Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Open Source The Media Privacy Security

The New Yorker Launches 'Strongbox' For Secure Anonymous Leaks 94

Posted by Soulskill from the sing-like-a-really-safe-canary dept.
Today The New Yorker unveiled a project called Strongbox, which aims to let sources share tips and leaks with the news organization in a secure manner. It makes use of the TOR network and encrypts file uploads with PGP. Once the files are uploaded, they're transferred via thumb-drive to a laptop that isn't connected to the internet, which is erased every time it is powered on and booted with a live CD. The publication won't record any details about your visit, so even a government request to look at their records will fail to find any useful information. "There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards." Strongbox is actually just The New Yorker's version of a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before his death. DeadDrop is free software.
This discussion has been archived. No new comments can be posted.

The New Yorker Launches 'Strongbox' For Secure Anonymous Leaks More

The New Yorker Launches 'Strongbox' For Secure Anonymous Leaks

Comments Filter:

  • But does it work well in practice? (Score:5, Interesting)

    by nweaver ( 113078 ) on Wednesday May 15, 2013 @02:53PM (#43734203) Homepage

    Strongbox technically is very strong, without a doubt. But, being TOR based, it will be hard to use. Worse, a potential leaker not only must use their own computer (ideally a throwaway computer), but they can never have VISITED the Strongbox information page from work, because otherwise any leak to the New Yorker will be suspicious.

    And Strongbox's information page drives Ghostery crazy! Not a good sign for a privacy tool.

    Probably more important is general Operational Security [wired.com], including burner phones and/or burner computers.

    Julia Angwin has an excellent additional point: Physical mail (dropped in a random post-box with a bogus return address) is perhaps the best way for anonymous one-way communication. The USPS will record address information when asked by law enforcement, but (currently) doesn't record this on all mail. Thus there is no history and, even if there was, this can only be traced to the processing post office. Perhaps the best use of the mail is simply to send the reporter a burner phone preprogrammed so that the reporter can call your burner.

  • Based on TOR (Score:2, Interesting)

    by Anonymous Coward on Wednesday May 15, 2013 @02:57PM (#43734229)

    I have the impression that TOR is probably compromised by an assortment of constitution trampling three letter agencies, I just don't get why it keeps getting pushed as some shining beacon of privacy. I have to assume that 1/3 of the exit nodes are the feds fishing, 1/3 are criminals fishing and 1/3 are privacy advocates who somehow don't seem to know about the other 2/3.

    Please educate me if I am wrong.

  • Missing a link? (Score:2, Interesting)

    by interkin3tic ( 1469267 ) on Wednesday May 15, 2013 @03:00PM (#43734257)
    So they put these files on a thumb drive and put it onto this computer which can't be hacked. How are they getting it from the strongbox server to the USB thumb stick? Are the files only decrypted once they're on the super secure laptop?

  • Re:But does it work well in practice? (Score:4, Interesting)

    by Anonymous Coward on Wednesday May 15, 2013 @03:10PM (#43734337)

    Julia Angwin has an excellent additional point: Physical mail (dropped in a random post-box with a bogus return address) is perhaps the best way for anonymous one-way communication. The USPS will record address information when asked by law enforcement, but (currently) doesn't record this on all mail. Thus there is no history and, even if there was, this can only be traced to the processing post office. Perhaps the best use of the mail is simply to send the reporter a burner phone preprogrammed so that the reporter can call your burner.

    All the time making sure not to get seen on CCTV and wearing throw-away gloves and clothes. Also ensure not to leave any DNA on or in the package. Compare that to using a LiveCD with TOR.

    These days the risks of doing something private in the real world are just as hard as on the internet.

  • Re:But does it work well in practice? (Score:4, Interesting)

    by cheekyjohnson ( 1873388 ) on Thursday May 16, 2013 @05:42AM (#43738995)

    But no doubt you think we should not only go back to the Gold Standard, but only use actual gold pieces as currency too.

    What? I said nothing of the sort.

    The problem with this is that it people are assumed to be criminals by default and privacy is sacrificed so we can thwart the evil bogeymen who threaten us so. That's exactly the mindset that allows for people to be molested when they want to get on a plane in the US.

Slashdot Top Deals

"God is a comedian playing to an audience too afraid to laugh." - Voltaire

Close