Il 6/23/13 2:53 PM, Jens Christian Hillerup ha scritto:
Quickly noting that I'm not affiliated with AdLeaks, just passing on
the information.
On Sun, Jun 23, 2013 at 1:56 PM, Andrea St <and...@gmail.com
<mailto:and...@gmail.com>> wrote:
it sounds different from globaleaks project. Am i right?
Yes. GlobaLeaks seeks to establish an open-source version of the
submission system of Wikileaks such that any and everyone can make
their own leaks site. The core development team of GlobaLeaks is also
on this list, so I'll let them describe it further.
GlobaLeaks mission is to be a framework with support for different
digital whistleblowing workflow and security threat model.
The AdLeaks concept is very cool (http://arxiv.org/abs/1301.6263), even
if it appear to me very difficult to be deployed and used in a real
world scenario:
See 6.1 (submission duration), it would keep the whistleblower 21 days
to upload a single 2MB file.
Passive traffic analysis with correlation of timing/size/destination is
*extremely difficult and unlikely* to be easy to be protected without
"awareness and actions of the whistleblower" (like using an open wifi,
an internet caffè, using Tor from another persons communication line, etc) .
For a whistleblowing project we're working on, we are going to develop a
Widget to support covert-traffic generation:
https://github.com/globaleaks/GlobaLeaks/issues/263
This will work with inclusion into the websites of all the partners's
website of this whistleblowing inititives.
This "does not guarantee protection to the whistleblower" doing submission.
Our widget for covert-traffic is specifically designed only to provide
some "additional aid" in some specific case we've discussed (and that
should be better documented in TM).
It help for Whistleblowers that access a submission site from their
corporate/governmental networks, trough proxy servers that save detailed
access logs. In context where Whistleblowers are prevented from doing a
submission (because hind a proxy) but can access it.
In such context the WB will leave trace that maybe interpreted like "he
intended to do a submission, but then he haven't done" .
If in the Enterprise/Government organization's proxy logs, there are
traces of thousands of users connecting to the submission interface (due
to the Widget being embedded in third party popular websites), there
will not be a single, incriminating "log entry" generated by the
unaware/unconscious whistleblower, but thousands of them making slightly
more difficult the analysis.
Supporting covert-traffic generation it's something that "help", but
doesn't fix the real problem that i think *require* Whistleblower awareness.
Anyhow i'm excited to meet at OHM2013 the AdLeaks team and do a
brainstorming on it! :)
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
