Recently in Media Spin and Hype Category

Just a note that the increasingly irrelevant and discredited WikiLeaks cult is understandably upset by the arrest of the tragic Julian Assange
at the Embassy of Ecuador in London, where he has been evading Swedish sexual offences allegations for 7 years, whilst, quite frankly, taking the piss out of his diplomatic hosts.

The USA has applied for a "computer related" Extradation Warrant, which should be resisted, as it has nothing to do with the UK.
Any "bait and switch" to press further charges e.g. Espionage Act etc. if Assange is ever in USA custody, cannot happen legally under the UK or European i.e. Swedish laws,
due to the Extradition principle of Speciality.

"US warrant says that between Jan 2010 and July 2010 he conspired with Chelsea Manning to "effectuate" unauthorised disclosure."

The "computer related" allegation involve the supposed /failed offer to help crack the SIPRENET NTLM hashes to help Manning to gain more access to Diplomatic Cables ? N.B. Manning was not convicted of this.
https://www.justice.gov/usao-edva/press-release/file/1153481/download

The UK Courts should allow the Swedish government to re-activate their dormant prosecution for rape, which does not expire until mid August 2020.

"District Judge Michael Snow finds Julian Assange guilty of failing to surrender" "He sends Julian Assange to the Crown Court for sentencing as the offence was so serious"

c.f. BBC journalist Daniel Sandford's twitter account of today's Westminster Magistrates Court proceedings.

Asange will serve some time, up to 12 months, in a UK prison for breaking his Bail, but given his allegedly failing health, he will at least get hospital treatment if needed.

Hopefully the UK will be rid of him as soon as possible.

Back in December 2011:

So where exactly is the promised new WikiLeakS.org whistleblower leak submission system ? Nowhere to be seen

Now, via @a_greenberg at Wired:

WikiLeaks Finally Brings Back Its Submission System for Your Secrets

[...]

On Friday, the secret-spilling group announced that it has finally relaunched a beta version of its leak submission system,
a file-upload site that runs on the anonymity software Tor to allow uploaders to share documents and tips while protecting their
identity from any network eavesdropper, and even from WikiLeaks itself. The relaunch of that page--which in the past served as the
core of WikiLeaks' transparency mission--comes four and a half years after WikiLeaks' last submission system went down amid infighting between WikiLeaks' leaders and several of its disenchanted staffers.

[...]

The long hiatus of WikiLeaks' submission system began in October of 2010, as the site's administrators wrestled with disgruntled staff members who had come to view Assange as too irresponsible to protect the group's sources.

After 5 years of broken promises, WikiLeakS have now re-launched something which is similar to the more widely deployed open source @SecureDrop or @GlobaLealeaks platforms which several media organisations and couple of individual journalists offer, as one of the channels to contact
them securely, with or without actual leak documents.

N.B. you have to hunt for the "Submit" button link in a drop down menu on the WikiLeakS.org home page

This WikiLeakS system also relies on Tor, something which their previous efforts only used sporadically and inconsistently.

The Tor Hidden Service .onion address (which only works if you are using a Tor enabled web browser) is:

http://wlupld3ptjvsgwqw.onion

wlsubpage.png

The optional Questions on the submission form, imply that publication of the leaked data or documents can be delayed e.g. until after the
whistleblower has left their current employer, but there are no guarantees as to if, or when a document will ever be published by wikiLeakS.org.

The neglect of small scale, limited audience leaks, in favour of meglomaniacal mega leaks, is what led in part, to the revolt of so many of the early WikiLeakS volunteers against the dictatorial and cultish Julian Assange 5 years ago.

Until WikiLeakS explain in detail what happens next to a leaked document, once it has been uploaded, and exactly who has access to it, or to any
correspondence with the whistleblower, nobody, especially not "national security" whistleblowers should use this system.

Who owns the leaked documents & what is the redaction policy?

Given the previous attempts by Assange & WikiLeakS to claim exclusive ownership and copyright of, essentially, other people's stolen information,
the fact that there is no policy statement about the ownership of leaked material, is telling.

Do whistleblowers automatically hand over all rights and control over the release and any censorship or redaction of innocent 3rd parties personal details which may be in the leaked documents to Assange or to WikiLeakS ?

8192 bit GPG Key

Over 7 years after letting their first public GPG key 0x11015f8 expire without replacement,nging that there were some fake keys on (insecure) public keyservers, and whinging that some people were using PGP/GPG insecurely
(without any detailed guidance from the supposed experts at WikiLeakS.org themselves), they have now published a new 8192 bit GPG Public encryption Key:

https://wikileaks.org/index.en.html#submit_wlkey

pub   8192R/92318DBA 2015-04-10 [expires: 2016-04-09]
uid                  WikiLeaks Editorial Office High Security Communication Key (You can contact WikiLeaks at http://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk) 
sub   8192R/D6DFD684 2015-04-10 [expires: 2016-04-09]

Fingerprint: A04C 5E09 ED02 B328 03EB 6116 93ED 732E 9231 8DB

They have not explained why they have chosen to publish a non-standard 8192 bit key.

The normal user interfaces to GPG software defaults to 2048 bits or a maximum of 4096 bits).

It is possible to create 8192 bit keys (or longer) using GPG command line batch mode options.

There is no cryptographic reason to use 8192 bit key - it is not in practice any stronger than an already unbreakable 2048 or 4096 bit key.

So few people have or use 8192 bit keys, that its use makes it a characteristic marker, likely providing circumstantial evidence linking, on the balance of probabilities, any seized or stolen encrypted documents on a whistleblower's computer or USB media to WikiLeakS, regardless of the use of "throw-keyids" or the fact that the encrypted file cannot be de-crypted by the authorities or thieves.

There is no advice on the WikiLeakS.org website about how whistleblowers should use the GPG software properly, on different plaformse.g.
password lengths, extra hash protection of their private keys in the keyring, physical protection of the keyring, the use of throw-keyids etc. etc.,

Link to our copy of this Public Key

Chat system

Unlike SecureDrop, there is no leak submission contact messaging channel within the submission system workflow

WikiLeakS have added a .onion Tor Hidden Service to their existing web chat system

http://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk

N.B. the customised / branded first few digits of the chat system's Tor Hidden Service (presumably done using a GPU based hash generator like Scallion
which they did not bother with for the leaked document submission system.

