Further Reading

  1. The Irish based Front Line Defenders charity has published Digital Security & Privacy for Human Rights Defenders manual

    We have a few minor quibbles ,but this is a very useful, clear and simple guide, which complements these hints and tips. It is of use to human rights activists living under repressive regimes, and also to UK based journalists, and political bloggers alike.

  2. The United States National Security Agency does not just snoop on foreigners and US citizens, it also publishes very useful practical documentation aimed at securing US Government and Business computer systems and networks.

    Have a look at these open source Security Configuration Guides and checklists, and make sure that your computers are at least as well secured as the NSA recommendations:

    These used to be available as NSA Security Configuration Guides, but these checklists have now mostly been moved to the:

    National Institute of Standards and Technology (NIST):

  3. The NSA also publish an illustrated, step by step guide to secure document redaction or censorship from Microsoft Word 2007 to Adobe .pdf format:

    Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word 2007 to PDF (.pdf)

  4. Thomas C.Green writes in The Register about Clearing swap and hibernation files properly - - probably especially important for laptop computers, which are especially vulnerable to loss or theft. See also his Windows hack for Web-surfing privacy and Internet anonymity for Windows power users gives some hints a techniques for using RAM disks rather than hard disk space for Windows and Web Browser temporary files and registry settings.

  5. Privacy International:- "Legal Protections and Barriers on the Right to Information, State Secrets and Protection of Sources in OSCE Participating States" - should be read by legislators, civil servants, investigative journalists, whistleblowers and bloggers in Europe, North America and Central Asia.

  6. Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

  7. Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

  8. Everyone's Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the Munk Centre for International Studies at the University of Toronto.

  9. How To Master Secret Work Some idea of the precautions necessary for making sure that you have not been followed to clandestine physical meetings, on foot or by car, can be gleaned from this re-print of advice and techniques given to ANC / Communist activists under the South African apartheid regime - African National Congress or South African Communist Party (or, if you are desperate, from here) First published during the 'eighties as a series of articles in the SACP publication 'Umsebenzi'; later as a single pamphlet for underground operatives.

    Following the Edward Snowden revelations about the extent of untargeted mass surveillance by NSA and GCHQ, some of these old school, pre-internet tips about operational security should still be of interest to today's political activist, even in supposedly more democratic countries than South Africa.


  10. A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages ), by experienced UK direct action political activists (www.activistsecurity.org). It is full of practical advice, on many of the topics in this blog, including physical meetings, surveillance, anonymous letters and mobile phones. They make the point that there are private sector snoopers as well as government ones who are interested in meetings and communications between whistleblowers or activists or journalists etc.

    There is a mirror copy on this blog, in case your access to the original is blocked

    [hat tip to Mr. Tor for his suggestion in the comments below]

  11. Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

  12. Privacy International - Speaking of Terror: A survey of the effects of counter-terrorism legislation on freedom of the media in Europe (.pdf) includes sections on Protection of journalists' sources and materials, and Wiretapping and surveillance of journalists and on Limits on Photography.

  13. The Berkman Center for Internet and Society, at the University of Harvard, in the USA,has several research projects which examine the effectiveness of State and Corporate Internet Censorship and the tools and techniques used to achieve this,m and the arms race with the Censorship Circumvention tools and techniques. They have published a useful study of some of the most popular Circumvention tools and technologies, showing their trade offs between usability, speed, security, and effectiveness at breaching the Great Firewall of China and other repressive countries.

    Unfortunately, exactly the same techniques which are useful in helping dissidents in very repressive countries, are also now needed to help to protect the anonymity of whistleblower sources and contacts with, or between, journalists, bloggers and political activists, here in the increasingly repressive United Kingdom

    2007 Circumvention Landscape Report: Methods, Uses, and Tools
    Published March 05, 2009
    Authored by Hal Roberts, Ethan Zuckerman, John Palfrey

    [...]

    The following tools were included in the study:

    Anonymizer Anonymous Surfing - an HTTP proxy tool
    Anonymizer China - an HTTP proxy tool
    DynaWeb FreeGate - an HTTP proxy tool
    UltraReach - an HTTP proxy tool
    Circumventor / CGIProxy - a CGI proxy tool
    Psiphon - a CGI proxy tool
    Tor - a randomized re-routing tool
    JAP - a fixed re-routing tool

    Coral - a distributed hosting tool

    Hamachi - a IP tunneling tool

    These tools were chosen to represent most of the most popular tools and to represent a range of different technical and organizational models. There are many tools with the same or similar functionality as the tools included in the study, including Gpass, Guardian, FirePhoenix, Invisible Browsing, Metaproxy, PHPProxy, a plethora of VPN and HTTP tunneling tools, and many others.

