Recently in Website Infrastructure downtime and denial of service Category

Apologies for the hiatus in blogging about the WikiLeakS.org soap opera, there are plenty of better things to do with limited resources.

We cannot be bothered to remember why the WikiLeakS.org front end web server was no longer hosted by PRQ Internet in Stockholm, leading to the use of dodgy Russian "bulletproof hosting" / cyber crime friendly ISP, whilst the main website ended up at WikiLeakS.ch, with the help of the pan-European Pirate Party (a genuine political party representing a minority of IT literate voters).

There were also experiments with Cloud Hosting suppliers like Amazon EC2 in Ireland and OVH in France, but WikiLeakS.org broke their terms of service and / or they succumbed to political pressure.

Whether the actual backend server(s) are still hosted by another Swedish ISP Bahnhof in a former nuclear war shelter is unclear.

However, WikiLeakS.org website and email system now appears to be back with PRQ Internet again, the ISP which hosted them during the dangerous-internet-freedom attack through the US Federal Court system, on their US Domain Name registrar, by the Swiss private bank Bank Julius Baer.

IP address: 88.80.2.31
Host name: wikileaks.org

Alias:
wikileaks.org
88.80.2.31 is from Sweden(SE) in region Scandinavia

[...]

6 138 138 138 209.130.172.178 te-4-4-gblx.sto1.se.portlane.net
7 138 138 138 80.67.0.134 gi-1-15-i2b-demarc.sto1.se.portlane.net
8 249 141 141 193.104.214.94 -
9 139 138 138 178.16.212.34 sth-sln1-crdn-1-po-3-0-810.sitabinfra.se
10 141 141 141 178.16.212.2 cust-prq-nt.i2b.se
11 138 138 138 88.80.2.31 host-88-80-2-31.cust.prq.se

The return to PRQ Internet makes WikiLeakS.org less resistant to attacks on the DNS providers through the legal system or through Denial of Service attacks, since they only currently list the USA based DynaDot name servers:

ns2.dynadot.com [50.112.108.69]
ns1.dynadot.com [50.112.107.96]

Compare this to wikileaks.ch, which sports multiple DNS servers in multiple legal jurisdictions:

v217241437.yourvserver.net
marmotta.brabbel.ch [217.147.219.146]
lou.porcus.ch [46.20.241.57]
ns1.twisted4life.com [202.157.182.142]
ns2.easydns.com [72.52.2.1]
s2.s3cr3t.de
arjeplog.scnr.ch [80.246.50.106]
dns2.easydns.net [72.52.2.1]
dns1.syshack.org
ns1.pcdog.ch [85.124.251.171]
ns1.buzzernet.net

The Wired.com Danger Room preview article WikiLeaks Defector Slams Assange In Tell-All Book by Kim Zetter, about Daniel Domscheit-Berg's forthcoming book, seems to confirm many of the suspicions and speculations about the apparent internal rifts within the WikiLeakS.org project, which this blog has commented on over the years.

[...]

WikiLeaks founder Julian Assange lost control of his site's submission system in an internal revolt last fall, and has never regained it, according to a tell-all book penned by the organization's top defector, who accuses Assange of routinely exaggerating the security of the secret-spilling website and lying to the public about the size and strength of the organization.

Although WikiLeaks has claimed for months that its submission system is down due to a backlog of documents it has no time to process, Daniel Domscheit-Berg writes in Inside WikiLeaks that he and a top WikiLeaks programmer seized the submission system when they defected from the organization last September, along with documents in the system at the time.

[...]

Last August, in the wake of rape allegations against Assange as well as criticism that the site had mishandled the names of informants in Afghan documents the site published with media partners, Domscheit-Berg and two WikiLeaks programmers fed up with the way things were being run, staged a halfhearted mutiny. They disabled the WikiLeaks wiki and changed the passwords to the Twitter and e-mail accounts. In response, Assange shut down the whole system, causing the mutineers to cave in. But within weeks, Domscheit-Berg and one of the programmers had left WikiLeaks for good and taken the submission system with them.

They seized the system because they had doubts Assange would handle the documents securely, due to lack of care he had allegedly shown for submissions in the past.

"Children shouldn't play with guns," Domscheit-Berg writes. "That was our argument for removing the submission platform from Julian's control ... We will only return the material to Julian if and when he can prove that he can store the material securely and handle it carefully and responsibly."

The submission system had been recrafted by the programmer, whom Domscheit-Berg refers to only as "the Architect", after he became frustrated with the jerry-built infrastructure Assange, and perhaps others, had set up when Wikileaks launched in December 2006, according to the book. WikiLeaks had been running on a single server with sensitive backend components like the submission and e-mail archives connected to the public-facing Wiki page. The Architect separated the platforms and set up a number of servers in various countries.

