WikiLeakS.org and the TipiT.to tip jar - another "web bug"

| | Comments (15)

WikiLeakS.org is still not publishing any of their old or new whistleblower leaks, whilst still asking for new whistleblower leak submissions, and, still asking for money.

They now seem to have got themselves a TipiT.to tip jar, run by a company called Like It Tipit Ltd, based in the United Kingdom and the Netherlands.

https://tipit.to/wikileaks.org

which accepts Euros, US Dollars or GB Pound currency donations via credit card or the (mostly) Netherlands based iDEAL online payment system.. TipiT.to seem to be using the Netherlands based AdYen internet payments system for credit cards.

The TipiT.to terms of service make it clear that any responsibility for taxation lies with WikiLeakS.org.

However, now casual visitors to the suspended WikiLeakS.org web page will see a typical "appeals thermometer" graphical image.

https://tipit.to/img/thermo?style=1&tipjarId=1&currency=EUR&goal=5000000&since=20100124&width=150&background=c0c0c0

tipit_to_wikileaks_org_261.jpg

Note the target "goal" of 50,000 Euros.

Another "web bug":

Even though the PayPal graphic is now being served locally, rather than as a Deep Link from the Canadian fishing supplies website, this Web Bug problem has simply been replaced by a new one.

The new "thermometer appeal" graphical image is not a static graphical image, served locally from the WikiLeakS.org web servers. (like the above screen capture graphic is being served from the WikiLeak.org web space)

It is a dynamic image, generated remotely on the fly, presumably to show how much of the target has been achieved, as per the "appeals thermometer" theme.

This means that the TipiT.to webservers, and the Amazon Web Services, Elastic Compute Cloud, EC2 instance which they use, are collecting Communications Traffic Data logfiles, including visit time and date, IP address, Web browser details, language settings etc., from most of the visitors to the WikiLeakS.org page, even if they do not intend to proceed to the tip jar donations form.

Will anybody be monitoring or automatically screen scraping and logging, the WikiLeakS.org TipIT tip jar, or even the TipiT.to home pages, which display the amounts of money of the last 10 or so tips received ? Obviously some of these donations or tips are pseudo anonymous, but several people seem to be leaving their names and comments of support, which they may or may not regret later.

N.B. since the TipiT.to webs server does not appear to be serving a robots.txt file:

http://tipit.to/robots.txt

it may well be that snapshots of the "latest tips / financial contributors" to WikiLeakS.org and any other website will be captured by automatically and "forever", by Google, Yahoo, Bing and other web search engines..

The embedded YouTube video script remains as before, also potentially betraying the anonymity of visitors to the WikiLeakS.org website, in log files over which WIkiLeakS.org have no control.

Why is the simple website anonymity protection measure of serving copies of graphical images only from your own web server so difficult for the WikiLeakS.org people, who one would expect to live and breathe internet anonymity and security, to understand ?

15 Comments

"Why is [this] so difficult for the WikiLeakS.org people...to understand?"

Because it's not important to them, clearly. They have never taken any serious or credible effort to ensure the anonymity, privacy, or security of their users, visitors, contributors, et cetera, and I really cannot see that changing any time soon, if ever. They would much rather, from what I can tell, feed their egos and narcissism by exploiting the work of others than do any of their own. Oh, and they'd collectively like about $400,000 in annual wages for doing so, too - that for a collective of, what, a half-dozen or so people working part-time? Nice gig, if you can get it...

The PayPal link now seems to have been restored.

The Register report

Wikileaks pledge drive hobbled by PayPal suspension

has been updated:

PayPal's spokeswoman said it had lifted the suspension on Saturday, suggesting it had been triggered by anti-money laundering systems.

Saturday was the 23rd of January, the day when WikiLeakS.org changed their web page and announced the suspension of their PayPal account.

Are Paypal and / or WikiLeakS.org being completely honest and transparent about this incident ?

@ Nemo - they must have spent some fraction of the money on server hosting and bandwidth costs.

Surely they will eventually have to produce some sort of audited accounts for the German tax authorities, or else the Wau Holland Stiftung will lose its charitable status ?

€ 2098 in the TipiT.to tip jar for WikiLeakS.org so far

€ 2268 in the TipiT.to tip jar for WikiLeakS.org

Will this now drop off significantly now that the PayPal link has been restored ?

I believe their bandwidth and hosting costs are - or so they claim - $200,000 p/a, or a bit over 16,000 USD per month, which is pretty absurd. Then again, they don't provide any accountability as to what that money gets them, so... who knows.

Ideally, they claim, they would also like another $400,000 p/a to pay the "staff".

€ 2364 in the TipiT.to tip jar for WikiLeakS.org

The other $400,000 is supposedly for the "local newspaper / wikileaks exclusivity deal" expansion plan.

I would not begrudge them paying some staff expenses or even core staff salaries out of their $200,000 "budget", but they should publish, even approximately, what is spent on what.

They might even be offered free or cheap hosting or bandwidth deals, if they were more open about it.

TipiT.to seem to have stopped displaying the running total of WikiLeakS.org donations.

Interesting that they've stopped displaying the running total. I wonder if that was TipIt's idea, or that of the oh-so-accountable WikiLeakS.org folks?

I also note that they've scrapped the target date, and now merely promise to return "soon". Given that they claim to need 70K USD, and are apparently receiving somewhat less than one-thousand USD per day, it could be April before they reach their target.

Like you, I firmly believe that if they want money, they should provide at least a rough estimate of where it's going. I also suspect it's never going to happen...

The total can still be viewed here:

http://tipit.to/tipjar/wikileaks.org

...along with some interesting data on the donors.

2641 GBP just at the moment.

€ 3338 euros in the tipjar.

The main WikiLeakS.org page has finally been re-jigged with a Yahoo theme

 	< !--  following style tag content:
        Copyright (c) 2009, Yahoo! Inc. All rights reserved.
        Code licensed under the BSD License:
        http://developer.yahoo.net/yui/license.txt
        version: 2.7.0
    -- >


There is now a third method of online donatios, using MoneyBookers.

At last, the Payment Button images are being served from the local WikiLeakS.org web servers, and not from remote sites.

http://wikileaks.org/static/gfx/tipitButton.png

http://wikileaks.org/static/gfx/moneybookersLogo.gif

http://wikileaks.org/static/gfx/paypalLogo.gif

That was not too difficult, was it ?

Unfortunately they still have not done the same for the embedded YouTube video.

"Total tipped € 22438.88 "

TipIt.to seems to have gone "tits up" at the end of February 2010 due to "fraudulent transactions"

http://blog.tipit.to/2010/02/prolonged-downtime-of-key-features/

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • wikileak: TipIt.to seems to have gone "tits up" at the end read more
  • wikileak: "Total tipped € 22438.88 " read more
  • wikileak: € 3338 euros in the tipjar. The main WikiLeakS.org page read more
  • Nemo: The total can still be viewed here: http://tipit.to/tipjar/wikileaks.org ...along with read more
  • Nemo: Interesting that they've stopped displaying the running total. I wonder read more
  • wikileak: "My U.S. Credit Card Was Deactivated After I Sent $20 read more
  • wikileak: TipiT.to seem to have stopped displaying the running total of read more
  • wikileak: The other $400,000 is supposedly for the "local newspaper / read more
  • wikileak: € 2364 in the TipiT.to tip jar for WikiLeakS.org read more
  • Nemo: I believe their bandwidth and hosting costs are - or read more

December 2014

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31