They also publish a non-Tor Hidden Service url for this chat system, so it may be ok for general chat with WikiLeakS staff or volunteers,
but any "national security" whistleblower should steer clear of it, even via Tor as the chat servers can be tracked down (for potential seizure or man in the middle attacks) via the non-Tor users

Using any form of real time communications either encrypted chat or phone calls is too risky between genuine "national security" whistleblowers and a heavilly surveilled target like WikiLeakS.org
- there is no scope for "plausible deniability" or an alibi, unlike with e.g. programmatic ally time delayed sending of encrypted emails or other online publications

Arrogance & Obscurity

Julian Assange is still claiming that

https://wikileaks.org/Some-notes-on-the-new-WikiLeaks.html

Other submission technologies inspired by WikiLeaks, such as the European-based GlobaLeaks and the US-based Secure Drop, while both excellent in many ways, are not suited to WikiLeaks'
sourcing in its national security and large archive publishing specialities. The full-spectrum attack surface of WikiLeaks' submission system is significantly lower than other systems and is optimised for our secure deployment and development environment. Our encrypted chat system is integrated into this process because sources often need custom solutions.

No ! The "full-spectrum attack surface" of WikiLeakS's system is no better than that of any other Tor Hidden Service.

Potential whistleblowers have no way of judging whether WikiLeakS' secret internal computer and human systems are
any better or worse than those of SecureDrop or GlobaLeaks or other submission systems.

The next paragraph shows that Assange et al are still creating solutions to straw man problems, whilst ignoring the real risks to potential whistleblowers

For example, one of the problems with public-facing submission systems is bootstrapping. The fact that a source is looking at instructions that are telling them how to submit material could be used as evidence against them if there is an SSL key break. To prevent this, we deploy the full bootstrap instructions and keys on millions of WikiLeaks pages across our full server network. When the "Submit" button is pressed, there is literally zero network traffic as a result, because all these details are downloaded everytime anyone looks at nearly any page on WikiLeaks. We cover the source bootstrap process with our millions of page views by readers.

These "millions of web pages" are a red herring and do nothing to obscure the traffic generated by the whistleblower, especially when they choose to hit the Submit button.

The time, date and the number of bytes of data which the whistleblower uploads to WikiLeaks is still observable, regardless of the fact that it is encrypted.

If anyone on a government or military network visits any part of the WikiLeakS.org website from work, that is likely to be flagged as suspicious behaviour regardless of how innocuous the content of a web page may be.

Their submission system provides no tools and not even any advice or instructions on splitting up or combining or padding out documents
so as to hide their potentially characteristic size from ISP or state state communications data traffic analysis.


https://wikileaks.org/index.en.html#submit_help_tips

3. Do not talk about your submission to others

If you have any issues talk to WikiLeaks. We are the global experts in source protection - it is a complex field. Even those who mean well often do not have the experience or expertise to advise properly.

This includes other media organisations

The claim that "We are the global experts in source protection", is, of course, exaggerated.

WikiLeakS.org has not proved to be any better at avoiding infiltration and surveillance than other media organisations or activist groups or intelligence agencies .

Given how the main WikiLeakS source Bradley now Chelsea Manning (now serving 35 years in prison) was not handled properly as a source by Assange (publication seems to have been more important to him than the welfare of Manning) it seems unlikely that WikiLeakS will ever again be handed large scale leaks or any "national security" leaks via this submission system.

It is very telling that despite the help that Sarah Harrison later gave to Edward Snowden between Hong Kong and Moscow, he did not trust WikiLeakS or Julian Assange with his revelations.

Assange is still in self exile in the Ecuadorian Embassy in London, trying to evade extradition to Sweden on alleged sex offences.

As such, given the millions of pounds UK taxpayers' money & the Metropolitan Police Service overtime being wasted on him he is likely a very high profile target for GCHQ and other signals and human intelligence agencies.

If, as we suspect, he is still heavily involved in the WikiLeakS editorial process, he himself is probably the greatest risk to the anonymity and safety of any "national security" whistleblowers stupid enough to contact WikiLeakS.org


The increasingly Julian Assange centered WikiLeakS.org project recieved a media hype and publicity boost before Christmas 2011, when they appear to have been handed some or all of the hacked emails from the pretentious "private intelligence agency" company Stratfor.

Some of the "Anonymous" / "LulzSec" gang of hackers, who were under the influence and perhaps the control of an FBI coerced informant and agent provocateur (Hector Xavier Monsegur supposedly the LulzSec twit "Sabu") have been arrested and charged with this computer crime. They even stored the alleged millions of emails from Stratfor on a server under the control of the FBI.

See The Register: Stratfor email hackers were tricked into using Feds' server

There has been no noticable support for any of them by Julian Assange, even though at least two of them (Ryan Ackroyd "Kayla", Jake Davis "Topiary") have been indicted in the USA and could be facing extradition from the United Kingdom, unlike Assange himself, who is fighting an unjust European Arrest Warrant extradition to Sweden on sexual offences charges.

See Public Intelligence (a website which, unlike WikiLeaks.org anymore, does actually allow comments from the public on the censored or restricted documents it publishes) Anonymous/LulzSec Sabu, Kayla, Topiary, Anarchaos, Palladium, Pwnsauce Indictment and Criminal Complaints

All the above is background information relevant to the question in the title of this blog post: Why has WikiLeakS.org not published any Stratfor email headers ?

WikiLeakS.org has been milking a very small selection of Strafor emails for "maximum publicity", but with almost zero political impact, since 27th February, when they launched a subection of their main website (not, this time, chossing to use a subdomain or a different domain name like they did for collateralmurder.com)

The Stratfor emails are being touted as The Global Intelligence Files, using similar hype to that which the notorious and obviously cyber security inept Texas based private think tank likes to puff itself up with.

