The New Yorker Launches 'Strongbox' For Secure Anonymous Leaks 94
Today The New Yorker unveiled a project called Strongbox, which aims to let sources share tips and leaks with the news organization in a secure manner. It makes use of the TOR network and encrypts file uploads with PGP. Once the files are uploaded, they're transferred via thumb-drive to a laptop that isn't connected to the internet, which is erased every time it is powered on and booted with a live CD. The publication won't record any details about your visit, so even a government request to look at their records will fail to find any useful information. "There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards." Strongbox is actually just The New Yorker's version of a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before his death. DeadDrop is free software.
Is it in a bunker ? (Score:2, Funny)
Because things are always more secure inside of a bunker.
Re: (Score:3)
"a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before he DroppedDead."
I'm not sure I want to use that, it sounds cursed.
Re:Is it in a bunker ? (Score:5, Funny)
I'm not sure I want to use that, it sounds cursed.
Why, yes, it's black magic; he killed himself so that his fresh code would be imbued with his life force, giving a spirit guardian to the software and thereby making any hacking attempt instantly fatal to government cloak-and-port-mapper types. Fork it on Github right now!
Re: (Score:2)
"a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before he DroppedDead."
There is that. But also, The New Yorker is not really the first publication that comes to mind when I think of imparting secrets to a "news organization".
I mean, what would I send them? The inner secrets of socialites, dilitants, and various beat arteeests?
Re: (Score:3, Funny)
Re: (Score:1)
Who are "dilitants"? Dilettante militants?
I heard that the NRA and ELF were going to start painting and music courses.
Re: (Score:2)
Who are "dilitants"? Dilettante militants?
People with very dilated eyes.
Hope the editors like Ecuador (Score:2)
Wasn't there a guy who tried this once before?
Re: (Score:2)
Wasn't there a guy who tried this once before?
Yes, but he wasn't American and wasn't part of an official news organization.
Of course, their phone records might still get subpoenaed.
Re: (Score:3)
Given the Justice Department's latest actions, subpoenas aren't necessary anymore to troll for information that's not even connected to an active investigation.
They just wiretap and obtain phone records whenever the hell they feel like it now.
Re: (Score:2)
Wasn't there a guy who tried this once before?
The men in black SUVs paid him a visit. Just like they'll pay this guy a visit...
But does it work well in practice? (Score:5, Interesting)
Strongbox technically is very strong, without a doubt. But, being TOR based, it will be hard to use. Worse, a potential leaker not only must use their own computer (ideally a throwaway computer), but they can never have VISITED the Strongbox information page from work, because otherwise any leak to the New Yorker will be suspicious.
And Strongbox's information page drives Ghostery crazy! Not a good sign for a privacy tool.
Probably more important is general Operational Security [wired.com], including burner phones and/or burner computers.
Julia Angwin has an excellent additional point: Physical mail (dropped in a random post-box with a bogus return address) is perhaps the best way for anonymous one-way communication. The USPS will record address information when asked by law enforcement, but (currently) doesn't record this on all mail. Thus there is no history and, even if there was, this can only be traced to the processing post office. Perhaps the best use of the mail is simply to send the reporter a burner phone preprogrammed so that the reporter can call your burner.
Re: (Score:2)
Really? I only got six bugs with Ghostery.
In contrast, I routinely get more than 20 at money.cnn.com.
But you're right. For any "privacy" company to be tracking you with six bugs says a lot about their real concern for privacy.
Re:But does it work well in practice? (Score:4, Interesting)
Julia Angwin has an excellent additional point: Physical mail (dropped in a random post-box with a bogus return address) is perhaps the best way for anonymous one-way communication. The USPS will record address information when asked by law enforcement, but (currently) doesn't record this on all mail. Thus there is no history and, even if there was, this can only be traced to the processing post office. Perhaps the best use of the mail is simply to send the reporter a burner phone preprogrammed so that the reporter can call your burner.
All the time making sure not to get seen on CCTV and wearing throw-away gloves and clothes. Also ensure not to leave any DNA on or in the package. Compare that to using a LiveCD with TOR.
These days the risks of doing something private in the real world are just as hard as on the internet.
Re:But does it work well in practice? (Score:5, Insightful)
Depends on the COST to figure out the identity. DNA isn't cheap or quickly checked, you have to be worth it.
