GlobaLeaks will be present at the 39° Congress of The Nonviolent Radical Party, Transnational e Transparty. Here is the statement: GlobaLeaks: Transparency & Public disclosure at their best GlobaLeaks strives to increase accountability and transparency in our society. When information that … Continue reading →

In the last week I’ve worked on a pretty relevant feature in GlobaLeaks. I believe that dedicating a blog post to explain this feature could be useful.

The problem faced was one of the most relevant in any whistleblowing platform: “how much a data receiver could trust the anonymously received data?”

We know that if an anonymous source send a block of data, it can either be:

• a person trying to hide his identity for security and privacy reasons.
• a person who is pretending to be someone else.

This is an issue that we can’t allow to damage the reliability of a service like Globaleaks, which is supposed to protect the identity of the submitter (and so keeping track of anonymous submissions has to be considered a feature and NOT a problem).

In fact, no technological solution exists: the only way to approve anonymous material is to check the effective correlation of the data. We need to verify if the anonymous data matches with the open source intelligence available, or matches with the previously collected information, in order to insert the new data into a larger picture. If the new data fit, it could be trusted. If not, it could be dangerous. This analysis could require a lot of time by the receiver, and time is a resource not always available: a technological solution can’t solve this problem, but some technical features could be helpful in speeding up the human process.

Let’s make some brainstorming. Having a notice dependent from a single source document could be a dangerous exposition for the journalist or for anyone that accept to believe an anonymous source “leaked” files. [note: leaked is intended for stolen or loss, submitted data mean normally handled by the whistleblower].

What can be the solution ? In the globaleaks point of view, that’s collaborative filtering.

Additionally, the amount of spam, invalid data, fake data, unbelievable data, incomplete data, could be high in an context [1] where whistleblowing could be in the hands of everyone.

How this collaborative filtering has been implemented ? Every receiver can express a single vote about the “pertinence” of a submitted data.

Globaleaks wants to be usable in every context: from “internal audit” of a corporation, to websites that complain about environmental abuse, to corrupted behavior in public agencies. The usage contexts are so different that maybe some features can be useful only in a specific implementation. Anyway, the collaborative filtering is something that we thought could be helpful in almost every usage. follow those example with us:

Corporate internal audit: the amount of notifications can be proportionally high based on how many employees works in the company, may increase if anonymous submission are available, may increase if no strong integrity check is performed in the submitted data. The result could bring the internal audit to be overwhelmed by not so useful submissions. How those features could be helpful ?

The feature of the feedbacks become helpful to give an answer at the whistleblower, explain if the case could be followed, in which time and steps. The (many ?) times the whistleblowing platform role has been misunderstood, the feature could be used to give a standard polite answer.

The collaborative filter could be useful to implement the escalation of the submission. Maybe the internal audit manager need to be updated only when a serious event is reported, and in the GlobaLeaks software is now possible to configure that a receiver will be notified only when a Tulip has reached a certain amount of positive votes from the first line reviewers.

Media relationship: in this context, verifying the source, collect all the possible proof before declaring a breaking news, and the possibility of exchanging information with the whistleblower are all extremely evaluable. the feedbacks mechanism, extremely similar to an anonymous comments interface, will permit to deeply explore the submitted material in order to finalize the truth.

In our opinion (but this is just an idea about journalism ethics with anonymous sources), the default point of view needs to be: “trust no one“.
Every submitted source could be an invalid, misleading and deceptive document forged by someone that wants to abuse your media power.  A journalist that aim to guarantee a precise and correct information service can use a “leaked” information only when that could fit in the previously collected and trusted intelligence, only when different sources can approve that document and by cross checking it expose the data consistency. A collaborative interface, where the reviewer and the whistleblower could (optionally) cooperate, remaining anonymous and gradually reach the truth, is an extremely important achievement.

From the globaleaks point of view, we aim to provide a software inclusive of all imaginable security, privacy and collaboration features. This software has to cover every usage in the whistleblowing context, and therefore your doubts, ideas and analysis are welcome! join
people@globaleaks.org mailing list to discuss (or cooperate, if you’re interested).

These features have been added in the last github commits. In these days, a lots of new code will be submitted, stay connected! ;)

[1] for who have no idea of what GlobaLeaks aim to be: a free software able to provide a multi purpose whistleblowing platform.

My last post about GlobaLeaks was more or less an introduction to what it is and it’s not.

As we know in the open-source world “Code Talks”. So with this in mind, the weekend following my last post we had our first hackfest/sprint near Florence. I was sponsored to go and meet some of the key figures behind the project.

When I joined the team it was mostly to work on the python logic and datamodel as well as help on the development of a community of contributors. So we started getting some “cleaner” code (still dirty) done and defining the specs all over to develop a general consensus around technical and conceptual issues at hand.

I managed to convince the guys to host the code on launchpad for reasons I will get to in another post. But gernally it was the best option to actually get code/bugs/blueprints more in sync. (https://launchpad.net/globaleaks)

The sprint helped us kickstart and develop a momentum that we have been maintaining ever since. After the hackfest the spectacular random globaleaks designers donated their time to set up a website presence and some bling bling…

Some of us were present at the ESC 2011 and presented GlobaLeaks. GlobaLeaks live launch – Venice 2011

We will follow a very agile/organic development and it is pretty hecktick until we get things shaped enough so the core hackers are satisfied. The code is easy to jump into since its python and web2py. The code is now available and is by no means out for use in production.

