PayPal suspends donations to WikiLeakS.org, who then "web bug" their own website

| | Comments (10)

We wonder what effect, if any, the suspension of the WikiLeakS.org PayPal button will have on their funding, whilst they are still offline, pleading for money.

The current WikiLeakS.org web page (Saturday 23rd January 2010) :

WikiLeakS_org_home_page_23jan2010_433.jpg

Support us financially

Pay by credit card or PayPal worldwide

Note the PayPal graphic, but not one actually locally hosted on the WikiLeakS.org web servers ! See below.

Paypal has as of 23rd of January 2010 frozen WikiLeaks assets. This is the second time that this happens. The last time we struggled for more than half a year to resolve this issue. By working with the respected and recognized German foundation Wau Holland Stiftung we tried to avoid this from happening again -- apparently without avail.

We are working on resolving this issue as fast as possible. Please use our bank accounts for direct transfer in the meantime, or contact wl-donations@sunshinepress.org for any further questions.

WikiLeaks is not the only non-profit organization with this problem. This is a regular occurrence, that from our perspective should not be tolerated by the global community using this payment system.

PayPal usually suspends non-profit organisations, because PayPal have to comply with local taxation laws involving the tax exempt status of such organisations, and with the world wide anti-money laundering red tape and bureaucracy.

You end up having to send them details of your charitable status, or, failing that, proof that you have a bank account in the name of your group etc.

WikiLeakS.org have "web bugged" most of their home page visitors

WikiLeakS.org proudly boasts that none of the identities of any of their whistleblower sources have been compromised. We have always been critical of their much more lackadaisical approach to the anonymity of the web site visitors, who may be just curious or who may be informed analysts who have the knowledge and experience to comment intelligently on the whistleblower leak documents - some of these people need to preserve their anonymity from snoopers, just as much as whistleblowers do.

Such visitors to the website home page will almost certainly also include the actual whistleblowers themselves, at some point before, during or after, they upload their potentially sensitive documents.

What then, were the WikiLeakS.org web team thinking of, by using a PayPal image which is hosted on a Canadian angling supplies website called www.alainfishing.com ?

"Fishing" for PayPal donations is going to make quite a few people wonder if this is a "phishing" scam.

Looking at some of the current WikiLeakS.org home page HTML source code, they appear to have commented out their PayPal link to the Wau Holland charitable foundation in Germany, but they are deep linking (for no good reason) to a PayPal web graphic, hosted on a third party website, a Canadian sports angling website which sells brightly coloured fishing bobs


<p> <b>Pay by credit card or PayPal worldwide</b><br>
<img src="http://www.alainfishing.com/en/images/paypalIcon.gif">

<!--- <form action="https://www.paypal.com/cgi-bin/webscr">
<input type="hidden" name="business" value="vorstand@wauland.de">
<input type="hidden" name="cmd" value="_donations">
<input type="hidden" name="hosted_button_id" value="9801043">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_name" value="WikiLeaks donation">
<input type="hidden" name="lc" value="en">
</p>
<p>Message with your donation:</p>
<p> <input type="text" name="item_number" value="">
</p>
<p>Enter amount:<br />
<select name="currency_code">
<option value="USD">USD
<option value="EUR">EUR
<option value="GBP">GBP
<option value="CAD">CAD
<option value="AUD">AUD
<option value="NZD">NZD
<option value="SEK">SEK
<option value="DDK">DDK
<option value="NOK">NOK
<option value="CHF">CHF
<option value="HKD">HKD
<option value="HUF">HUF
<option value="ILS">ILS
</select>

<input type="text" name="amount" style="width: 4em; text-align: right;" value="25.0"><br />
</p>
<p> <input name="submit" type="submit" style="margin-top: 1em;" value="Choose payment type"><br />
<span style="font-size: smaller;">(PayPal, VISA, Mastercard and more accepted)</span>
</form>
</p>--->

This effectively means that the web server log files of www.alainfishing.com, are now tracking most of the visitors to the WikiLeakS.org web page - in effect WikiLeakS.org have web bugged their own supposedly anonymity protected website.

This potentially compromises the anonymity of the vast majority the WikiLeaKS.org home page visitors, regardless of whether they are interested in PayPal or not, and anyone foolish enough to try to submit a whistleblower leak at the moment, without any timescale of when or if it will ever be published by the (suspended) WikiLeakS.org project.

This "web bug" effect also applies to the embedded YouTube Video of the Berlin 26C3 conference speech. (see WikiLeakS.org presentation at 26C3 - will Iceland become a WikiLeakS.org Publishing Data Haven ?).

A link to YouTube or, if they ever get it working again, to PayPal, should be illustrated with a local copyof the graphic, hosted on the WikiLeakS.org web servers , which supposedly do not keep log files.

Such links should also carry an "anonymity health warning", that clicking on them will make a connection with an external website, over which WikiLeakS.org have no control, and which will leave detectable electronic footprints.

