Has WikiLeakS.org "anonymous uncensorable whistleblower" website gone live prematurely or not ?

|

What exactly are the people in control of WikiLeakS.org up to ?

Their "anonymous uncensorable whistleblower" allegedly "easy to use" website project has been quiet recently, after showing a Wiki front end, and hinting at some still secret secure backend infrastructure, which is, ironically, meant to be based on Open Source software.

We were expecting that the next stage of development might be, for example, the copying of a section of the public Wikpedia content, to demonstrate some secure, anonymous Editing and Discussion tools. WikiLeakS.org should allow and encourage users to anonymously register as page editors and to use tools like Tor The Onion Router, which is specifically and controversially blocked by Wikipedia.

We look forward to seeing what the WikiLeaks.org solution is to Wiki edit wars and spam.

We cannot yet trust a system for which, rather like the UK Government's control freak national centralised biometric database and ID Card system, there is still no published detailed security architecture, let alone any Open Source computer source code.

WikiLeakS.org have successfully generated a lot of hype and interest from the world's media regarding their leak of an alleged Kroll Associates report circa 2004 into the corruption of the then Kenyan government ruling clan and its hangers on:

WikiLeakS.org article:
The looting of Kenya under President Moi

which links to

KTM report.pdf - intermediate download page with information about file size etc. N.B. this naming convention is confusing - there is no "dot" between "KTM" and "report.pdf"

This then links to the actual 3.7 Megabyte Adobe .pdf format file (110 pages)

https://secure.wikileaks.org/leak/KTM_report.pdf

All well and good, and the document itself, looks plausible.

Even if you are not that specifically interested in Kenyan politics, it seems to provides a list of banks, lawyers and financial front men etc. who may be involved with other corrupt governments e.g. Zimbabwe

However, this document was not presented as another stage in the testing of the prototype WikiLeakS.org anonymous, uncensorable back end infrastructure. Instead it was hyped out to the world's media via an embargoed Press Release, the classic technique of the old symbiotic and parasitic relationship between the Mainstream Media and Anonymous Government Sources i.e. it looks just like some successful Public Relations Media Spin.

Ordinary members of the public like us were not consulted, or allowed to comment or analyse the document on the WikiLeaks.org wiki pages, until well after it had been released.

Many of us are reluctant to do so on those WikiLeaks.org pages, because we still have no idea for sure, who is monitoring our IP addresses, proxy server addresses, cookies , web browser user agent strings etc.

Despite acknowledging that the primary target audience for this document was within Kenya and perhaps the surrounding countries , and that the internet infrastructure there can be slow or very slow, the document was published as a horrible Adobe .pdf file containing no ASCII text, just image scans, around 3.7 Megabytes in size.

This is of use the minority of people who may try to analyse the authenticity of the document by examining the typefaces, flaws, apparent underlinings and high-lightings etc. in the images, but it is of little use to the Kenyans, if they cannot read any of it.

No doubt due to the high level of interest from the media around the world, we needed over half a dozen attempts to download the document from the https://secure.wikileaks.org server in Germany, despite connecting via a fast connection through a major ISP.

We applaud the use of a standard SSL/TLS encrypted webserver i.e. https:secure.wikileaks.org ,for the download, but we are puzzled why the abstact page and even the rest of the whole of the WikiLeakS.org website does not by default also use SSL/TLS session encryption, when it has a perfectly good DIgital Certificate to do so with i.e.

https:///wikileaks.org/wiki/The_looting_of_Kenya_under_President_Moi

N.B. WikiLeakS.org really should explain somewhere, the strengths (a high level of protection from your local systems administrator, less likely to be blocked by Government firewalls etc.) and weaknesses (e.g. possible Man-in-the-Middle credential replay attacks, logging of your real IP address even through your ISP or other open proxy servers) of relying on standard one way trust SSL/TLS webserver to web browser session encryption, but does not do so.

Why could the WikiLeakS.org activists not have split up the 110 page document into say 4 parts, with the Table of Contents and Executive Summary, and three chunks of around 34 pages each ? These would have been more likely to have been downloaded successfully, especially on slow internet connections.

Such chunks would also have fitted onto 1.44Mb Floppy Diskettes, which are still very common around the world - not everyone has access to USB Flash memory sticks or iPods etc,

Only after the initial publication, did the WikiLeaks.org people call for volunteers to Optically Character Read (OCR) and proof read the text of the document, and to "wikify" it.

Why could they not have put out this call to their big list of volunteers before publication ?

Remember that this document was not anonymously uploaded by a member of the worldwide general public, but by someone affiliated with the core WikiLeakS.org team of activists, with privileged access, because the Secure Upload features have still not yet been tested in public.

Neither has there been any public test of any secure, Anonymous Wiki Discussion or Editing tools.

Whilst it is obvious why this document, if it is genuine, should be published ahead of the forthcoming Kenyan elections in November, there is no obvious reason why it had to be rushed out this Friday, in such a user unfriendly state.

Have the technologically inept activist Pointy Haired Bosses somehow manged to overrule the technical expert Dilberts ?

Worryingly, there are no caveats about the personal details which are revealed in this document e.g. the names and addresses of people culled from public land registry and property ownership and company registration databases in western countries.

Whilst, if the Kroll Associates document is genuine, it is likely that most of these names and addresses are genuinely connected with the Kenyan government criminal money laundering scams, there are several similar spellings and different middle initials, some of which may belong to people who are innocent of the skullduggery.

WikiLeakS.org does not provide any warnings about this, and there is a danger that journalists and anti-Kenyan Government corruption activists will harass some innocent people, without having checked and cross referenced with other sources.

If this Kenyan corruption report is meant as some sort of systems test, it seems to be the wrong way to inspire any confidence in the technical side of WikiLeakS.org.

If it is seen as just some opportunistic political media spin doctoring, this will damage the reputation of the project, even if the alleged Kroll Associates report proves to be completely genuine, something which has not yet been established.

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

December 2014

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31