Julian Assange / @wikileaks twitter feed has been claiming that the formerly private rumours and speculation by Stratfor employees such as Fred Burton, who used to be employed by the US Government, are somehow actually official US Government policy or the "truth", even when other Stratfor employees have, sensibly, tagged such rumours as "single source" or "unverified".

The claim by WikiLeakS.org is that they are publishing 5 million emails, but they have not actually done so.

They have published 935 extracts in just under a month. At that rate it will be about 96 years before they publish 5 million email extracts. Surely even the second (or third) division media partners listed by WikiLeakS.org, since Julian Assange has lost the trust of The Guardian, the New York Times, Der Spiegel etc. etc., will have moved on to other stories by then ?

Despite claiming to have somehow invented "scientific journalism", whereby the original document sources of information for a story are made available to the public for expert analysis, Julian Assange has not done this with the Strafor emails, since the extracts do not contain any actual email header information, listing email clients, mailservers and IP addresses etc.

Why not ?

  • What is Assange hiding ?

  • Did the FBI controlled "Sabu" make sure that WikiLeakS.org only got a censored version of the Stratfor emails ?

  • Since there is no WikiLeakS.org secure document submission system, or published PGP Public Encryption Key, how did the Anonymous / Lulzsec/ FBI contact Julian Assange / WikiLeakS.org ?

  • Did WikiLeakS.org / Julian Assange actively reach out to the pompous "Sabu" over IRC and or Twitter ?

  • Is the Stratfor email "leak" an attempt to drag Julian Assange and other WikiLeakS.org people into the credit card fraud and computer intrusion criminal cases which are currently in motion regarding Stratfor and other Anonymous/Lulzsec targets ?


Julian Assange speaking at the Frontline international press club in London, on Tuesday 24th October 2011 claimed that:

On November 28th, the one year anniversary of CableGate, we will launch our new generation submission system.

That includes, not just, a public interface, but also several other mechanisms that are necessary to deal with an attack on the entire internet security system, that has been established over the last few years, by intelligence agencies and criminal groups.

(See the previous WikiLeak.org blog article
Julian Assange promises a new WikiLeakS.org submission system to launch on 28th November 1st December 2011)

However the press conference in London was postponed from Monday 28th November to Thursday 1st December at an unannounced location (which turned out to be the City University), before a pre-registered audience of picked journalists.

None of these picked journalists seemed to ask any technical questions or any questions about Assange's Extradition to Sweden case.

So where were the details of this "new generation submission system." (remember that the old one has been broken for over 2 years now) ?

There was no such launch immediate announcement , nor a date for a future launch.

There were no technical details at all

Neither was there any hint about a "look and feel" prototype or whether or not the source code would be made public to be examined by independent experts or the public

Even so, some media outlets are incorrectly reporting that a new submission system has somehow been launched !

Instead there was the announcement of yet Another Wikileaks Spin Off website which "revealed" some 280 documents, mostly sales brochures and presentations about surveillance industry products, which are used both by legitimate Governments to help track down criminals and terrorists and by illegitimate Governments to suppress political opponents and freedoms (some Governments do both at the same time).

http://wikileaks.org/the-spyfiles.html

The French media partner Owni has produced a snazzy interactive map of from this small dataset:

http://spyfiles.org

All of these documents appear to have been already published on other websites and (until some of them are removed) many are still available on the manufacturer's own corporate websites.

Nobody has so far managed to find any of these documents which was first made public by WikiLeakS.org,

This market research was actually done by by Privacy International (Eric King @e315) and The Bureau of Investigative Journalism and by associates of the German Chaos Computer Club e.g. buggedplanet.info (domain name registered by Andy Mueller-Maguhn @mueller_maguhn) etc.

So what exactly did WikiLeakS.org contribute to this research ? WikiLeakS.org and Tor associate Jacob Appelbaum (@ioerror) has been doing his own research into say, satellite phone / data links for use in "Arab Spring" countries but he probably would have done this even without Julian Assange anyway.

Julian Assange provided a media sound bite, by asking if any of the assembled picked audience of journalists had an iPhone or a BlackBerry (Julian raised his own hand to both of those) or used Gmail. He then vaguely claimed that they were "all screwed",but he provided no specific examples of which of the list of products could actually be used to snoop on journalists or innocent members of the public without their knowledge.

Presumably Privacy International and The Bureau of Investigative Journalism etc. whose representatives spoke briefly on the platform dominated by Julian Assange, are happy with the media coverage generated, something which may not be possible soon if Assange is extradited to Sweden and is held in custody again.

Some of their supporters, this blog included, are not so happy to see Julian Assange claiming all the credit for this research project, none of which actually involved the supposed WikiLeakS.org anonymous whistleblower leak submission and publication system at all.


Even though Julian Assange could very well be extradited from the UK to Sweden next week, to face non-wikleaks related sexual offences allegations

https://twitter.com/#!/JudiciaryUK/status/129846526171287552

Julian Assange appeal against extradition - the High Court will hand down judgment on Wednesday 2 November.

10:06 AM Oct 28th 2011

he has announced a new, re-engineered WikiLeakS.org submission system to be launched on November 28th 2011.

https://twitter.com/#!/wikileaks/status/128455207490293762

@wikileaks WikiLeaks
Assange: On November 28th WikiLeaks will launch new generation submissions system http://www.ustream.tv/recorded/18082417

1:58 PM Oct 24th 2011

http://www.ustream.tv/recorded/18082417

Julian Assange speaking at the Frontline international press club in London, on Tuesday 24th October 2011

Approx 1 hour 5 minutes near the end of the video clip:

The fallout from that was the we viewed that our submission system could not be trusted any more

So did everyone else with any clues about computer security and anonymity, including Daniel Domscheit-Berg and the "Architect", which is partly why they left in the first place.

As a result we have had to completely re-engineer, from scratch, a new generation submission system.

On November 28th, the one year anniversary of CableGate, we will

Now, wikileaks has never had only the one submission system. We've received information in a wide variety of means, just like intelligence agencies and professional, mainstream media organisations, receive their information from a wide variety of means.