    2007 Circumvention Landscape Report: Methods, Uses, and Tools (.pdf)

  14. The Crown Prosecution Service's Decision on prosecution - Mr Christopher Galley and Mr Damian Green MP is worth reading, especially the legal opinion on

    22. As already noted, Mr Galley was arrested for an alleged offence of misconduct in public office and Mr Green was arrested for an alleged offence of aiding and abetting, counselling or procuring the alleged offence by Mr Galley and of conspiring with Mr Galley for him to commit the offence of misconduct.


    23. This is not a case which falls within the framework of the Official Secrets Acts
    [...]

    This CPS Decision also mentions that

    9. The leaked document was the "Asylum and Immigration High Level Monthly Performance Report July 2007". It was marked "Restricted-Management". A copy was recovered by the police from Mr Green's Parliamentary office bearing the name "Galley" in manuscript. In his interview with the police, Mr Galley denied passing this document to anyone.
    [...]

  15. Whistleblowing and Whitehall - A review of how the policies of Government Departments comply with accepted good practice on whistleblowing (.doc) - 2007 report by the Public Concern at Work whistleblowing charity.

  16. This research gives an overview of internet snooping and censorship technologies, including British Telecom's CleanFeed system, and some ways in which this can be avoided, thereby preserving some whistleblower source / political dissident anonymity:


    Anonymity and traceability in cyberspace (.pdf)


    Richard Clayton

    November 2005


    Technical Report Number 653


    University of Cambridge

    Computer Laboratory


    UCAM-CL-TR-653

    ISSN 1476-2986


    Dr. Richard Clayton's home pageand contact details.


  17. How To Communicate Securely in Repressive Environments - a blog post with useful comments and links, and a Word (.doc) version, by Patrick Philippe Meier


    House of Commons - Public Administration Committee - Tenth Report - Leaks and Whistleblowing in Whitehall - 16 July 2009

  18. Public Concern at Work, together with the British Standards Institute, have produced a useful Whistleblowing Arrangements policy document for public and private sector organisations in the United Kingdom (free for individual use).

    Code of Practice


    In partnership with PcaW, British Standards has published a Code of Practice on whistleblowing arrangements under the classification PAS 1998/2008. PCaW is delighted that, to mark the tenth anniversary of the UK's whistleblowing regime, BSI has agreed that the Code will be available for free for individual use.


    We hope you find the Code helpful. If you do, please note that PCaW has developed a range of practical support to help organisations comply with and benefit from the Code.


    Copyright Provisions

    Copies of this Code are available for free for individual use under licence by download from here or from www.bsigroup.com/PAS1998. For printed and own-branded copies or for a network licence, please contact BSI at copyright@bsigroup.com.
    Thank you for filling in the form:


    Click here for the BSI Code of Practice. (.pdf)



  19. FLOSS Manuals - Circumvention Tools - Bypassing Internet Censorship (available as a single web page for printing or as a .pdf file)


    Is a neatly written and illustrated guide to to various Proxy and Virtual Private Network tools and services.



    * CIRCUMVENTION TOOLS
    * INTRODUCTION
    * ABOUT THIS MANUAL
    * BACKGROUND
    * WHAT IS CIRCUMVENTION
    * AM I BEING CENSORED?
    * DETECTION AND ANONYMITY
    * HOW THE NET WORKS
    * WHO CONTROLS THE NET
    * FILTERING TECHNIQUES
    * FIRST TECHNIQUES
    * SIMPLE TRICKS
    * USING A WEB PROXY
    * USING PHProxy
    * USING PSIPHON
    * USING PSIPHON2
    * USING PSIPHON2 OPEN NODES
    * RISKS
    * ADVANCED TECHNIQUES
    * ADVANCED BACKGROUND
    * HTTP PROXIES
    * INSTALLING SWITCH PROXY
    * USING SWITCH PROXY
    * TOR: THE ONION ROUTER
    * USING TOR BROWSER BUNDLE
    * USING TOR IM BROWSER BUNDLE
    * USING TOR WITH BRIDGES
    * USING JON DO
    * TUNNELLING
    * WHAT IS VPN?
    * OPENVPN
    * SSH TUNNELLING
    * SOCKS PROXIES
    * HELPING OTHERS
    * INSTALLING WEB PROXIES
    * INSTALLING PHProxy
    * INSTALLING PSIPHON
    * SETTING UP A TOR RELAY
    * RISKS OF OPERATING A PROXY
    * APPENDICES
    * FURTHER RESOURCES
    * GLOSSARY
    * CREDITS


  20. The Whistleblower's Handbook
    How to Be an Effective Resister


    Brian Martin, The Whistleblower's Handbook: How to Be an Effective Resister (Charlbury, UK: Jon Carpenter; Sydney: Envirobook, 1999). Out of print from 2008.