In a statement Wednesday, WikiLeaks essentially confirmed Domscheit-Berg's version of why the site's submission system is missing. The organization said the system remains down months after Domscheit-Berg left because his "acts of sabotage" forced the organization to "overhaul the entire submission system" and the staff lacks time to do so.

The statement does not explain why Assange had previously claimed the submission system was down by design to stop an already huge backup of documents from growing even larger.

Domscheit-Berg writes that he and the Architect won't release the unpublished documents and will return them to WikiLeaks once Assange builds a secure system. Noting that the current site has no SSL support, Domscheit-Berg warns that anyone who visits the site to read submission instructions could be monitored.

"The current system has become a security risk for everyone involved," he writes.

Domscheit-Berg told Threat Level in an interview on Sunday that the hijacked leaks only include those submitted since the time the system came back online in July following an outage, and the time it went down permanently. Anything submitted before then, or via other methods, would still be in Assange's possession.

[...]


Domscheit-Berg began working with Assange after meeting him at a hacker conference in Germany in December 2007. Although WikiLeaks claimed to have hundreds of volunteers and an untold number of staffers, the organization consisted essentially of Assange and Domscheit-Berg, who pored through submissions, did little more than simple Google searches to verify documents and posed as non-existent staffers in e-mail and other correspondence to make WikiLeaks seem heftier than it was.

The two were later joined by "the Technician" in 2008 and "the Architect" in 2009, both of whom assumed responsibility for the technological infrastructure, while Assange and Domscheit-Berg handled content and media relations. That is, until internal fighting began in 2009. Initially, the fights were over Assange's lack of transparency in handling donated funds, but eventually encompassed everything from the security of sources and submissions, to Assange's lack of trust in Domscheit-Berg, and Assange's relations with women.

[...]

When journalists asked about problems with WikiLeaks' infrastructure, Domscheit-Berg would purposely confuse them with technobabble. He writes that it was amazing how often their obfuscation strategy worked. "To create the impression of unassailability to the outside world, you only had to make the context as complicated and confusing as possible," he writes. "It was the same principle used by terrorists and bureaucrats. The adversary can't attack as long as he has nothing to grab hold of." The truth was, he notes, their "technical infrastructure was a joke and irresponsible. If someone knew where the server was located they could have shut WL down permanently ... We were acting irresponsibly, playing a risky game with our sources' trust and our supporters' donations."

Until WikiLeaks began working with media partners in 2010, it did little vetting of submissions beyond simple Google searches to see if documents seemed legitimate. This proved to be a problem when someone identified in a Julius Baer document as having a secret Swiss bank account claimed he'd been misidentified. Domscheit-Berg says the source who gave them the documents had also "included some background information he had researched about the bank's clients." But the source had apparently confused a Swiss account holder with a German man who had a similar name. When the German threatened to sue for slander, Assange and Domscheit-Berg added a caveat to the document saying, "according to three independent sources" the information might be false or misleading. The three independent sources, however, didn't exist. Domscheit-Berg says they made them up.

[...]

Will WikiLeakS.org ever resume operations for new whistleblower leak submissions ?

So will OpenLeakS.org really be any better than the WikILeakS.org smoke and mirrors confidence trick which this article portrays ?

N.B. OpenLeakS.org currently appears to have lost its https://OpenLeakS.org capability, despite, quite wisely, publishing the Digital Certificate details on

http://openleaks.org/content/contact.shtml

The SSL certificate we use for this website has the following fingerprints:

* SHA-1: 2F:A8:72:54:8F:CB:06:F1:02:39:D2:8C:1F:6B:FF:0A:22:1F:EB:36
* SHA-256: 5B:DE:F3:19:70:E7:D7:68:41:AE:75:20:C2:20:CB:78:1D:DE:81:A7:FE:8D:7D:0F:64:BD:69:E6:3E:AC:FE:47

The serial of the certificate is 01:00:00:00:00:01:2C:F1:12:3A:99.

The WikiLeakS.org domain name is currently no longer resolving to an IP address.

DynaDot,com, the California USA based Domain Name Registrar, which was successfully defended against interference in Bank Julian Baer court case does still have the WikiLieakS.org domain name registered..

Do remember this core wikileaks.org "brand" Domain Name was, incompetently, allowed to expire in the past. (see WikiLeakS.org domain name expires at Dynadot.com)

However, this Domain Name registration only points to a single, free Domain Name Service provider, EveryDNS.net, which supports lots of free, community based domain names.