It has been important to us, to always have a wide variety of means, so no one mean becomes the sole, the sole subject of infiltration or investigation.

However, for the last, for the last 12 months, for the last 12 months, you haven't been able to go through the front door to submit wikileaks sensitive, information

You've had to establish, contacts, with the organisation and transmit us the material through other mechanisms.

Is Assange claiming that people have actually been stupid enough to submit sensitive material to him in the last 12 months, through other means ?

Why has he not bothered to publish any of this new, "non-Bradley Manning" sourced stuff then ?

How exactly are these "other means" actually Anonymous or Secure ?

Remember that wikileaks stopped publishing a PGP Public Encryption Key years ago and their incompetence in using PGP as a means of symmetric encryption and then stupidly publishing their CableGate archive online around the world and the re-using the same pass phrase with Guardian journalist David Leigh, was an

Similarly, they stopped publishing a Tor Hidden Service even before they stopped accepting new submissions.

On November 28th, the one year anniversary of CableGate, we will launch our new generation submission system.

That includes, not just, a public interface, but also several other mechanisms that are necessary to deal with an attack on the entire internet security system, that has been established over the last few years, by intelligence agencies and criminal groups.

Right now, it is not possible to trust any https:// connection on the internet.

Utter rubbish !

Even wikileaks.org itself has, at various times, published a Self Signed Digital Certificate and has published the MD5 and SHA-1 cryptographic hash fingerprints, without relying on any built in web browser trust of Certificate Authorities.

It is not possible your banking system, it is not possible to trust any, regular, web based secure encryption system

What about banks which use SSL v3 Client Side Digital Certificates for mutual client / server authentication, without the need for any external Certificate Authority ?

That is because, intelligence agencies have infiltrated , a number of Certificate Authorities. Certificate Authorities are those authorities which
sign the cryptographic keys that are used for secure internet communication.

On November 28th, we will release our alternative to that system, which is independent of all Certificate Authorities

Is the something which Julian and his cult have created from scratch, or will they just steal / borrow the work of Moxie Marlinspike and SSLLabs etc. with Convergence ?

Remember that SSL / TLS encryption only provides Secrecy about most of the contents of an encrypted session, it does not provide any Anonymity, and, may in fact provide less anonymity than a non-SSL connection via a shared proxy server.

A question from the floor:

"I understand that you may be limited in what you can say, but how have you manage to get around the fact, that in your eyes, Certificate Authorities can't be trusted, with this particular submission system ?"

01:08:57

We will give full details here, on a conference, on November 28th

Full details ?? Don't hold your breath.

Will they publish the source code of their system, or even a detailed security architecture of what is is intend to actually do and protect against ?

On past performance, this is extremely unlikely.

I would like to say, that in that, this problem has been brewing over a number of years, and we were aware of it before, back in 2010, and we had a number of mechanisms to ameliorate that, ahh, thousands of robots that went out over the internet, to simulate being sources, to check to see, whether these "men-in-the-middle" or fabricated certificates existed.

So we had a number of different mechanisms to try to ameliorate that problem, but it is our view that the problem has now gone so severe, that even those attempts to ameliorate it, can no longer be trusted to the degree, that our sources expect us, to be able to solve the problem

More nonsense from the deliberately deceptive Julian Assange:

"thousands of robots" ??

At the time they claimed that this was to provide "cover traffic" to help to confuse Communications Traffic Analysis and thereby to improve the Anonymity of the submission system

This could not and would not have tested for any SSL "man-in-the-middle" attacks on the Security / Privacy of submissions.

Neither could it have detected compromised Certificate Authorities around the world, especially in places where the Government also controls international internet access.

Even if it was meant to do so, they obviously failed to detect a single example of such an attack aimed at wikileaks, or if they did, they must have covered it up.

Regardless of the technical merits of this new submission system, any whistleblower with really sensitive, life threatening information to publish, would have to be suicidal to trust Julian Assange and his WikiLeakS.org cult followers with it.


It looks as if WikiLeakS.org / Julian Assange's stupid decision to abandon use of PGP encryption, back in 2007 has come home to roost, with the revelation that they idiotically re-used a symmetric encryption key password and ineptly published a full archive of the controversial US Embassy / State Department Diplomatic Cables on BitTorrent peer to peer file sharing networks

The fact that they published this unredacted archive at all via BitTorrent shows how chaotic and incompetent Julian Assange and his motley crew of inexperienced acolytes had become after Daniel Domscheit-Berg and the "Architect" left them.

The end result is that there are now many people around the world, including all the repressive governments mentioned in the quarter of a million Diplomatic cables who can now simply search for key words like (strictly protect), to find the names of informants and information sources who have been in contact with US Embassy diplomats and who could therefore now be easily persecuted.

See the Cryptome.org for a direct file link to z.gpg or to this torrent link to the same encrypted compressed file via BitTorrent peer to peer filesharing.

John Young's evident glee that WikiLeakS.org have now published the full, unredacted archive of US Diplomatic Cables, is, in its own way, just as reprehensible as Julian Assange's indifference to the fate of vulnerable individual human beings named in the cables.

He of all people should know that the US Government neither has the time, the money , nor the inclination, nor the bureaucratic efficiency to warn or protect the hundreds of named informants or contacts, which have now been betrayed to the world, an action which has been universally condemned by WikiLeakS.org's former mainstream media partners and by human rights organisations.

This is in addition to the names of political dissidents who were in contact with the US Embassy in Belarus which Assange has already handed over to the Lukashenko dictatorship via the holocaust denier Israel Shamir.

Some "open source" / "full disclosure" advocates are making the spurious claim that the publication by WikiLeakS.org of the unredacted cables.csv and onto their searchable web site front end, is somehow better for any political dissidents or confidential sources who had dealings with the US Embassies and whose names are tagged with (strictly protect) and other markers.

Firstly, not all political dissidents in repressive countries have access to the internet at all, let alone to fast, secure, anonymous connections which would allow them to download the massive cables.csv file itself or to use the (insecure) WikileakS.org cable search websites.

