Hard disk and USB Memory device Encryption
We will be expanding this section soon, with a Guide to using TrueCrypt
- PGP also does Disk Volume Encryption, which may be of use to a whistleblower's home PC.
- There are other Disk Volume Encryption systems available, such as TrueCrypt, which is Open Source and free, and also available for the current versions of Microsoft Windows. This offers potentially two (or more) pass phrases, one of which will decrypt to one set of files, which could be innocent but private data e.g. bank account details. This pass phrase could be revealed to "leak investigators" if necessary.
However, a second, "hidden volume" with its own separate pass phrase can be incorporated within an encrypted volume (which looks just like a big block of seemingly random data), which is where sensitive or illegal material can be stored, with quite a high degree of plausible deniability.
Whether you can ever get your interrogators to actually believe that you have really given them all the pass phrases, to all the possible hidden encrypted volumes, is a risk assessment you have to make, depending on exactly what "secrets" you are leaking as a whistleblower.
About this blog
We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.
Some of these people will, in the public interest, act as whistleblowers, and may try to leak documents or information to the mainstream media, or to political blog websites etc.
Here are some Spy Blog "Hints and Tips", giving some basic preecautions, and some more obscure technical tips, which both whistleblowers, journalists, and bloggers need to be aware of, in order to help preserve the anonymity of whisteleblowing or other journalistic sources, especially in the United Kingdom, but applicable in other countries as well.
Whistleblower anonymity may not always be possible, or even necessary, forever into the future, but it is usuially crucial during at least the early stages of a "leak", whilst it is being evaluated by others, to see if it merits wider publication and publicity.
Email & PGP Contact
Please feel free to email your views about this blog, or news about the issues it tries to comment on.
Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.
Current PGP Key ID: 0xA165A29480CFAA4C which will expire on 6th September 2014
You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG).
We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.
- Buying a pre-paid phone card or mobile top up calling credit voucher anonymously
- CD-ROMs and DVDs and USB flash memory media
- Common Mistakes
- Covert Channel Signals for Meetings or Dead Letter Drops
- Dead Letter Drops and Geo Caches
- Do not try to handle two whistleblowers at once on the same phone or email account
- Don't betray your sources through financial expense claims or payment authorisations
- Electronic Document Files
- Email and Encryption
- Fax Machines
- File deletions
- Further Reading
- GPS satnavs and interactive web maps
- Hard disk and USB Memory device Encryption
- LeakDirectory.org wiki
- Mole Hunts
- Open Proxy Servers
- Photo Image Files
- Photocopiers, Printers and Paper
- Physical Meetings
- Postal mail and Courier services
- Secure computer configuration checklists and scripts etc.
- Shift PrtScr - Screen Dumps and photos of Computer Screens
- Surveillance threats to bloggers, investigative journalists and political activists
- Technical ineptitude - the "bomb Al-Jazeera memo" leak
- Telephones - Pay Phone Boxes or Private Landlines
- Tor - The Onion Router cloud of proxy servers
- Trustworthy Contacts for Whistleblowers ?
- Using Mobile Phones and Wireless PDAs
- Virtual Private Networks
- Voice over IP and Communications Traffic Data Retention
- Web Browser software anonymity
- Web Bugs and Read Receipts in Emails and Attachments
- What to do if you are arrested as a whistleblower
- Whistleblower Anonymity limits
- Whistleblower middlemen, intermediaries, cut outs
- WikiLeaks.org - no longer functioning for normal whistleblowers, despite new submission system
Tor Hidden Service
In order to make censorship a little more difficult, a copy of this Hints and Tips for Whistleblowers guide is also being published as a Tor Hidden Service.
You will need to have installed the Tor software and established a working Tor connection, and then you will be able access this copy via end to end encryption and a high degree of anonymity through the Tor cloud:
If you do not have Tor installed, you can still access this Hidden Service via the tor2web.org proxy: https://r3lb3r3an7uj7bos.tor2web.org/ still with encryption, but without as much anonymity.
Convention on Modern Liberty - 28th Feb 2009
The Convention is being held in the Logan Hall and adjoining rooms at the Institute of Education in Bloomsbury, central London.
The Institute of Education
20 Bedford Way
There are video linked screenings or other parallel meetings being held across the UK in Belfast. Bristol, Cambridge, Cardiff and Manchester.
Campaign Button Links
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
FreeFarid.com- - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain
Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.
Renew For Freedom - renew your Passport in the
Summer Autumn of 2006.
The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).
Amnesty International's irrepressible.info campaign
BlogSafer - wiki with multilingual guides to anonymous blogging
NGO in a box - Security Edition privacy and security software tools
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.
Public Concern at Work - "(PCaW) is the independent authority on public interest whistleblowing. Established as a charity in 1993 following a series of scandals and disasters, PCaW has played a leading role in putting whistleblowing on the governance agenda and in developing legislation in the UK and abroad. All our work is informed by the free advice we offer to people with whistleblowing dilemmas and the professional support we provide to enlightened organisations."