On Wed, 22 Dec 2010, Michael Rogers wrote: > Hi Len, > > Maybe one question we should consider is whether a leaks clearinghouse > needs to look like a website at all. From the little I've read about > OpenLeaks - and if anyone knows better, please correct me - it sounds > like they're not planning to publish documents, as WikiLeaks does; > rather, they're planning to build some kind of infrastructure for > whistleblowers to communicate anonymously with journalists, to negotiate > time-limited exclusive access to documents in return for help with > preparing and publishing them.
Yep, that's my understanding of OpenLeaks. We still have to consider the publication, since most of the other inspired sites are planning to, or are already, providing hosting, but I think "accepting leaked documents", "curating/distributing leaked documents to the press", and "hosting leaked documents for the public" are three distinct tasks; we should be able to design them individually and then compose them as needed for a specific site's needs (which implies an intuitive break for the API, on the engineering side.) > If we consider that kind of model rather than robust hosting, I guess > the issues would include: > * How do whistleblowers and journalists securely obtain the client software? Ideally the client could be done in HTML5/Javascript and work over the web; WebSockets might make this a lot easier than it would otherwise be. For the initial design, though, let's abstract that problem. > * What kind of architecture does the anonymising network have? Can it be > monitored end-to-end? Can it be DoSed? Also, "what are the capabilities of the adversary?" > * Who contributes resources to the network? Do they need to be > trustworthy, or can it be an open system? > * Can attackers fill the system with fake whistleblowers to make it > annoying for journalists to use? > * Can attackers fill the system with fake journalists to make it > annoying/dangerous for whistleblowers to use? > * What's the legal status of such a system? Can it enjoy the protections > given to journalists if it's seen as "just a tool"? This is a great list; we should probably be keeping this in a form that can be collaboratively edited. --Len. _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