It is merely a concept and we want YOU to help us make it better. We don’t believe in developing such a project behind closed doors. But rather we would have hackers, journalists and others help us make it better.

We plan to have a mini sprint again the weekend from 16-18 of September in Milan. You can join or donate something to help us all meet again.

You will be able to follow the development happening in the community now on our planet (http://planet.globaleaks.org/)

SO NOW PLEASE VISIT THE WEBSITE FOR ALL THE INFO YOU NEED

THEN TRY OUT THE DEMO

—

On a personal note the following are fun facts from the hackfest.

• I am 2 kg heavier (too much pasta and good food)
• Arturo infected me with the terrible “Enter the Ninja – Die Antwoord” song
• I decided to learn italian
• Loving the team

While my opinion might be debatable, I think whistleblowing can help countries all over the world keep an eye out and judge the private companies and government entities that run countries. Also, the whisleblowing process (while protecting the anonymity of the whistleblower) needs to be transparent.

Up untill now there was no open-source platform to do so.

That is until I found out about GlobaLeaks, a group of young talented thinkers, hackers, journalists that are working on a safe, secure, transparent and depyloable whisleblowing platform.
I got in contact with some of them during the Jan 25 revolution. I will be working with them in my freetime, helping them build a developer community. Here is a public message they prepared for me to blog about.

Hey,

I’m writing to tell everyone about a new project that we’ve been hacking on for quite some time. We’re really excited about it and it’s called GlobaLeaks. GlobaLeaks is three things – it is first a project for creating software and for having discussion, it is secondly a collection of software for use by anyone interested in whistleblowing and it is third a collection of best practices for anyone interested in creating a whistleblowing platform.

What we have created is a Free and thus Open Source Whistleblowing platform. While the idea was born out of inspiration from the whole *leaks phenomenon it has developed to become something that focuses mainly on true whisleblowing.

During our research we discovered an incredible ecosystem of whistleblowing organizations and software to support whistleblowers and the rest of that ecosystem. There are people who have been active in this field for more than twenty years and are still active. A long term example is http://www.pcaw.co.uk/ – some of the long time whistleblowing advocates don’t even consider WikiLeaks as whistleblowing. While we believe WikiLeaks is important, we think there is much more to whistleblowing beyond the WikiLeaks model as it is currently known.

We believe in the value of a range of activities and believe that tools such as the GlobaLeaks suite of software will empower people to stand up anonymously while making a change in their local context.
The true power of GlobaLeaks is to be able to impact and enforce change on a very local level, but before I go into doing any more pitching on why GlobaLeaks is so cool let me tell you a bit more about what it is.
Basically it is a web application, running as a Tor Hidden Service (https://www.torproject.org/docs/hidden-services.html.en). The fact that it runs as a Hidden Service protects the location of the server running the software. It also adds a layer of end-to-end encryption and authentication so any client connecting does not need to rely on legacy technology such as SSL/TLS authentication.

Any person running a GlobaLeaks node is called the node maintainer. By running the node as a Hidden Service he also is not required to register any domain names or static ip address because data is being transmitted over the Tor network; because this is a hidden service, there is no concern about Exit Node sniffing – the entire connection is encrypted, authenticated and anonymized. The node maintainer is has their identity protected and they do not need to expose themselves to possible retaliation.
Usually hidden serivices are only accessible from the Tor network, but what we have developed (based on Aaaron Swartz’s Tor2web) is tor2web 2.0 that allows people coming from the normal web to visit hidden services. This means that a hidden service can reach a much wider audience.

A GlobaLeaks node is setup by somebody who has interest in motivating the citizens of that particular context into actively participating towards spotting mispractice and corruption.
Their role will be that of selecting targets responsible for analysing the material that is passed through their node. They will be knowledgable of that particular context so they will know who will be mostly interested in receiving and analysing the data. How they choose the targets is very important. The targets must be as much diversified as possible and with conflicting interests.

For example I will choose a left wing party and a right wing one, a certain labour union and also their opponent. This way their conflict of interest incentivizes targets in providing a more objective analysis of the material (e.x. some will be interested in confirming the facts whereas others will be interested in discrediting them).

A whisleblowers accesses the GL node using a Tor enabled browser to guarantee their anonymity. They upload the material and a notification is sent to the targets with a random time delay to avoid correlation attacks.

The target receives what is called a leank (leak link). This link is unique to their profile and after a certain amount of clicks it expires. They can access it either through Tor or through tor2web.
Leanks, in a later stage of development, will provide a way to have bi-directional communications (messaging) between the leaker and the targets.

The Leaker will be given a sort of Leak-Receipt-ID that allows him to come back and see the status of his submission, the list of people who downloaded it, if there are questions by targets and eventually requests for further information regarding the material.

GL will be delivered as a .exe/.app/.bin self-contained application that can be installed with just a click. The local activist will not require much training to configure and manage it.
Usability and ease of use are paramount. Target selection should be easily done even by a non technical crowd.

So this is basically it. We are currently looking for more developers interested in working on this project. Hopefully this breif description sparked your curiousity and you are interested in
knowing more.

Currently no code has been released publicly . What we have is a very rough prototype that we are quite ashamed of showing you. Yet the view of what globaleaks should be is very solid and are very open to suggestions and participation from all of the Open Source community.

So…
You should subscribe to our mailing list:

http://globaleaks.org/mailman/listinfo/people_globaleaks.org

You can join us on IRC:
irc.oftc.net #globaleaks

And please come and hack with us.

A Random GlobaLeaks Contributor