SlideShare uma empresa Scribd logo

GloabLeaks ESC2011

Arturo Filastò
Arturo Filastò

Why does GlobaLeaks exists? How does it work? Who will use it? How can you hack on it? Join GlobaLeaks! # ./startglobaleaks

TecnologiaNotícias e política
1 de 44
Baixar para ler offline
GlobaLeaks The Open Whistleblowing Framework Sunday, September 4, 2011
Agenda • Why does GlobaLeaks exists? • How does it work? • Who will use it? • How can you hack on it? Join GlobaLeaks! • # ./startglobaleaks Sunday, September 4, 2011
ARG*: GlobaLeaks Organization • There is no hierarchy of power • No Official Role • Every member of GlobaLeaks is A Random GlobaLeaks Contributor|Developer| Spokesperson|Advocate Sunday, September 4, 2011
Why does GlobaLeaks exists Why we want to change the world into a better place Sunday, September 4, 2011
Motivations • We wish to make this world a better place • We strive to increase transparency and accountability in our society Sunday, September 4, 2011
Existing Solutions • The existing software lacked basic privacy- aware (anonymity) and security features (encryption). • Existing projects are less open that they want to make people believe. • Only commercial software or outsourced WhistleBlowing services Sunday, September 4, 2011
Research on WB • We started a research a research on Whistleblowing on Dec 2010 https://leakdirectory.org SHA Fingerprint: 2F 78 1A E7 34 32 44 35 1D 68 6A DE B7 83 58 F6 11 41 BC E0 Sunday, September 4, 2011
The WB ecosystem Sunday, September 4, 2011
So what’s Whistleblowing? • A whistleblower is somebody that informs of illicit activity. • Activates citizens in their own local politics • Activate people in their global view Sunday, September 4, 2011
Active citizenship “... which of two common types of character, for the general good of humanity, it is most desirable should predominate — the active, or the passive type; that which struggles against evils, or that which endures them; that which bends to circumstances, or that which endeavours to make circumstances bend to itself.” John Stuart Mill, "Representative Government" (1869) Sunday, September 4, 2011
Transparency and Accountability • People should start demanding transparency and enforcing it with GlobaLeaks. • Corporations and governments will understand the need to be more transparent Sunday, September 4, 2011
How GlobaLeaks works How we plan to change the World Sunday, September 4, 2011
The actors involved in GlobaLeaks • The Whistleblower • The Targets • The Node Administrator Sunday, September 4, 2011
Whistleblower • An Active citizen that is aware of some malpractice and wrongdoing • She/He will notify the GL node of such information Sunday, September 4, 2011
Targets • She/He is the person responsible for analyzing the material • No consent • Diversified actors as incentive Sunday, September 4, 2011
Node Administrator • The person running GlobaLeaks software • Choose the target list • Choose the goals and objective of ther activities • Behave depending on the context and goals Sunday, September 4, 2011
Interaction Audience WhistleBlower Submission Output pre NGO ss download Node Administrator Targets node • the node administrator notification select a list of targets • A Tulip is created Sunday, September 4, 2011
Notification (TULIP) • Temporary Unique Link Information Provider • The means of communications between the target and WhistleBlower Sunday, September 4, 2011
TULIP • Expires after a fixed amount of downloads and time • Is unique to every target/material • The data can be stored inside a flexible and configurable container (see local storage, FTP, Dropbox,Tahoe-LAFS, etc.) Sunday, September 4, 2011
TULIP notification • Flexible and expandable notification system • email, twitter, facebook, SCP, ticketing system Sunday, September 4, 2011
TULIP receipt Sunday, September 4, 2011
GlobaLeaks anonymity • Tor Hidden Services for pubblishing • Protection of WhistleBlower and Node maintainer • Tor client for notifications Sunday, September 4, 2011
GlobaLeaks security • Authentication • TULIP based authentication • optional password • Encryption (optional) • ZIP AES, PGP container • Applies to data and notification • Security • optional metadata cleanup facilities (MAT) Sunday, September 4, 2011
Target - Whistleblower interaction • Send and receive comments • WhistleBlower is able to upload more material regarding a submission • Secure JS based chat system? Sunday, September 4, 2011
Who will use GlobaLeaks Different ways of using GlobaLeaks... ...The Swiss Army Knife of Whistleblowing Sunday, September 4, 2011
Media • Media outlets, Magazine and Journalism associations can setup a WB interface • Collects Anonymous report by default • Two real world use cases Sunday, September 4, 2011
Transparency Activism (1) • NGO and informal activism organisations • They will promote the GL node • They will only promote the GL node and others will analyze the data • Advocacy on the importance of Transparency and accountability • Corruption spotting Sunday, September 4, 2011
Transparency Activism (II) • Break the three monkey principle Sunday, September 4, 2011
Private Corporations • Important tool to be integrated within the corporate organizational model • Typically managed by internal audit • Accountability mandated by the law • Sarbanes-Oxley Act (USA) • Dlgs 231 (Italy) Sunday, September 4, 2011
Public Agencies • Internal and external public WB services • USA IRS, US SEC, EU Antitrust • Involve citizens into spotting tax evasion, market manipulation, corruption, malpractice in health and environment Sunday, September 4, 2011
Ways to publish a GlobaLeaks Site Different ways of bringing online a GlobaLeaks site depending on how you want to use it Sunday, September 4, 2011
Pure Hidden Service • Pros • Submission is highly secure. • Does not rely on legacy technologies such as SSL. • DDOS protected. • Location of every network entity protected. • Requires to setup only one device. • Cons • Submitters must use a Tor client. Sunday, September 4, 2011
Hybrid: HS + tor2web • Pros • Location of the backend storage server protected. • Backend DDOS protected. • Does not require clients to install any software except a browser. • Cons • Relies on legacy technology such as SSL. • The tor2web node can be targeted by a DDOS or SSL man in the middle. Sunday, September 4, 2011
Web only solution • Pros • Does not require clients to install any software except a browser. • Requires to setup only one device. • Cons • Relies on legacy technology such as SSL. • The location of the server is disclosed. • It can be targeted by DDOS attacks and MITM. • One single point of failure. Sunday, September 4, 2011
WTF!? ... Or, how will we change the world. Sunday, September 4, 2011
The Tulip movement • The WB gives TULIPs out to targets • This is a gift to humanity • TULIP is also used as an acronym in Calvinism • Flower power leads to open and transparent society. Sunday, September 4, 2011
How can you hack on it ? Practical way to start hacking on GlobaLeaks, have lots of fun, drink lots of wine and taste good Italian food Sunday, September 4, 2011
Launchpad and Bazaar • Seif, hellais bitch, recommended it, but it’s a bit of PITA. • send him emails for help on bzr (seif@globaleaks.org) • Install bazaar, is the versioning system • register your user in http://lauchpad.net • we’re http://launchpad.net/globaleaks • check the blueprints: https://blueprints.launchpad.net/globaleaks Sunday, September 4, 2011
Technologies • Python • web2py (http:///web2py.org/book) • MVC model • Secure by default against web attacks • Object Oriented Sunday, September 4, 2011
Delivery • Self contained .exe • Self contained .app • Drag and drop install experience • Even non techie people will run it. Sunday, September 4, 2011
and now... Sunday, September 4, 2011
brace yourselves. Sunday, September 4, 2011
# ./startglobaleaks Sunday, September 4, 2011
Questions? Sunday, September 4, 2011

