The New Yorker Launches 'Strongbox' For Secure Anonymous Leaks 94
Today The New Yorker unveiled a project called Strongbox, which aims to let sources share tips and leaks with the news organization in a secure manner. It makes use of the TOR network and encrypts file uploads with PGP. Once the files are uploaded, they're transferred via thumb-drive to a laptop that isn't connected to the internet, which is erased every time it is powered on and booted with a live CD. The publication won't record any details about your visit, so even a government request to look at their records will fail to find any useful information. "There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards." Strongbox is actually just The New Yorker's version of a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before his death. DeadDrop is free software.
Oh great ... (Score:5, Insightful)
Now they'll decree the press are terrorists and say it's illegal to do this since it prevents 'awful' monitoring.
I think this whole snooping on the reporters thing has them deciding to fight back and send a big "F you".
Can you promise no government hacking? (Score:3, Insightful)
I am not idiot, what about you?
Re:But does it work well in practice? (Score:5, Insightful)
Depends on the COST to figure out the identity. DNA isn't cheap or quickly checked, you have to be worth it.
Scanning a DVD for the burner's serial number probably takes little effort depending on how widespread the tools are. I wasn't aware they burned that info--- they do? I know even CDs have manufacturer info on them but that didn't seem that useful. Then looking that up against a db containing them might also be easy but somehow I doubt the db contains that much info... probably more labor than a DNA check; blueray... that probably has your name burned into it. (sony made them)
Printing on paper? your inkjet is printing the printer's serial number onto the paper- I would think the feds would have that software and anybody with access probably can use it. tracking that down to you is probably much easier than DVDs but still involved.
Flash? well, buy a new one in cash and use it only once. make sure your OS isn't putting hidden files onto it... mount it in a virtual machine just to be safe. you could also find your OS's cache of UUIDs and delete it... but if they are accessing your computer to find if you ever mounted the drive you are in a bad situation already.
TOR might be great but one has to wonder -- the feds could be half the nodes and with enough of them they could detect you. they can use it themselves without concern about this but you on the other hand... could be unlucky. plus as some records have shown, they've found people by tracking when they show up in chat rooms and when they went on TOR matching... then you have all these horrible "cloud" apps today-- even your simple calculator app is connecting to the "cloud" today! all these apps doing "harmless" things in the background online is providing a signature of their own, if not giving out identifiers.
Am I the only one... (Score:5, Insightful)
Re:Am I the only one... (Score:2, Insightful)
I find it encouraging, because it means that people are trying to contact them electronically, which I think is good. They always had to have operational security for getting information from their sources.
Re:Oh great ... (Score:5, Insightful)
Now they'll decree the press are terrorists and say it's illegal to do this since it prevents 'awful' monitoring.
I think this whole snooping on the reporters thing has them deciding to fight back and send a big "F you".
I find it offensive that they needed it to happen to them personally before they did anything about it. This has been a "fact of life" of "Post-9/11" America for over a decade now, and the first the AP reports significantly on snooping is because it happened to them. ...And before that?