None of these websites employ SSL Digital certificates or provide Tor Hidden services etc. to mask the identities of people searching for their own names or those of their family or friends.

Some of the people mentioned in the US Embassy cables several years ago, could in fact be in prison or under investigation for other reasons in 2011, without any or without any safe internet access at all. Being named as having been in contact with the US Embassy, even several years ago, could easily lead to charges of espionage etc. in insane countries like Iran.

Julian Assange's disregard for the Sensitive Personal Data of innocent individuals and his organisation's utter incompetence at handling such data securely, is indistinguishable from that displayed by many of the government bureaucracies you would expect him to be opposed to. Do not to trust him or WikiLeakS.org with any future whistleblower leak material, Find another post WikiLeakS.org website or organisation instead - see the listing and analyses at LeakDirectory.org wiki.

WikiLeakS.org and PGP Public Key Encryption

WikileakS.org abandoned even their limited use of PGP Encryption with the public or with the media, back in 2007, when they let their published PGP key expire.

Why have WikiLeakS.org abandoned the use of PGP Encryption ?

If they had been using Public Key Cryptography last year, to encrypt correspondence or documents or files using their recipients' individual Public Keys, then there would have been no password for the incompetent WikiLeakS.org activists to re-use .

Every copy of the controversial cables.csv file could have been encrypted with a different recipient's Public Key and would have had a different symmetric encryption key (which no human would could have been capable of revealing, even under torture).

Not even WikiLeakS.org / Julian Assange could have decrypted a seized or intercepted or publicly leaked copy of such an encrypted file, only the recipient with access to his or her own private decryption key could have done so.

Either Julian Assange is ignorant of how to use Public Key Cryptography (hardly likely for someone who has tried to write cryptographic software himself) or he and the #wikileaks twitter feed are lying again:

https://twitter.com/#!/wikileaks/status/109134616153169920

Encryption passwords (PGP) are permanent. David Leigh constantly lies, hence even in his own book, "snaky brits".

6.24 AM September 1st 2011

https://twitter.com/#!/wikileaks/status/109136557914603520

@ABCTech It is false that the passphrase was temporary or was ever described as such. That is not how PGP files work. Ask any expert.

6.32 AM September 1st 2011

To decrypt a file encrypted with PGP using a recipient's Public Key, you need to have physical access to the Private De-Cryption key, which is not accessible to anyone who copies or intercepts the encrypted file in transit.

Obviously the password which unlocks the Private De-Cryption Key from your PGP Keyring can be changed.

Symmetric encryption unprotected by Public Key encryption is just an option with PGP, but that is not how PGP is designed to be used to protect files in transit over the internet or on vulnerable USB memory sticks !

There was nothing, except for laziness or incompetence, which prevented Julian Assange or his followers from securely destroying the symmetrically encrypted cables.csv compressed file archive immediately after he gave it to David Leigh and then re-encrypting it from the master copy with a different key and passphrase. This master copy , we assume, given the dispute between Julian Assange and Daniel Domscheit-Berg, would have been held on a separately encrypted computer file system anyway.

The award winning investigative journalist at The Guardian newspaper David Leigh's book:

WikiLeaks: Inside Julian Assange's War on Secrecy by David Leigh and Luke Harding

did reveal on pages 138 to 139 an unnecessary password, which he rightly assumed would only be a temporary one, but which should never have been re-used by Julian Assange in the first place.

Leigh refused. All or nothing, he said. "What happens if you end up in an orange jump-suit enroute to Guantánamo before you can release the full files?" In return he would give Assange a promise to keep the cables secure, and not to publish them until the time came. Assange had always been vague about timing: he generally
indicated, however, that October would be a suitable date. He believed the US army's charges against the imprisoned soldier Bradley Manning would have crystallised by then, and publication could not make his fate any worse. He also said, echoing Leigh's gallows humour: "I'm going to need to be safe in Cuba first!"

Eventually, Assange capitulated. Late at night, after a two-hour debate, he started the process on one of his little netbooks that would enable Leigh to download the entire tranche of cables. The Guardian journalist had to set up the PGP encryption system on his laptop at home across the other side of London. Then he could feed in a password. Assange wrote down on a scrap of paper:ACollectionOfHistorySince_1966_ToThe_PresentDay#. That's the password," he said. "But you have to add one extra word when you type it in. You have to put the word '"Diplomatic' before the word 'History'. Can you remember that?"

"I can remember that."

Leigh set off home, and successfully installed the PGP software. He typed in the lengthy password, and was gratified to be able to download a huge file from Assange's temporary website.

So having given Leigh instructions about downloading and installing PGP software, Julian Assange failed to instruct him to generate a Public / Private key pair and to send him the Public Key, so that Julian could individually encrypt the the cables.csv compressed archive just for David Leigh and nobody else.

At the face to face meeting described in the book, Julian Assange could easily have given David Leigh a copy of a WikiLeakS.org Public Encryryption Key for him to install when he set up the PGP software on his laptop as instructed, or pointed him to an online version.

They could have agreed a pre-shared secret for extra authentication.

David Leigh could then have been instructed to generate his own Public / Private keypair (protected in his PGP Keyring by his own strong passphrase) and to send a Digitally Signed and Encrypted copy of his Public Key back to Jullian Assange via email etc. together with the pre-shared authentication secret, all encrypted with the WikiLeakS.org Public Key. This should have been sufficient cryptographic proof that David Leigh's Public Key was the correct one, since nobody else apart from Julain Assange / WikiLeakS.org could have read the contents of that message.

Julian Assange could then have encrypted the compressed cables.csv file with David Leigh's Public Key and pointed him to the secure website he had set up for the encrypted file to be downloaded from

This encrypted file could only have been de-crypted by someone in possession of both David Leigh's passphrase and the corresponding Private Key in the PGP Keyring on David Leigh's MacBook laptop.

If WikiLeakS.org had been regularly using PGP over the years, even inexperienced members of the cult would have been familiar with these simple, well documented concepts.

