What exactly are the people in control of WikiLeakS.org up to ?
Their "anonymous uncensorable whistleblower" allegedly "easy to use" website project has been quiet recently, after showing a Wiki front end, and hinting at some still secret secure backend infrastructure, which is, ironically, meant to be based on Open Source software.
We were expecting that the next stage of development might be, for example, the copying of a section of the public Wikpedia content, to demonstrate some secure, anonymous Editing and Discussion tools. WikiLeakS.org should allow and encourage users to anonymously register as page editors and to use tools like Tor The Onion Router, which is specifically and controversially blocked by Wikipedia.
We look forward to seeing what the WikiLeaks.org solution is to Wiki edit wars and spam.
We cannot yet trust a system for which, rather like the UK Government's control freak national centralised biometric database and ID Card system, there is still no published detailed security architecture, let alone any Open Source computer source code.
WikiLeakS.org have successfully generated a lot of hype and interest from the world's media regarding their leak of an alleged Kroll Associates report circa 2004 into the corruption of the then Kenyan government ruling clan and its hangers on:
WikiLeakS.org article:
The looting of Kenya under President Moi
which links to
KTM report.pdf - intermediate download page with information about file size etc. N.B. this naming convention is confusing - there is no "dot" between "KTM" and "report.pdf"
This then links to the actual 3.7 Megabyte Adobe .pdf format file (110 pages)
https://secure.wikileaks.org/leak/KTM_report.pdf
All well and good, and the document itself, looks plausible.
Even if you are not that specifically interested in Kenyan politics, it seems to provides a list of banks, lawyers and financial front men etc. who may be involved with other corrupt governments e.g. Zimbabwe
However, this document was not presented as another stage in the testing of the prototype WikiLeakS.org anonymous, uncensorable back end infrastructure. Instead it was hyped out to the world's media via an embargoed Press Release, the classic technique of the old symbiotic and parasitic relationship between the Mainstream Media and Anonymous Government Sources i.e. it looks just like some successful Public Relations Media Spin.
Ordinary members of the public like us were not consulted, or allowed to comment or analyse the document on the WikiLeaks.org wiki pages, until well after it had been released.
Many of us are reluctant to do so on those WikiLeaks.org pages, because we still have no idea for sure, who is monitoring our IP addresses, proxy server addresses, cookies , web browser user agent strings etc.
Despite acknowledging that the primary target audience for this document was within Kenya and perhaps the surrounding countries , and that the internet infrastructure there can be slow or very slow, the document was published as a horrible Adobe .pdf file containing no ASCII text, just image scans, around 3.7 Megabytes in size.
This is of use the minority of people who may try to analyse the authenticity of the document by examining the typefaces, flaws, apparent underlinings and high-lightings etc. in the images, but it is of little use to the Kenyans, if they cannot read any of it.
No doubt due to the high level of interest from the media around the world, we needed over half a dozen attempts to download the document from the https://secure.wikileaks.org server in Germany, despite connecting via a fast connection through a major ISP.
We applaud the use of a standard SSL/TLS encrypted webserver i.e. https:secure.wikileaks.org ,for the download, but we are puzzled why the abstact page and even the rest of the whole of the WikiLeakS.org website does not by default also use SSL/TLS session encryption, when it has a perfectly good DIgital Certificate to do so with i.e.
https:///wikileaks.org/wiki/The_looting_of_Kenya_under_President_Moi
N.B. WikiLeakS.org really should explain somewhere, the strengths (a high level of protection from your local systems administrator, less likely to be blocked by Government firewalls etc.) and weaknesses (e.g. possible Man-in-the-Middle credential replay attacks, logging of your real IP address even through your ISP or other open proxy servers) of relying on standard one way trust SSL/TLS webserver to web browser session encryption, but does not do so.
Why could the WikiLeakS.org activists not have split up the 110 page document into say 4 parts, with the Table of Contents and Executive Summary, and three chunks of around 34 pages each ? These would have been more likely to have been downloaded successfully, especially on slow internet connections.
Such chunks would also have fitted onto 1.44Mb Floppy Diskettes, which are still very common around the world - not everyone has access to USB Flash memory sticks or iPods etc,
Only after the initial publication, did the WikiLeaks.org people call for volunteers to Optically Character Read (OCR) and proof read the text of the document, and to "wikify" it.
Why could they not have put out this call to their big list of volunteers before publication ?
Remember that this document was not anonymously uploaded by a member of the worldwide general public, but by someone affiliated with the core WikiLeakS.org team of activists, with privileged access, because the Secure Upload features have still not yet been tested in public.
Neither has there been any public test of any secure, Anonymous Wiki Discussion or Editing tools.
Whilst it is obvious why this document, if it is genuine, should be published ahead of the forthcoming Kenyan elections in November, there is no obvious reason why it had to be rushed out this Friday, in such a user unfriendly state.
Have the technologically inept activist Pointy Haired Bosses somehow manged to overrule the technical expert Dilberts ?
Worryingly, there are no caveats about the personal details which are revealed in this document e.g. the names and addresses of people culled from public land registry and property ownership and company registration databases in western countries.
Whilst, if the Kroll Associates document is genuine, it is likely that most of these names and addresses are genuinely connected with the Kenyan government criminal money laundering scams, there are several similar spellings and different middle initials, some of which may belong to people who are innocent of the skullduggery.
WikiLeakS.org does not provide any warnings about this, and there is a danger that journalists and anti-Kenyan Government corruption activists will harass some innocent people, without having checked and cross referenced with other sources.
If this Kenyan corruption report is meant as some sort of systems test, it seems to be the wrong way to inspire any confidence in the technical side of WikiLeakS.org.
If it is seen as just some opportunistic political media spin doctoring, this will damage the reputation of the project, even if the alleged Kroll Associates report proves to be completely genuine, something which has not yet been established.