Scanning a DVD for the burner's serial number probably takes little effort depending on how widespread the tools are. I wasn't aware they burned that info--- they do? I know even CDs have manufacturer info on them but that didn't seem that useful. Then looking that up against a db containing them might also be easy but somehow I doubt the db contains that much info... probably more labor than a DNA check; blueray... that probably has your name burned into it. (sony made them)
Printing on paper? your inkjet is printing the printer's serial number onto the paper- I would think the feds would have that software and anybody with access probably can use it. tracking that down to you is probably much easier than DVDs but still involved.
Flash? well, buy a new one in cash and use it only once. make sure your OS isn't putting hidden files onto it... mount it in a virtual machine just to be safe. you could also find your OS's cache of UUIDs and delete it... but if they are accessing your computer to find if you ever mounted the drive you are in a bad situation already.
TOR might be great but one has to wonder -- the feds could be half the nodes and with enough of them they could detect you. they can use it themselves without concern about this but you on the other hand... could be unlucky. plus as some records have shown, they've found people by tracking when they show up in chat rooms and when they went on TOR matching... then you have all these horrible "cloud" apps today-- even your simple calculator app is connecting to the "cloud" today! all these apps doing "harmless" things in the background online is providing a signature of their own, if not giving out identifiers.
Re: (Score:1)
Re: (Score:2)
Just another example of sacrificing freedom and privacy for perceived safety (from counterfeiting, in this case). Even though this has been known about for quite a while now, it still seems just as pathetic.
Re: (Score:2)
Just another example of sacrificing freedom and privacy for perceived safety (from counterfeiting, in this case). Even though this has been known about for quite a while now, it still seems just as pathetic.
No, counterfeiting is a genuine problem, not something made up to stop you from printing out child abuse images anonymously..
But no doubt you think we should not only go back to the Gold Standard, but only use actual gold pieces as currency too.
Re:But does it work well in practice? (Score:4, Interesting)
But no doubt you think we should not only go back to the Gold Standard, but only use actual gold pieces as currency too.
What? I said nothing of the sort.
The problem with this is that it people are assumed to be criminals by default and privacy is sacrificed so we can thwart the evil bogeymen who threaten us so. That's exactly the mindset that allows for people to be molested when they want to get on a plane in the US.
Re: (Score:2)
If we don't go back to the gold system, how do you expect our paper money system to survive if counterfeiting is easy?
I err on the side of freedom, so safety isn't a question for me.
And what does anti-counterfeiting have to do with privacy anyway?
You can't figure out how printing nearly-invisible dots on paper printed from a printer so that the government will more easily be able to catch counterfeiters (and anyone else they feel like harassing) is related to privacy? Really?
Re: (Score:3)
There's an EFF project on identifying the tracking codes. It's mainly done with color laser printouts using yellow dots. If you know what your printer is printing, you could theoretically introduce yellow dot patterns to randomize your serial number and mess up the identification.
http://w2.eff.org/Privacy/printers/docucolor/
Re: (Score:2)
This only seems to be a concern with color printers, but maybe there are greyscale dots?
Re: (Score:2)
You have no idea what's you're talking about. Google Authenticator is a client application and it doesn't even run on Ubuntu. And interpreters are not inherently less secure than compiled binaries, because a binary is itself just code being interpreted by the CPU, as millions of exploits based on modifying and injecting (shell)code show.
Re: (Score:2)
Tor cloaks your requests both by encrypting the HTTP part, and by masking the DNS part. If you access it over tor at work, all anyone will know is that youre using tor.
Re: (Score:2)
Tor cloaks your requests both by encrypting the HTTP part, and by masking the DNS part. If you access it over tor at work, all anyone will know is that youre using tor.
If you lived in a genuine totalitarian state, they'd just use the fact that you used tor at all as evidence that you were an enemy of the state and torture the information out of you.
Re: (Score:2)
2. Throw away computer, try throw away operating system. Its much easier.
tails
https://tails.boum.org/
libertre linux
http://sourceforge.net/projects/liberte/?source=directory
And there are many more, those are just too that automaticly transmit everything in TOR.
Re: (Score:3)
1. Fuck ghostery, its closed source nonsense.
Well, that's a weird response. Ghostery may be closed source, but what it's doing isn't exactly magic. Read the page source and linked javascript yourself. You can find the trackers by hand.
Dismissing the claim of multiple tracking scripts on a privacy-required site because you don't like the tool someone used is a bizarre way to operate.
Re: (Score:2)
ghostery breaks things just like noscript does, and I think noscript gives you more control. Also, it comes down to trust, do you TRUST a closed source app to provide you privacy?
