and was trying to get them to run deaddrop when it was done. After Aaron died, Kevin is the one who ended up making sure the source code got published and he got the New Yorker to start using it. And shortly after that, Kevin handed control of the project to FPF where we renamed it to SecureDrop and began active development (which included hiring James), commissioning outside security audits, and giving media orgs technical help with getting it set up.
No one on the FPF board of directors or technical advisory board gets paid.
@Micah Lee
So if I understand you correctly, it would be inaccurate to say that Kevin Poulsen developed SecureDrop, either as a coder or by doing any work developing the ideas or algorithms. His role would be limited to getting people to try and use it. Is that correct?
An internet search shows that the Freedom of the Press Foundation is not the only place that thinks that Kevin Poulsen developed SecureDrop. This seems to be an idea that has taken on a life of its own.
I hope you would correct this information on your website.
How did Poulsen end up at the Freedom of the Press Foundation, and what does he do for you?
He seems like exactly the wrong type of person to have at the Freedom of the Press Foundation with its purported goals.
Frankly, I am a prime target to give you guys money, but I won’t give you a cent when you guys are this frickin tone deaf. I am certainly not the only one. Is there really nobody over there at the FFPF that is uncomfortable with his association with your group?
Comments on Chromebooks?
You can get one for about $200, set up a separate account, power wash it after each use… I don’t believe you can have TOR or Tails on it though.
Thoughts?
Chromebooks could be great, cheap laptops that could work great for leaking, and they’re simple to factory reset. But you’re right, you can’t use Tor with them (out-of-the-box), and you need Tor to submit to our SecureDrop server. Also, it’s difficult to anonymously create a Google account, so you should login to the Chromebook through a guest account.
You’d have to have some tech skills for this to work, but if you do want to use a Chromebook with Tor, first you need to make sure you buy an x86 Chromebook and not an ARM one, since Tor only releases x86/x64 binaries. Then you can turn on developer mode and install a full-fledge Linux OS like Ubuntu in a chroot jail using crouton, and from there you can install Tor Browser and submit to SecureDrop. Of course, when you factory reset it you’ll have to do this again. I’ve also had success getting Tails to boot on an x86 Chromebook in developer mode, however you may run into trackpad/wifi/boot problems.
you could bundle up and walk up to a stranger pay them $100 to use there computer for a couple minutes.
carefully grab a random computer from craigslist, throw it away when done.
intentionally use a specific person’s computer.
“intentionally use a specific person’s computer.”
With friends like you who needs….
I like the idea about buying a second hand computer but you would need not to use your name and pay in cash.
Thank you for your article, most enlightening.
Question about the coffee shop wi fi use.
What if there are security cameras in the cooffee shop?
With facial recognition (I have a Queensland Australia drivers licence and after losing it the Queensland department of motor transport used facial recognition to ascertain my identity within seconds to get a new licence) could not the authorities still identify me?
When a leak investigation starts, the investigators know that a document was published and work backwards from there. Who had access to that document? Did any of those people send any suspicious emails? Let’s check out their social media accounts. Let’s check their web history. Let’s see if they’ve been using proxy servers or Tor, or other tech that might help them leak this document. Starting from a coffee shop is to make it so that the source doesn’t get caught up in this initial sweep.
The investigation would have to get quite wide for them to start trying to gain access to CCTV footage from random coffee shops. Also, the internet traffic you’re actually sending at the coffee shop–visiting an https website (torproject.org), downloading something, then sending traffic over Tor–isn’t actually all that abnormal. That said, for the sake of defense in depth it wouldn’t hurt to avoid coffee shops with security cameras.
Thank you again for your informative article and thank you for the detailed and sensible reply.
I have downloaded and installed the Tor browser. It does seem slower but that is a small setback.
What about trackers and the tor browser? I have been using Firefox with ad block, ghostery and lightbeam (can’t be too careful) and have java script removed and no cookies selected.
“What about trackers and the tor browser?’
Poorly worded. I know that tor gives you anonimity but does tor stop third parties from recording that a tor user has visited a site?
Trackers can still record that a Tor user visited the website. However Tor Browser is engineered to be non-persistent — all traces of doing anything in Tor Browser are gone when you close the browser (including tracking cookies), so when you open it again the next time the trackers will just see you as a new Tor user. They can’t tell the difference between two different Tor users or the same Tor user that visiting the website twice. So yes, using Tor prevents trackers from following you around the internet, as long as you close Tor Browser on a regular basis.