Source: School of Privacy
Interview with GlobalLeaks – The Open Source Whistleblowing Platform
In today’s current state, people are taking notice of the problem of mass surveillance, oppression of freedom of speech and the harassment and detaining of investigative journalists who wish to expose the corrupt, oppressive and to put it bluntly, evil of the world. This has been a problem for many years, but it has become a reality and has hit home once leakers started popping up left and right. There has been many leakers or whistleblowers as you wish, but none have been able to push the thought that no ones information is safe until Edward Snowden had blown the whistle on the NSA, his former employer.
Long story short, many journalists from around the world have been targeted for speaking up against what they feel is wrong. The governments or regimes have gotten a hold of these journalists simply because there was no way for them to release their information they have obtained in a safe and anonymous matter, until groups like WikiLeaks came about, and some others. Luckily there are more people aware of this problem, and more people willing to do something about it, in comes GlobaLeaks, an open source project aimed at creating a worldwide, anonymous, censorship-resistant, distributed whistleblowing platform.
We were intrigued by this service and somewhat annoyed that not every investigative journalist utilizes this. We hope that after this
article more people will want to utilize this and take their privacy more seriously. We decided to email them some questions for our readers to gain some more knowledge of this platform and to help spread the word. WE OWN our privacy and we should treat it as it is our prized possession and we will protect it at any cost. On to the interview, we hope we asked enough questions and we hope you find this helpful. Enjoy
I want to take this time to thank you for what you do, as a long time activist and independent journalist, your project is well appreciated and we recognize the need for your service and we hope that after this more people will utilize your service.
Now that we got that out of the way, we want to ask you some questions about your service while respecting your privacy as much as possible, as that is what we are all about.
1. What sparked the idea for this project? We know there is an agenda to shut down all of the journos who wish to speak the truth and report the truth, but what event actually sparked that thought where you decided “THIS IS IT! Something must be done…”?
Well.. in fact the project started in 2010 from a a strange idea by our president, that strongly supported it, and continued to speak about it till someone of our current GlobaLeaks project start to think that was really a good idea and that can work. Of course, the Wikileaks events helped a lot to judge it really necessary too.
2. In your opinion, what is the current state on peoples privacy as of today?
Privacy as an overall right is dead, first because so many Facebook-addicted people exist that like to give away their own privacy, and with “likes” and “tagging” also the privacy of others. NSA Datagate comes second.
3. How has GlobaLeaks, your service, changed the way true journalists work today?
Just started to change it. Investigative journalists immediately understood the GlobaLeak model power, but in fact all journalist can use it, in a way or another, to empower their sources and themselves. They need just to have the time to understand how much their work needs to change.
4. Without releasing too many details, what is the rough estimate of journos that you have helped so far?
We did not help them, we empowered them. Counting also the aggregates like Publeaks maybe forty is a good figure
5. When we entered your services demo (http://demo.globaleaks.org/#/), we noticed a box popped up notifying us that we were in danger for not using Tor at the moment, now as alarmed as I was, I was also quite fascinated by the way your website shows the danger of not being protected. Good job by the way. Anyhow, in order to achieve such an alarm, one would assume you need to be able to view a persons IP in order to be aware if they are using Tor or not. Does this script log in any way? If Yes, why? If no, then next question.
We do more than tell you’re in danger if not using Tor; we allow you to go further only after answering a quiz that you can pass only if you understood to some extent the issue. We simply check if the IP is the one to a Tor nodes or not. Nothing is logged. Not logging anything is a protection first for us and for the GlobaLeaks node owner.
6. GlobaLeaks is a platform, which means it is coded and ran by your team. How does the information get fro one party to the next? In other words, how does a journo utilize you to get their information out? (you can be as discreet as you wish, we understand this question may not be 100% safe for you to answer)
Totally safe to answer. We didn’t ask anyone to run GlobaLeaks nodes, nor we install it for others, nor we operate it.
We just write the GlobaLeaks software, a specialized privacy-oriented open source software with installation and help documentation.
As any other software project, we can answer to user questions, or fix bugs that people that install or run the Globaleaks nodes by themselves tell to us.
We didn’t participate, we not participate and we will never participate to node management or any leaks management. This separated roles model is our strength and our protection.
7. You decided to go the open source route, which to us is GREAT as we fully support the open source movement, BUT do you think that this move will help someone with bad intentions learn how to get around your platform?
As all cryptologist, we first think that this will allow other to help us improve the platform, like Pgp, Gnupg and Tor demonstrated before us.
8. What kinds of tools do you offer your users? Is it the normal Tor with some Text Editors, or have you guys created a more targeted list of tools for this specific purpose?
We strongly suggest to use a TAILS CDrom to connect to Globaleaks. Tails is a GNU/Linux, fully Torified live CD that does not allow the user to make mistakes installing Tor and that does not leave any trace on the PC that is used.
9. Is the information, databases, and anything else that is or can be obtained by servers, encrypted? How safe will your users be when utilizing your platform?
GlobaLeaks nodes do not store anything permanently, also the leaked files are deleted as soon as possible.
10. Server side security and privacy is extremely important, but many people do not understand how important it is to utilize client side security. What do you suggest your users do before they hop on your service? We understand this can be a very long answer, a short summary would be OK.
Really short summary – https://tails.boum.org/
11. Is your platform only for investigative journalists? If not, then who else can utilize this platform?
A NYSE-quoted company that needs to obey the Sarbanes-Oxley bill to remain there, for example. They need to implement an internal anonymous mispractice and unlawful fact complaint system.
12. Have GlobaLeaks been harassed by any Law Enforcement, or received any threats since this platform has launched?
13. What advice would you give to someone who is frightened by mass surveillance or too frightened to speak up about injustices or corruption?
Are you kidding? That he or she can Google around and read about Gnupg, Tor, Tails and GlobaLeaks and understand what is needed.
14. Is there any plan for any other platform in the future? Or possibly expanding this platform?
We are writing an app extension and multimedia support, and work on a Tor2Web proxy software to facilitate first steps towards some more privacy for wannabe Tor users.
15. Honestly speaking, on a scale from 1-10, how safe would you say your platform is? And what improvements would you like to see done in the near future?
Conceptually 100%. As implementation, who knows? We implement formal process, design documentation, periodic project meetings, external reviews and penetration tests. For sure we want to play at the same level of Tor, Pgp and the like. The only problem is that we are younger, so as any young software, we’re still fixing first releases bugs.
That is all the questions we have for you today, much appreciated for this interview, and again thank you for your contribution to a more private and secure society.
Thanks, HTH (hope this helps). And your writings will help a lot too.
Thank you to GlobalLeaks for giving us the time to ask them some questions and their honesty, and all of their hard work. We hope you found this interview enlightening, and we hope investigative journalists out there understand they do not have to be scared of speaking the truth, there is a platform out there they can utilize to get the word out. Be safe, Be secure, and remember Security and Privacy starts with you. Take security and your privacy serious and you will find comfort where comfort is hard to find.