A couple of recent "leaks" which would not have been protected simply by using the forthcoming WikiLeakS.org system to publish them

| | Comments (3)

A couple of "leak" stories which are of relevance to the WikiLeakS.org project (which has now made public more of its Wiki front end pages, although actual upload and editing functionality has not yet been enabled):

  1. A report in The Times (19th July 2007) about the embedded EXIF data which reveals the Camera Model and Serial Number, which may be used to force the Camera Manufacturer to help to trace the photographer who leaked images of the latest Harry Potter book onto the internet. The risk of being tracked down by copyright lawyers and their private and police investigators would be the same, even if the proposed WikiLeakS.org system had been used in this case, since, currently, there do not seem to be any plans to strip out (optionally or by default) such potentially traceable EXIF meta data.

  2. Home Office Watch the Liberal Democrat blog which monitors some of the activities of the UK Home Office reveals how an extremely controversial "Big Brother" surveillance policy document was either accidently or deliberately leaked, by being hidden within the background briefing papers regarding a merely "highly controversial" "Big Brother " surveillance policy statement:

    Police to get live access to road CCTV


    The proposal is to introduce new legislation to give police routine, open door access to all number plate recognition data collected by third parties - Transport for London initially, but in the long run any council or transport authority that runs these cameras.

    There will be extensive debate about the merits and disadvantages of these proposals, so instead of that I thought I’d recount the more amusing story of how the story got out.

    The government tabled a Written Ministerial Statement explaining about the new arrangement between TfL and the Metropolitan Police. They sent it to Hansard and to the House of Commons Library, who forwarded it to interested MPs.

    Unfortunately, someone forgot to turn off "track changes".

    The statement had been written over a wholly separate internal document marked "Policy - Restricted" which set out details of:

    - the plans to roll out the London scheme nationally with legislation in the autumn
    - the split with the Department for Transport over the proposals
    - the government’s "handling strategy" for proposals they themselves dub “Big Brother”


    The "track changes" facility in Microsoft Word wordprocessor software and file formats has been responsible for sevearl journalistic or political activist "scoops" in the past.

    As such interested parties become more familiar with the technique / feature / privacy or security vulnerability, it may be, that in certain circumstances, the ability to "hide" all or part of a more secret document, within another document entirely, or a supposedly redacted or censored version of a document, which is released to the public, may actually be a useful "plausible deniability" option for Government or Corporate whistleblowers and journalistic or other anonymous sources

    However, again, the current (not yet functional) online or postal WikiLeakS.org anonymous publishing submission system, does nothing by default or optionally, to check for the presence of such forgotten "track changes" version control data, which might well allow the source of the whistleblower leak to be traced.

    Remember, that sometimes, such hidden EXIF meta data or word processor "track changes" version control data, hidden within a file may actually be the most interesting and informative part of the official document itself.


Your link to wikileaks.org is incorrectly spelt, both the link and the HTML...

@ RubberBaron - thanks for spotting that error, hopefully it is fixed now.

Comments on the Kenyan Government corruption report later when I have read it.

please put a prominent link to http://wikileaks.org/ as there is a lot of press using the non-plural mistakenly

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail


Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

Amnesty International's irrepressible.info campaign

BlogSafer - wiki with multilingual guides to anonymous blogging

NGO in a box - Security Edition privacy and security software tools

Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • Wikileaks: please put a prominent link to http://wikileaks.org/ as there is read more
  • WikiLeak: @ RubberBaron - thanks for spotting that error, hopefully it read more
  • RubberBaron: Your link to wikileaks.org is incorrectly spelt, both the link read more

November 2018

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30