If that copy of the encrypted file had somehow been published by the incompetent WikiLeakS.org crew on BitTorrent, then only David Leigh could have decrypted it (assuming he was still in control of his PGP Keyring on his laptop computer) , even if he had published his own pass phrase in his book, rather than Julian's rather pompous one.

7-Zip compression

Then he realised it was zipped up - compressed using a format called 7z which he had never heard of, and couldn't understand.

The .7z file extension is used by 7-Zip . This is freely available over the internet, on various computing platforms and does offer more options for better compression than the standard .zip compression utilities which are built in to modern versions of the Microsoft Windows or Apple OSX operating systems, at the cost of longer compression times and more use of memory.

The 7-Zip Ultra compression option seems to be what the cables.csv file was compressed with down to i.e. only 21 % of its original size.

However to achieve this amount of compression on such a big file could take quite a while, perhaps up to an hour on an average PC. Unzipping is much quicker, a couple of minutes at most.

Compression is also built in to the PGP / GnuPG encryption software, but that produces a compressed file of about 640 MB i.e. about twice that of the of the 7-Zip version, about 41% of the original size of the monolithic cables.csv file.

Like most .zip compression software these days, 7-Zip also offers encryption, using the same AES 256 bit algorithm used by default by GnuPG / PGP, but Assange et al did not bother to make use of that.

He got back in his car and drove through the deserted London streets in the small hours, to Assange's headquarters in Southwick Mews

Assange was staying at Vaughan Smith's Frontline Club for investigative / foreign / war correspondent journalists, owned by Vaughan Smith, in whose Norfolk country estate has bedrooms at numbers 7 and 9 Southwick Mews

http://www.frontlineclub.com/club/bedrooms-1.php

He is now on bail and electronically tagged living at Vaughan Smith's country estate in Norfolk, where his supporters invent state surveillance fantasies for the credulous mainstream media - see "CCTV ANPR" or just "radar activated speed signs" monitoring Julian Assange at Ellingham Hall in Norfolk ?

Assange smiled a little pityingly, and unzipped it for him.

Now, isolated up in the Highlands, with hares and buzzards for company, Leigh felt safe enough to work steadily through the dangerous contents of the memory stick.

So, in the end, Julian Assange in fact actually handed over an unencrypted copy of the file to David Leigh, on an easily lost or stolen USB memory stick. If Assange really cared about protecting innocent people from evil governments, then he would not have allowed this to happen.

It is astonishing how the WikiLeakS.org cult propaganda machine has deluded itself that somehow it was David Leigh and The Guardian which was responsible for this cryptographic and internet publication incompetence, rather than the alleged technological privacy and anonymity expert Julian Assange and his supposedly expert helpers.

TextWrangler keyword search

Obviously there was no way that he, or any other human, could read through a quarter of a million cables. Cut off from the Guardian's own network, he was unable to call up such a monolithic file on his laptop and search through it in the normal simple-minded journalistic way, as a word processor document or something similar: it was just too big. Harold Frayman, the Guardian's technical expert, was there to rescue him. before Leigh left town, he sawed the material into 87 chunks, each just about
small enough to call up and read separately.

Probably 19 Megabytes for each of 86 chunks with a little bit left over in the 87th chunk.

Then he explained how Leigh could use a simple program called TextWrangler

TextWrangler is the "little brother" of BBEdit and is only available for the Apple Macintosh platform. David Leigh's laptop computer.is stated to have been a MacBook elsewhere in the book.

to search for key words or phrases through all the separate files simultaneously, and present the results in a user-friendly form.

So why had Julian Assange or his WikiLeaks acolytes not already broken the 1.6 Gigabyte file down into usable chunks and zipped them up into, ideally, several archive files for their mainstream media partners ?

This WikiLeak.org blog has criticised them in the past for not offering (multiple) floppy disk or even CD-ROM sized versions of their whistleblower leaks documents, as well as just large monolithic files.

Not everybody, especially people in third world countries under repressive governments, or even people using mobile internet devices, has access to fast broadband internet connections.

Is this the end of WikiLeakS.org ?

Now that WikiLeakS.org have no more secrets left to publish, will they actually get around to re-inventing themselves and re-launching a secure anonymous system without the destructive influence of Julian Assange ?

Or will the cult continue regardless and just get dragged into long legal cases ?

More evidence that Wikileaks' abuse of Twitter, instead of issuing proper, detailed Press Releases on their official website, gives the impression of either incompetent "investigative journalism" or just plain anti-US Government hate propaganda.

5.06 PM August 27th 2011
https://twitter.com/#!/wikileaks/status/107484074477760512

US marine kills Romanian rockstar. President promises to US embassy won't "serve a single day in prison" http://wikileaks.cabledrum.net/cable/2005/03/05BUCHAREST742.html


When did this happen ? Is that the then US President or the Romanian President doing the promising ? What sort of "killing" ?

It turns out to be the newly elected Romanian President, back in 2005 (over 6 years ago). The "killing" turns out to have the result of a traffic accident, probably involving drink driving by the US Marine who had diplomatic immunity as part of the US Embassy staff.

If you take this selective misquote from the diplomatic cable at face value you get the impression that the US Marine was to get off scot free due to some sort of political deal.

However if you actually bother to read the diplomatic cable which Wikileaks have published, in their current, "we don't care about anybody's personal information" data dump:

http://wikileaks.cabledrum.net/cable/2005/03/05BUCHAREST742.html

25.(C) Finally, the December 2004 accident involving the U.S. Embassy Marine Security Guard detachment commander that led to the death of Romanian rock star Teo Peter received wide press coverage and created public outcry. Basescu and his government are under considerable political pressure to make sure justice is done in a Romanian Court. Naturally, given that Marine Corps legal proceedings against the former detachment commander have not even begun, the question of extradition and lifting of the Marine's immunity cannot even be addressed at the present time. Nevertheless, PM Tariceanu and FM Ungureanu may ask for the Marine's return, possibly repeating a promise made earlier to our Ambassador by Basescu that the former detachment commander would receive a fair trial and, regardless of outcome, would not serve a single day in prison in Romania.