10 Comments

PayPal is out of control. People use PayPal and expect STABILITY. But people wake up only to find that PayPal has frozen their money for NO REASON. It's time to leave PayPal in droves. Great PayPal alternatives @

http://screw-paypal.com/alternatives/alternatives.html

http://screw-paypal.com/alternatives/alternatives_non_ebay.html

If you think PayPal is playing fair, here is PayPal's User Agreement exposed for what it is:

http://screw-paypal.com/tos_exposed_section/tos_exposed.html

SCREW PAYPAL!

@ Kimberly - the reasons for the first PayPal suspension, and how it was resolved have not been made clear by WikiLeakS.org - they do not publish any sort of audited financial accounts.

It is also not clear why PayPal have suspended the Wau Holland foundation account, given that it is a weekend, do not expect any news on this until next week.

None of the alternatives to PayPal listed in your links above offer a global service.

the paypal image bug was fixed

@ "rt trtrt" - what was so difficult about using a locally hosted copy of the graphic in the first place ?

One would have expected WikiLeakS.org to be constantly aware of internet tracking issues and of obvious website visitor anonymity protection techniques like this.

N.B. the embedded YouTube video clip script still means that the YouTube server logfiles (and all the foreign governments and internet companies are monitoring those logfiles or connections) are still collecting Communications Traffic Data time, date, IP address, Browser type, language settings etc.) on most of the (visitors to the still suspended WikiLeakS.org website, even those who choose not to play the video clip itself.

One of the files that was leaked was a government document about the dangers posed by leftwing groups using the free information exchange on the internet. It seems just a little too convenient that this free exchange of information is suddenly rendered impractical by numerous obstacles.

Smart whistle blower won't submit the content through the website, but rather throught the TOR hidden website. It's way safer.


If I was to drop confidential data on wikileak, I would made damn sure that everything I did had every layers of encryption possible...

@kimberly ---

I'm sure those "PayPal alterbatives" will quickly become wonderfully useful tools for jihadists and other Islamic terrorist sympathizers who want to anonymously transmit funds to, oh, gee, I dunno, maybe Al-Shahab (affiliated with al-Qaeda) in Somalia, or radical Islamist groups in Britain, Germany or Scandinavia.

As outrageous a concept as this may seem to you, you actually DON'T have any "right" to anonymously donate funds to groups that advocate or engage in criminal behavior.

Assange is a terrorist sympathizer with a 'hate-on' for America and the U.S. government. His leaking of the names of Afghans who helped and aided U.S. and Coalition troops in the fight against Al-Qaeda and the Taliban has directly led to the Taliban actively searching for and hunting those people so that it can KILL THEM.

@ Willy - all the online payment systems regularly supply "suspicious transaction" reports to their local law enforcement and financial industry regulators etc. under Anti Money Laundering and Counter Terrorism laws and regulations.

It would be much easier to track terrorist funding if they did actually use such online payment systems, rather than word of mouth / family connections based informal banking systems which have been running for hundreds of years such as Hawala or couriers with suitcases of cash or "big business" or "drug smuggler" style tax avoidance / evasion / money laundering schemes through tax havens and dummy corporations etc.

Can you name one Afghan who was mentioned in the censored wikileaks documents who was not already on the Taliban hit list (i.e. local provincial Governor, local Police Chief, local village head man) ?

Any Confidential Human Intelligence Sources should never have been named in those general purpose war diary daily log reports anyway.


@ TOR, damnit - yes, except that wikileaks have stopped publishing a Tor Hidden Service and they are no longer accepting any new submissions at all.


@ Willy - Dont be absurd, odd he may be, but Assange is NOT a terrorist sympathiser, anyone with half a brain can see that. Apart from that My reservations towards him have decreased and my sympathy for him has increased due to these overt bullying tactics from everyone but particularly Pay Pal and by extension Ebay. I have never been to this blog until now, due to Pay Pals actions. So stupid of them, it can only increase public support for Wikileaks. PayPals actions are counter productive as well as hypocritical in the extreme!

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • common sense: @ Willy - Dont be absurd, odd he may read more
  • wikileak: @ TOR, damnit - yes, except that wikileaks have stopped read more
  • wikileak: @ Willy - all the online payment systems regularly supply read more
  • Willy: @kimberly --- I'm sure those "PayPal alterbatives" will quickly become read more
  • TOR, damnit.: Smart whistle blower won't submit the content through the website, read more
  • John Doe Conspiracy Theorist: One of the files that was leaked was a government read more
  • wikileak: @ "rt trtrt" - what was so difficult about using read more
  • rt trtrt: the paypal image bug was fixed read more
  • wikileak: @ Kimberly - the reasons for the first PayPal suspension, read more
  • Kimberly: PayPal is out of control. People use PayPal and expect read more

December 2014

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31