If its free to use, and closed source, its still a commericial, or a wannabe commericial product, which means they have to make money on it somehow. If your not paying for it, how are they making money? Either there its gimped or hobbled in an obnoxio
Re: (Score:2)
The USPS will record address information when asked by law enforcement, but (currently) doesn't record this on all mail.
The federal government is recording and pattern matching email and voice calls. I'm damned sure that they're logging this data at the USPS. If the USPS isn't also logging it, that's goddamned pathetic. My postmaster believes the same stupid shit, though.
Based on TOR (Score:2, Interesting)
I have the impression that TOR is probably compromised by an assortment of constitution trampling three letter agencies, I just don't get why it keeps getting pushed as some shining beacon of privacy. I have to assume that 1/3 of the exit nodes are the feds fishing, 1/3 are criminals fishing and 1/3 are privacy advocates who somehow don't seem to know about the other 2/3.
Please educate me if I am wrong.
Re: (Score:2, Redundant)
If the 3-letter agency is not one who cares about your activity in particular, then what do you care?
Re: (Score:2)
Those numbskulls couldn't catch a terrorist even after twice being warned by Russia and then interviewing him. The chances that they can actually intercept and make sense out of an encrypted upload about some issue that they probably don't even care about are about zero.
Re: (Score:2)
Re: (Score:2)
I have the impression that humanity is probably compromised by an assortment of constitution trampling three letter agencies, I just don't get why it keeps getting pushed as some shining beacon of goodness. I have to assume that 1/3 of the people are the feds fishing, 1/3 are criminals fishing and 1/3 are privacy advocates who somehow don't seem to know about the other 2/3.
Please educate me if I am wrong.
Re: (Score:2)
I just don't get why it keeps getting pushed as some shining beacon of goodness.
I don't think anyone with a brain does that.
Missing a link? (Score:2, Interesting)
Re:Missing a link? (Score:4, Funny)
Read TFA, the answer is inthere waiting for you. I won't spoil the ending for you.
Oh great ... (Score:5, Insightful)
Now they'll decree the press are terrorists and say it's illegal to do this since it prevents 'awful' monitoring.
I think this whole snooping on the reporters thing has them deciding to fight back and send a big "F you".
Re:Oh great ... (Score:4, Informative)
I think this whole snooping on the reporters thing has them deciding to fight back and send a big "F you".
Double plus good on this then. The media has been too damn cozy with both corporations and governments for a while now. Their relationship should be adversarial rather than cooperative.
Re:Oh great ... (Score:5, Insightful)
Now they'll decree the press are terrorists and say it's illegal to do this since it prevents 'awful' monitoring.
I think this whole snooping on the reporters thing has them deciding to fight back and send a big "F you".
I find it offensive that they needed it to happen to them personally before they did anything about it. This has been a "fact of life" of "Post-9/11" America for over a decade now, and the first the AP reports significantly on snooping is because it happened to them. ...And before that?
Re: (Score:2)
It's human nature to say, "It won't happen to me," until it does. Nearly everything bad in the world would be prevented if we could simply stamp out that part of human nature.
Re: (Score:2)
Human nature means that the vast majority of humans act that way. I complain whether things happen to me or not, too, but folks like us are in the minority.
Re: (Score:2)
Now they'll decree the press are terrorists and say it's illegal to do this since it prevents 'awful' monitoring.
How about 'quite good' or even 'excellent' monitoring?
Can you promise no government hacking? (Score:3, Insightful)
I am not idiot, what about you?
Re: (Score:1)
AP is a consolidated semi-monopoly run by entrenched moneyed interests. It's already compromised. They just pedal vapid, per-massaged news bites to other "news" agencies that essentially act as resellers.
The phone record "scandal" is just a case of someone stepping on someone else's turf.
Re: (Score:2)
You must be living in cave, because literary *everybody* talking about it last 2 days. Check news.google.com for example.
Re: (Score:2)
AP guys weren't hacked or eavesdropped. State Department secretly required massive amount of call logs (who whom called in what time and how long) in seemingly fishing expedition. Heck, it had even legal oversight and it was properly done. Problem is, there's unwritten rule that you request such information only as last resort - and you inform subject media after the fact.