They have now decided to protect the thousands of other people who rely on them from the "collateral damage" of Denial of Service attacks aimed at WikiLeakS.org.

WIkiLeakS.org, as usual, did not bother to respond to the termination of service warnings until it was too late.

EveryDNS.net, a provider of free managed DNS services, supports nearly 500,000 websites worldwide.

At 10PM EST, on Wednesday December 1, 2010 a 24-hour termination notification email was sent to the email address associated with the wikileaks.org account. In addition to this email, notices were sent to Wikileaks via Twitter and the chat function available through the wikileaks.org website.

Any downtime of the wikileaks.org website has resulted from its failure to, with plentiful advance notice, use another DNS solution.

Yesterday, pursuant to the EveryDNS.net Acceptable Use Policy the primary DNS hosted domains were disabled. Today, also in accordance with the EveryDNS.net Acceptable Use Policy, the secondary DNS hosted domains, including wikileaks.ch, were disabled.

EveryDNS.net is not taking a position on the content hosted on the wikileaks.org or wikileaks.ch website, it is following established policies. No one EveryDNS.net user has the right to put at risk, yesterday, today or tomorrow, the service that hundreds of thousands of other websites depend on.

As usual, rather than issuing a full press release by email or on a web page, the self important one way broadcast via the Twitter account has been used to state that wikileaks has been under Denial of Service attacks.

https://twitter.com/wikileaks/status/9578593516523520

We are currently under another DDOS attack

Tue Nov 30 12:04:49 UTC 2010

and

https://twitter.com/wikileaks/status/9609091915718656

DDOS attack now exceeding 10 Gigabits a second.

Tue Nov 30 14:06:00 UTC 2010

However when it come to EveryDNS.net,

https://twitter.com/wikileaks/status/10567274838622208

WikiLeaks,org domain killed by US everydns.net after claimed mass attacks KEEP US STRONG [...]

Fri Dec 03 05:33:29 +0000 2010

Note the use of the words "killed" and "claimed " and "US".

Instead of some words of thanks or understanding, to an organisation which has supported WikiLeakS.org throughout its lifetime, for free, this Tweet implies that EveryDNS.net are lying about their understandable reasons for dropping wikileaks.org from their DNS name servers.

Is this what you get for supporting the wikileaks technical infrastructure ?

The WikiLeakS.org team have now set up

http://wikileaks.ch

facilitated by the Swiss Branch of the Pirate Party (http://piratenpartei.ch)

At least this domain name does now have Domain Name Servers from more than one provider, based in two legal jurisdictions (.ch - Switzerland and .net - USA)

They have also modified the set up of

http://wikileaks.nl [46.59.1.2]

and

http://wikileaks.de [88.80.13.160]

which resolves back to one of the original WikiLeakS.org machines in Sweden

These simply now use 301 Permanent Redirects to point to

http://213.251.145.96/

the http://wikileaks.ch webserver running on the

213.251.145.96 - 213.251.145.111

IP address range allocated to Wikileaks by the Internet Service Provider OVH based in France.

More on this new website in a future blog article.

Why they have not bothered to update their DynaDot.com registration to point to new Domain Name Servers could be due to:

a) Incompetence.

b) A cynical ploy to gather sympathy for being censored.

c) More evidence of an internal rift or lack of communications between different parts of the the wikileaks team.


As with every major WikiLeakS.org media frenzy in the past, the WikiLeaKS.org web servers cannot cope with the high demand caused by their release of (name censored) US military SIGACT (Significant Action) reports.

Yet again they have chosen to create a dedicated website for these "Iraq War Diaries" (http://warlogs.wikileaks.org/) and the main http://wikileaks.org website untrustworthy and misspelled message that it is "currently underoing scheduled maintenance" (it has been so for over a week)

Also, predictably, we are getting blog searches for WikiLeakS.org documents even though it is clearly stated that none of them are here.

We are also getting irate emails , including, and a couple of death threats from people who claim to be supporters of US military, who cannot aim properly on the internet, thereby breaking the Acceptable Use terms and conditions of their Internet Service Provider contracts and several criminal laws.

is it any wonder that there have been so many unnecessary "blue on blue" / "friendly fire" attacks and casualties ?

Perhaps the WikiLeakS.org people are in the process of changing, or mending, their currently useless website.

