WikiLeakS.org seems to have recently changed the templates for their leaked document download pages.
These used to provide both an unencrypted http:// download URL and an SSL / TLS encrypted session https:// one.
However, now you are presented with what looks tt first glance to be several Download Mirror URLs, in several different countries.
This is, unfortunately, rather misleading, as with one exception, all the URLS actually still point to the same Single Point of Failure webserver IP address in Stockholm, Sweden: 88.80.13.160
i.e. you are given the apparent choice of downloading the document from the ./leaks/ directory at the following URLs:
- Sweden http://wikileaks.se
- US http://88.80.13.160.nyud.net
- Sweden2 http://file.sunshinepress.org:54445
- Latvia http://riga.ax.lt
- Slovakia http://bratislava.iypt.sk
- UK http://wikileaks.org.uk
- Finland http://wikileaks.fi
- Netherlands http://wikileaks.nl
The http://file.sunshinepress.org:54445 URL has been used regularly before, although it is hard to believe that there are likely to be many locations which have firewall or other policies which block access via http:// port 80 or https:// port 443, but still allow port 54445 connections.
The diversity of the domain names, provides redundancy against the legalistic court order attacks against the main wikileaks.org domain name, as per the court case in the USA case brought by Bank Julius Baer and their shyster lawyers Lavely & Singer back in February 2008.
The US download URL ending in ".nyud.net" is actually making use of the Coral Content Distribution Network project. This is a collaborative volunteer project, run by the Stanford Secure Computer Systems group at Stanford University in Palo Alto, California, USA, which creates an international distributed cache and content distribution service, with servers in several different countries.
This Coral CDN project is independent of WikiLeakS.org, but they, and many other people make use of it, especially when they have popular, newsworthy content which overloads their own servers and bandwidth. The recent Sarah Palin email screenshots were, for example, available for a time, via this system, even though WikiLeakS.org could not cope with the demand.
It is unclear if the WikiLeakS.org publishing workflow scripts actually click on the Coral CDN URL e.g. http://88.80.13.160.nyud.net/leaks/;eaked-document.pdf, thereby pulling it into the Croal CDN server cache network, and making it available if WikiLeakS.org server in Stockholm is offline. Perhaps the workfow process simply published the URL, and hopes that someone else will seed the Coral CDN with copies of the leaked document.
It is still possible to download a leaked document via SSL, but this involves manually replacing, for example
http://wikileaks.se/leak/leaked-document.pdf
with
https://wikileaks.se/leak/leaked-document.pdf
and then noting, and dealing with any warnings and requests for permanent or temporary exceptions, when your web browser software detects that the Digital Certificate belongs to secure.wikileaks.org, and not to the domain name in the "cover name" URLs listed above (with the exception of the Coral Content Distribution Network URL, which does not accept SSL connections).
Most people visiting the WikiLeakS.org leaked document download pages will not be aware of this, and will, potentially, betray the fact that they have downloaded a particular document, something which the WikiLeakS.org project does not clearly warn them about.
However, even SSL / TLS encryption does not necessarily protect the anonymity of the people who choose to download censored documents from WikiLeakS.org.
With any particular leaked document file, which eventhough it is SSL / TLS session encrypted securely, there is a very good chance that the actual or approximate size of the file i.e. the number of bytes downloaded, is enough information with which to characterise, with a high degree of probability, which of the files being published by WikiLeakS.org has been downloaded by a particular computer IP address, at a certain time, on a particular date.
This may well be enough to provide legal proof, or at least investigative leads or suspicions, about who the people are who have downloaded that leaked document, especially when their local Internet Service Provider is under pressure to hand over log files to lawyers or law enforcement or intelligence agencies, who are hunting down a leaked document, possession of which may have copyright or national security implications.
Alternatively, users of Tor. The Onion Router project, , can still protect (to a high degree, but not with absolute certainty) the anonymity of their plaintext http:// or encrypted SSL / TLS https:// session download.
It is completely unclear, as to whether the WikiLeakS.org project team have ever considered or rejected ideas such as padding out leaked documents to one of several standard file lengths, so as to provide more "plausible deniability" against Communications Data Traffic Analysis, for readers and downloaders who use the WikiLeakS.org website.
Recent Comments