The deliberate omission of the words "in Romania" completely changes the meaning of the Tweet.

The democratically elected government of Romania is promising a fair trial and repatriation to the USA to serve any prison sentence , if the US Marine was to be found guilty of any charges. This is the normal, civilised state of affairs with most Extradition treaties around the world.

The wikipedia entry for Teo Peter has links to a few of the case.

If this deliberately misleading Tweet was from the army of Wikileaks cult hangers on, that would be bad enough. Wikileaks could, if pushed, issue an apology, and disassociate themselves from such alleged "supporters".

However this distortion of the truth is from the "official" Julian Assange controlled

https://twitter.com/wikileaks feed.

Any post-Wikileaks whistleblower websites should learn the lessons from Wikileaks and Julian Assange's increasingly inept handling of the mainstream media and social media.

The levels of disinformation, hype and spin which Wikileaks now relies on make them at least as untrustworthy as any Government or big business public relations spin doctors and propagandists.

The mainstream media have plenty of other, more current, more newsworthy stories to report on, so the effect of the publication of these diplomatic cables is now increasingly marginal and they are only of academic interest to future historians and to the world's intelligence agencies.

Why is there still no functioning WikiLeakS.org document submission system ?

It is puzzling why WikiLeakS.org, with all its army of cult followers and vastly more money than many other whistleblowing websites, has not re-launches itself with a secure, anonymous whistleblower leak submission system, so many months after it shut down.

See LeakDirectory.org for links to many of these and some analysis of the anonymity and security strengths and weaknesses of several of them.

The answer must be that Julian Assange does not want to relinquish any control or to be democratically accountable or transparent.


N.B. to be clear this WikilLeak.org blog is very often critical of Julian Assange for his control freakery, deceit, and disregard for other people's private personal data, but we do not think that he should be extradited to the USA to face espionage or other charges.

The European Arrest Warrant should not be allowed to be used to extradite Assange to Sweden from the United Kingdom for "investigation" purposes, without cross examination in a UK Court of prima facie evidence against him in the sordid sex allegations case.


Various German language online media are reporting that Daniel Domscheit-Berg has been expelled from the Chaos Communication Club after his presentation of the state of play of his OpenLeaks.org project at the 5 day Chaos Computer Camp at an ex-soviet airfield / military aircraft museum north of Berlin this week.

Chaos Computer Club schließt Domscheit-Berg aus

CCC feuert gegen OpenLeaks

This is only the second expulsion of a member in the 30 year history of the Chaos Computer Club - the previous one was, apparently some neo-nazi who had been abusing their infrastructure.

There is no mention of this bickering on either the official https://ccc.de or https://openleaks.org web pages, the participants have, instead decided to give interviews to the media, without bothering to inform their supporters directly (a couple of thousand of whom were gathered at the campsite).

leaks_taz_de_screenshot_450.jpg
(click for a larger screenshot image of https://leaks.taz.de in a new window)

https://leaks.taz.de

The test setup

From 12th to 14th of August 2011 this public platform is offered by German daily taz die tageszeitung, German weekly der Freitag, Portuguese weekly Expresso, Danish daily Dagbladet Information as well as the consumer protection organization Foodwatch; in cooperation with OpenLeaks. During this time you can upload documents, which will be worked on by the involved parties.

The goal of this setup is to invite you to do a security evaluation of the system during the Chaos Communication Camp 2011.

Surely nobody in the rest of the world, who is interested in the anonymity and security of whistleblowing website projects, ever considered that the temporary test server, set up in a in a tent on the outskirts of the main camp site infrastructure, was actually somehow being "officially" tested and "approved" by the CCC ?

Obviously, most of the people at the CC campsite were busy with the many other projects and causes, but some of the people with expertise and experience of whistleblowing website anonymity and security infrastructure, and relations with the mainstream media, were present and may have contributed to the discussions and the preview "testing".

As anybody who has attended these sort of hacker conventions should know, the mere act of putting up a webs server on the campsite network, will mean that it will be "stress tested" in a very hostile network environment, with lots of port scans and probes and attempts to hack into it and run denial of service attacks, but these would also happen if it was hosted at a major data centre.

But that should not be the only proper testing that the system gets before going live, a point on which here we agree with the CCC and which Daniel Domscheit-Berg also probably agrees with.

Endorsement by mainstream media brand names mentioned above provide far more public trust and credibility, whatever that is actually worth regarding a currently non-operational system, than any (non-existent) "CCC" branding or approval.

The CCC have never been known for having any kind of "approved by the CCC" branding or "approval" of computer or telecommunications projects and they are deluding themselves if they think they would ever be trusted internationally if they did so.

The CCC leaders' action (it is a properly registered legal entity with a board of directors, a constitution etc.) now gives the impression of siding with Julian Assange (who was never a member) against Daniel Domscheit-Berg.

As mentioned in his book, Daniel Domscheit-Berg and the other former WikiLeakS.org technical staff defector "the Architect", took away their own intellectual property and thereby disabled the "improved" WikileakS.org submission system

Julian Assange and his cult of supporters have never bothered to replicate even the shaky anonymity and security infrastructure which they were left with or re-launch a different, better, whistleblower leak submission and publication system, despite having plenty of volunteers and money to do so.

The president of the CCC Andy Müller-Maguhn, who some of us once elected to the board of the ICANN which regulates internet domain name registration and appeals procedures, seems to have been trying to mediate between Julian Assange and Daniel Domscheit-Berg for nearly a year over the return of this encrypted data to Julian Assange.

Since there is no evidence that the current WikiLeakS.org team is capable of handling the data securely (their current website does not even bother to use an SSL / TLS Digital certificate any more) they cannot be trusted any more than Daniel Domscheit-Berg can be.

The current OpenLeaks.org project may not yet have published its software as an Open Source project, which is what the purists at the CCC would like, but then neither has WikiLeakS.org nor any other whistleblower website.

Even if they did so, there is no guarantee that the specific computer and networking configuration settings and infrastructure used by a particular website are not actually counteracting any anonymity or security functions built in to the Open Source software.