As for hacking - it really depends how good they tweak this system. If it's really separated and rebooted from live usb/cd-rom, then it's
Obligatory Al Gore "Lock Box" Reference (Score:4, Funny)
Obligatory Al Gore "Lock Box" Reference:
http://www.youtube.com/watch?v=F9pqmW-D14I&t=1m39s [youtube.com]
Re: (Score:2)
My impression from the summary (no, I didn't RTFA) is that the laptop is erased by power cycling its RAM, and the hard drive you are wondering about was erased by being removed from the machine last month and never used again.
Booting from a live CD and pulling data from a thumb drive to read it, there is no need for a hard drive whatsoever. Only RAM and processor registers ever see the data, and nothing usable is retained from them.
Now, how they secure that thumb drive, however, is a mystery solved presuma
Re: (Score:1)
My impression from the summary (no, I didn't RTFA) is that the laptop is erased by power cycling its RAM, and the hard drive you are wondering about was erased by being removed from the machine last month and never used again.
Booting from a live CD and pulling data from a thumb drive to read it, there is no need for a hard drive whatsoever. Only RAM and processor registers ever see the data, and nothing usable is retained from them.
Now, how they secure that thumb drive, however, is a mystery solved presumably by reading the article, which I won't.
A live CD makes a lot of sense for any banking. We should all have one in our laptops for financial transactions. A USB key could be used for something like password safe.
There are unique bits in laptop hardware like the MAC address that can be squashed from software prior to connecting.
One additional trick is to connect via a USB wifi dongel that can act a lot like a burner phone...
Re: (Score:2)
Not really. 99% of people won't be willing to reboot just to go to a bank website. And even if they were, a suitably compromised BIOS/EFI could render the additional security worthless.
Re: (Score:1)
Not really. 99% of people won't be willing to reboot just to go to a bank website. And even if they were, a suitably compromised BIOS/EFI could render the additional security worthless.
At which point nothing can be considered reliable. A read only CD/DVD has one advantage in that it cannot be written on. A compromised BIOS/EFI that contains enough functionality to be a problem would be an interesting bit of code. Virtualization however opens some very big buckets of worms.
Eat your own medicine NYT (Score:1)
Put your telephones inside this StrongBox and how it works for you.
Comment removed (Score:3)
Re: (Score:2)
I share your skepticism, and I'm waiting for someone with enough clout to bust them at their game.
Maybe it's an honest effort, but with a site specifically designed for juicy info, "selling out the source" is all the rage these days, whether it's in fact the paper or if they F*k it up and Anonymous does it for them.
Am I the only one... (Score:5, Insightful)
Re: (Score:1)
They're not ignoring it.
They made rules to get around it. In the name of 'security'.
You're right. They're not ignoring it, they're wiping their ass with it.
Re: (Score:1)
Personally I am tired of seeing and hearing, "According to an annonymous government source" or "According to a source who was not authorized to comment on this matter" or other such BS. Why, because when you do not know the source of a supposed story or information, you can just as easily assume that they just made this shit up for ratings or to push and agenda. If something is classified, and you think it is really so important to leak that information, then grow a set and take credit for making the information public.
You kind of lose credibility by posting this as an AC.
Re: (Score:2)
We will implement a police state in the name of safety, only to find that it did not provide us that. By then, we won't be able to undo it peacefully.
Re: (Score:2, Insightful)
I find it encouraging, because it means that people are trying to contact them electronically, which I think is good. They always had to have operational security for getting information from their sources.
Until Congress decides otherwise (Score:2)
They Screwed It Up (Score:5, Informative)
Good intentions, but it appears that they have no idea what they're doing.
The New Yorker's Strongbox page says it won't record IP addresses or track you or set cookies - while it's setting cookies for newyorker.com, crwdcntrl.net, demdex.net, and omtrdc.net. If they want people who care about this stuff to take their commitment to anonymity seriously, they can't embed tags in their Strongbox main page that causes browsers to go do GETs on other domains' URLs because that reveals the visit to Strongbox to those third parties.
Now all the FBI has to do is subpeona Adobe's AudienceManager's web logs. Advice to journalists with good intentions: Do this right or don't do it at all.
Now, even if I knew anything, I could never submit it to Strongbox because the New Yorker has already compromised my anonymity to those third parties.
Since the New Yorker's iOS app... (Score:2)
it's a phish net (Score:3)
care of the PhBI.
Erased when it's powered ON!? (Score:2)
... a laptop that isn't connected to the internet, which is erased every time it is powered on ...
I hope it's erased every time it's powered OFF, as well. (That way nobody can seize it while it's off and sniff the disk.)
Note the "as well". You still want to erase it on the way back up, just in case the power failed before the shutting-down erase is complete.