> > (On that point: does Wikileaks' submission system rely on a Tor hidden > > service, or is there one running that you can use if you jump through > > the right hoops?) > > I believe it's the former, but I'm not certain. Can anyone comment?
According to SpyBlog, the WikiLeaks hidden service has been down since Christmas 2009, except for a brief period during July when a different hidden service was available. I've heard that WikiLeaks also accepts submissions by snail mail, which might be a possibility to bear in mind. > So, I'm imagining a system where the "leak site" receives files from a > source (somehow; we want this to be an anonymous submission process but > it can be treated as a black box), *reviews them and selects documents for > publication*, and then pushes them to a document distribution platform, > which should be syndicated to mirrors to leverage jurisdictional arbitrage > and affect censorship resistance. Could someone target the reviewers after the leak has been published, to get access to an unredacted copy that might identify the submitter? Maybe we should split the role of the leak site into two parts - a redactor, who helps the submitter to anonymise the leak, and who may be able to identify the submitter from metadata etc; and a publisher, who prepares redacted documents for publication, and who can't identify the redactor or the submitter? The task of maintaining anonymity would then be split between two skilled people. But there would need to be a large enough pool of redactors that an investigator couldn't target them all... maybe that's too much to hope for and we should just rely on the submitter and automated tools to do the redaction? > One thought I should mention: on the submission side, it would be very > nice to have a built-in metadata stripper either as part of the submission > process, or as part of the publication process. Agreed, this could be a separate project and would be useful in all kinds of privacy-sensitive situations. Cheers, Michael _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