All that the CCC board needed to do was to issue a press release making it clear that there was no official CCC endorsement of the OpenLeaks.org project.

The breakdown in mediation attempts the CCC may have tried between Julian Assange and Daniel Domscheit-Berg are not proper grounds for expelling the latter from the Club.

Some of the wrongdoers who have something to hide from public scrutiny and might therefore fear the OpenLeaks.org project, will be smiling to themselves at this display of disunity amongst the German section of the tiny minority of people around the world with the technical skills and attitude to make a difference.

Expelling Daniel Domscheit-Berg, without also criticising the current WikiLeakS.org cult, has damaged the reputation of the Chaos Computer Club internationally.

What about the Wau Holland Foundation and OpenLeaks.org ?

The registered charity the Wau Holland Foundation, which is controlled by CCC sympathisers, may not now be available the Openleaks.org project, as a channel for receiving financial donations from supporters, a service it currently performs for WikiLeakS.org.

If OpenLeaks.org gets some money from its media partners, this may not matter too much, but until there is a virtuous circle of whistleblower trust and actual mainstream media publication of leaks via OpenLeaks.org, they will always be short of money.

OpenLeaks.org may still be able to make use of PayPal etc., to receive financial donations from individuals, something which WikiLeakS.org no longer can do, as they have managed to annoy and get banned over the years, due to their lack of financial transparency and their perceived anti-American political bias.


Given the popularity of Peer to Peer (P2P) networks for file sharing and the close links between WikiLeakS.org original web hosts in Sweden and their former links with The Pirate Bay "The world's most resilient bittorrent site", WikiLeakS.org leaked documents have always been available on P2P networks.

The recent Bloomberg news agency story

WikiLeaks May Have Exploited Music, Photo Networks to Get Data

gives prominence to some dubious claims by a US based Peer to Peer Network spying company called Tiversa.

Bloomberg and Tiversa provide no evidence of any direct link between the alleged
appearance of the US Military files on incompetently configured personal computer systems running P2P software (in contravention of the applicable computer security policies) and the publication of re-named files on Wikileaks, months or even years later.

The Bloomberg article itself lists the months or sometimes years between the alleged appearance of a few US military documents on P2P networks open to the entire internet, and the publication of what is alleged to be copies of the same versions of those documents on the old, no longer functioning, WikiLeakS.org wiki system.

They cannot have it both ways.

Either it is legal for everyone, including firms like Tiversa to monitor such networks (for money) in bulk, in real time, all over the world, "1.8 billion times a day" by running "rogue" monitoring nodes joined to these P2P networks, or it is not.

To attempt to claim that just because they monitored "4 IP address in Sweden", that this is somehow evidence that WikiLeakS.org themselves were trawling for documents on P2P networks, is an incredible double standard, given the amount of such trawling which originates from the USA and even from Tiversa itself.

Tiversa's cause célèbre. was their discovery of the US Presidential helicopter documents, something which strongly implies that they themselves also downloaded copies of such documents, both from the useless US Defense Contractor and from the alleged computer in Iran.

Such activity is itself certainly illegal in many countries and would probably amount to espionage according to the evil Iranian authorities.

Remember there is no proof that the discovery of an alleged download by a particular computer IP address actually means that any human has even noticed or read any such documents, in all likelihood they have not, simply due to the volumes involved - see the various internet snooping projects derived from Echelon by intelligence agencies like the NSA and GCHQ etc and their rivals.

Initially the WikiLeakS.org website just assumed that people would "seed" copies of their published documents into P2P networks. They later started to formally provided Magnet URI links to such documents on their download pages, but of course these are now no longer functional.

Perhaps OpenLeaks.org or any other successors to WikiLeakS.org, if they ever get off the ground, will also seed P2P networks and provide Magnet links as well.

There is a link on the current WikiLeakS.CH website and on its hundreds of risky mirror websites, to a compressed archive of BitTorrent index files, which can be used to download around 20,000 documents which have been published on WikiLeakS.org i.e. not the big "Bradley Manning" disclosures, which got their own dedicated web sites.

However, if you are planning to "research" these for your forthcoming blog or mainstream media article, tv documentary, book, film etc. remember your IP address will be tracked by Tiversa and other private sector and government spies.

Given the legally toxic nature of some of these WikiLeakS.org documents, depending on the legal jurisdiction you fall under, you may be breaking various laws by downloading or possessing copies of these documents e.g. government official secrecy, espionage, lèse majesté, copyright, contempt of court etc. . You should probably keep any files you download in an encrypted volume using, for example TrueCrypt

WikiLeakS.org has never bothered to provide any such warnings or advice to its readers.

We constantly seem to be criticising the arrogant or inept use of Twitter by the wikileaks.org political activists.

They have actually tried to "Do The Right Thing" by pointing this Tweet to a fuller actual multi paragraph Press Release.

https://twitter.com/#!/wikileaks/status/25785171399671808

WikiLeaks condems US embargo move | Press Release http://wikileaks.ch/WIKILEAKS-PRESS-RELEASE.html

5:23 AM Jan 14th

This press release web page does seem to have been copied to some (perhaps all) of the hundreds of Mirror websites which mirror WikiLeakS.CH.

However, they are still giving the impression of shambolic amateurism or of an ongoing internal power struggle within the ranks of the people with website editing privileges.

Incredibly, there is still no link to this or any other Press Release on the new WikiLeakS.CH website menu structure.

There is no link to this on the WikiLeakS.CH mirror sites either.

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail or Protonmail etc. accessible via the Tor anonymity cloud.

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • James Hyams: I'm writing a thesis on Public Trust in WikiLeaks, the read more
  • rich kaplan: Hello Wikeleaks vrew. In Turkey , the islamist goverment just read more
  • wikileak: Cryptome have a few more extracts from this book http://cryptome.org/0003/ddb-book/ddb-book.htm read more
  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Bahnhof Internet seem to be hosting two Wikileaks servers in read more
  • teresa: I THANK THEY JUST TO SHUT HIM UP. THEY THINK read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more

April 2019

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30