The IP address of their main web servers, which are still hosted by PRQ internet in Stockholm, Sweden, has changed

IP address: 88.80.2.32
Host name: wikileaks.org

IP address: 88.80.2.32
Host name: www.wikileaks.org

IP address: 88.80.2.32
Host name: secure.wikileaks.org

There is still no Digital Certificate for https://secure.wikileaks.org

You may catch glimpses of the home page or the submissions page etc. from their reverse web cache, or from your own browser or ISP caches, but the main WikiLeakS.org site is currently non-functional.


secure_wikileaks_org_Digital_Cert_expiry_12June2010_450.jpg

(at 09:00 GMT Saturday 12th June 2010)

Most reputable, professional, organisations with a pubic website, which ask for personal or financial details etc. use Transport Layer Security (TLS) / Secure Sockets Layer (SSL) encrypted web sessions, especially for web forms which include sensitive data.

This is implemented through the https:// prefix in the address bar or embedded Uniform Resource Locator (URL) web page links in the vast majority of modern web browser software.

The encryption software is built in by default into your web browser and operating system, but for an encrypted session to be established, a Digital Certificate needs to be installed on the web server.

These bind an official web server DNS domain name and and organisation name to a particular asymmetric public encryption key, which then allows your web browser to establish an encrypted session with the web server, which protects that session with a private, symmetric cryptographic algorithm key e.g. AES, 3DES, RC4 etc.

You can create your own Digital Certificate and "self sign" it, but most web browser software will then flash up various warnings and ask you to make "do I really trust this website" decisions, which will certainly scare off any cautious people.

Most reputable organisations fork out some money for a Digital Certificate bought from one of the main Certification Authorities, which at least insist on (usually) only issuing a Digital Certificate to the domain name owners of the particular web server and perhaps running some sort of elementary credit check / company name and address check.

Since these major Certificate Authorities are trusted by default by your web browser software (you can usually choose to remove them from the trusted list, if you can be bothered) no warnings will frighten off potential customers etc, if a current Digital Certificate is in use.

Since such Digital Certificates are bought and renewed usually on an annual or multi-year basis, when they expire, then Invalid Certificate or Expired Certificate warnings automatically appear.

Professional, trustworthy organisations do not let their Digital Certificates expire, they purchase a new Digital Certificate before hand either to be valid from the expiry of the old one, or more usually, with an overlap period, so that they have time to correct any administrative or technical configuration errors with the new Certificate, whilst the old one is still valid.

A new Digital Certificate usually requires the generation or installation of a new Private Encryption Key on each of the Web Servers which it applies to. This may require physical access to the data centre, or at least secure remote control of those servers.

Will WikIleakS.org manage this Digital Certificate rollover properly and professionally ?

Will they replace their obsolete, potentially forgeable RapidSSL MD5 signed Digital certificate with a new one ?

They have until 16:14:01 Greenwich Mean Time today, Saturday 12th June 2010 to do so,

If they do not do this , then their https://secure.wikileaks.org web form, the only secure method of uploading "whistleblower leaks" via their website will be broken, as they seem to have abandoned both Tor Hidden Services and PGP email / file encryption

UPDATE 18:00 GMT

Sadly, we are not surprised that the https://secure.wikileaks.org Digital Certificate has not been properly rolled over and replaced.


secure_wikileaks_org_This_Connection_is_Untrusted_450.jpg

The main WikiLeaks.org website seems to have returned online, after the 6 month fund raising strike, which was punctuated by high profile releases, and one way Twitter broadcasts.

Some changes are evident:

  • The wiki Special Pages which showed recent updates have been turned off.
  • The uploaded document files now only download from the unencrypted http://file.wikileaks.org, without any SSL or Tor protection as they used to.
  • Torrent and Magnet downloads are offered instead.

They still have not bothered to get a new SSL / TLS Digital Certificate which does not use the deprecated MD5 cryptographic hash.

Of more concern is, that whilst some old Comments and analyses on the "leaked" documents by the public, are available, you can no longer submit any new ones.

There is no wiki in WikiLeakS.org


The WikiLeakS.org website has yet again extended its "publication strike", which it has been on since before Christmas 2009, until, supposedly January 15th 2010.

[UPDATE: 19th January 2010: - the Yet Again Extended Deadline of Monday 18th January has come and gone, but the WikiLeakS.org "anonymous" publication service is still suspended, with no announcement of any new target date]

They did seem to re-introduce a link for "secure submissions" on the 11th January, but why should anyone leak stuff to them, with no immediate prospect of publication ?

Their Disclaimer makes some bold claims:

Disclaimer

You
Submit a document for us to publish and, in order to maximize its impact, distribute amongst our network of investigative journalists, human rights workers, lawyers and other partners.