    Entire book in pdf, 89 pages, 1.6MB


    HT4W mirror copy of The Whistleblower's Handbook (.pdf)


    Contents
    
    

    1. Seven common mistakes 3
    2. The problem 7
    3. Speaking out and the consequences 10
    4. Personal assessment: what should I do? 18
    5. Preparation 23
    6. Official channels 29
    7. Building support 45
    8. Case studies: considering options 65
    9. Surviving 77
    10. Whistleblower groups 82
    References 87

    Seven common mistakes

    Seven mistakes which are commonly made
    by those aiming to expose wrongdoing:
    • Trusting too much
    • Not having enough evidence
    • Using the wrong style
    • Not waiting for the right opportunity
    • Not building support
    • Playing the opponent's game
    • Not knowing when to stop.


  21. Flash memory / USB devices (thumbdrives, digital camera or mobile phone memory cards etc) is very hard to securely erase:

    Reliably Erasing Data From Flash-Based Solid State Drives (.pdf)
    Michael Wei
    ∗, Laura M. Grupp∗, Frederick E. Spada†, Steven Swanson∗
    ∗Department of Computer Science and Engineering, University of California, San Diego
    †Center for Magnetic Recording and Research, University of California, San Diego

  22. Hacker OPSEC blog by by @thegrugq with interesting links to counter intelligence examples and documents, which emphasises the need for comparmentalisation between your normal life and your "secret" one or between your normal family and business contacts and any confidential sources or contacts.

  23. Spy Blog "Bring and Swap" presentation given at recent CryptoParty / CryptoFestival events: (.pdf) & (.pptx)


  24. European Federation of Journalists Top Tips for Journalists Covering the 2014 Winter Olympics includes useful tips about SmartPhones etc. N.B. also do not trust any "free" USB charging devices for SmartPhones or Tablets etc. - these can be a malware installation vector.

Leave a comment

About this blog

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Some of these people will, in the public interest, act as whistleblowers, and may try to leak documents or information to the mainstream media, or to political blog websites etc.

Here are some Spy Blog "Hints and Tips", giving some basic preecautions, and some more obscure technical tips, which both whistleblowers, journalists, and bloggers need to be aware of, in order to help preserve the anonymity of whisteleblowing or other journalistic sources, especially in the United Kingdom, but applicable in other countries as well.

Whistleblower anonymity may not always be possible, or even necessary, forever into the future, but it is usuially crucial during at least the early stages of a "leak", whilst it is being evaluated by others, to see if it merits wider publication and publicity.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.

blog@spy[dot]org[dot]uk

Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

Current PGP Key ID: 0xA165A29480CFAA4C which will expire on 6th September 2014

pgp-now.gif
You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG).

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Tag Cloud

Syndicate this site (XML):

Categories

Tor Hidden Service

In order to make censorship a little more difficult, a copy of this Hints and Tips for Whistleblowers guide is also being published as a Tor Hidden Service.

You will need to have installed the Tor software and established a working Tor connection, and then you will be able access this copy via end to end encryption and a high degree of anonymity through the Tor cloud:

http://r3lb3r3an7uj7bos.onion/

If you do not have Tor installed, you can still access this Hidden Service via the tor2web.org proxy: https://r3lb3r3an7uj7bos.tor2web.org/ still with encryption, but without as much anonymity.

Convention on Modern Liberty - 28th Feb 2009

Convention on Modern Liberty - 28th Feb 2009
Convention on Modern Liberty - 28th Feb 2009

The Convention is being held in the Logan Hall and adjoining rooms at the Institute of Education in Bloomsbury, central London.

Address:

The Institute of Education
20 Bedford Way
London
WC1H 0AL

There are video linked screenings or other parallel meetings being held across the UK in Belfast. Bristol, Cambridge, Cardiff and Manchester.

Convention on Modern Liberty blog

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com- - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Open_Rights_Group.png
Open Rights Group

renew for freedom - renew your passport in 2006
Renew For Freedom - renew your Passport in the Summer Autumn of 2006.

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

public_concern_at_work.gif
Public Concern at Work - "(PCaW) is the independent authority on public interest whistleblowing. Established as a charity in 1993 following a series of scandals and disasters, PCaW has played a leading role in putting whistleblowing on the governance agenda and in developing legislation in the UK and abroad. All our work is informed by the free advice we offer to people with whistleblowing dilemmas and the professional support we provide to enlightened organisations."