We
We will publish and keep published the document you submitted, provided it meets the submission criteria. Your data is stored decentralized, encrypted and as a preserved historic record, accessible in full by the public.

The information you submit will be cleaned by us to not be technically traceable to your PDF printing program, your word installation, scanner, printer.

We also anonymize any information on you at a very early stage of the WikiLeaks network, and our services neither know who you are nor do they keep any information about your visit.

We will never cooperate with anyone trying to identify you as our source. In fact we are legally bound not to do so, and any investigation into you as our source is a crime in various countries and will be prosecuted.

Note, however,that this Disclaimer link does create a presumably unique session tracking URL, probably so that they can show, via yet another link, a meta re-fresh page which shows the upload progress of your file submission.

The Disclaimer says "our services neither know who you are nor do they keep any information about your visit. ", but it is still unclear if this really applies to these presumably unique session identifiers which may well be stored in logfiles or content management database associated with the "decentralized" file storage system.

Remember taht one way of identifying a potential whistleblower using an SSL / TLS encrypted web submission form, is to analyse the amount of data uploaded.

If , say, a large document or video clip appears on WikiLeaks.org, and the only person who has uploaded several megabytes of data to them is you, then you may have betrayed your identity to local investigators, regardless of the fact that they didi not read the contents of the encrypted session.

Perhaps people should be encouraged to upload several dummy "chaff" files ,clearly marked as such to be deleted, simply to help hide the true "leak" document".

This should never be a sneaky "automatic by default" action, but should be an option which is transparent to the whistleblower.

On a more positive note, at least the new Submission form, now gives some space for the whistleblower to add some notes into a separate field:

If you want to give us more context and details about your submission please, feel free. Any information you can provide will help with verification and maximing the impact of your submission

This could include "anonymous" contact details, email addresses, PGP Encryption / SIgning keys, disposable mobile phone numbers etc

However it should be made much clearer, that this potentially identifying personal information will not be published.

There must also be credible assurances as to how this whistleblower contact data will be protected within the WIkiLeakS.org organisation.

WikiLeakS.org still offline

|

WikiLeakS.org still appear to be offline, although they were supposed to be back in operation on January 11th.

Currently their main web servers / reverse proxy servers:

wikileaks.org [88.80.28.193]

and

secure.wikileaks.org [88.80.13.160]

are online , but they do not appear to be serving web pages.

N.B. this independent blog discusses the ethics and technology of the WikiLeakS.org project - it does not mirror any copies of the "leaked" documents.
.

WikiLeakS.org and Twitter

|

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a couple of particularly newsworthy leak. e.g. the mirroring of the book by a Danish former Special Forces commando, published by a newspaper ahead of an attempt by the Danish Military to censor it via a court injunction, and the publication of some of the Royal Mail's Post Code zone databases in the United Kingdom (not available for free in the UK, unlike in other countries).

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the Twitter happy mainstream media..

These are either the "most newsworthy" ones, or, the ones deemed to be most worthy of exploitation, by the politically biased WikiLeakS.org core editorial activists .See the Entropic Memes blog article Does Objectivity Matter Anymore?, which documents some of this non-neutral editorial bias.

More usefully, WikiLeakS.org have also started to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden. e.g.


Thu, Sep 17 2009 4:27 PM
http://twitter.com/wikileaks/status/4057416924

Some routing issues in Sweden. We are investigating. Tor .onion remains available and selected static mirrors

and then

Thu, Sep 17 2009 5:23 PM
http://twitter.com/wikileaks/status/4058597947

Conventional web service back. Routing issues fixed


N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

Twitter itself publishes RSS syndication feeds of any Twitter channel, so you could follow the WikiLeakS.org tweets through blog feed aggregators like Google Reader or Bloglines etc.

WikiLeakS.org publishes some RSS syndication feeds itself, for Press Releases and Leaked Documents (or both):

http://wikileaks.org/wiki/RSS

and there are other RSS feeds available from most pages, as a standard feature of the MediaWiki software which they use.

Obviously none of these are of any use for up to date system overload or downtime status reports, which is where the use of Twitter, which obviously uses different internet infrastructure, is a positive step forward.

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • James Hyams: I'm writing a thesis on Public Trust in WikiLeaks, the read more
  • rich kaplan: Hello Wikeleaks vrew. In Turkey , the islamist goverment just read more
  • wikileak: Cryptome have a few more extracts from this book http://cryptome.org/0003/ddb-book/ddb-book.htm read more
  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Bahnhof Internet seem to be hosting two Wikileaks servers in read more
  • teresa: I THANK THEY JUST TO SHUT HIM UP. THEY THINK read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more

November 2018

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30