Recomendados

Tor2web ESC2011
Tor2web ESC2011Tor2web ESC2011
Tor2web ESC2011
Arturo Filastò
 
The Easy Way - Plone Conference 2011
The Easy Way - Plone Conference 2011The Easy Way - Plone Conference 2011
The Easy Way - Plone Conference 2011
Mikko Ohtamaa
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
Ammar WK
 
Mozilla & Connected Devices
Mozilla & Connected DevicesMozilla & Connected Devices
Mozilla & Connected Devices
Robert 'Bob' Reyes
 
LCA14: LCA14-110: FLOSS Training
LCA14: LCA14-110: FLOSS TrainingLCA14: LCA14-110: FLOSS Training
LCA14: LCA14-110: FLOSS Training
Linaro
 
AIIM Ottawa Sept 8 2011 Agenda
AIIM Ottawa Sept 8 2011 Agenda AIIM Ottawa Sept 8 2011 Agenda
AIIM Ottawa Sept 8 2011 Agenda
Cheryl McKinnon
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
antitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
antitree
 

Recomendados

Tor2web ESC2011
Tor2web ESC2011Tor2web ESC2011
Tor2web ESC2011
Arturo Filastò
 
The Easy Way - Plone Conference 2011
The Easy Way - Plone Conference 2011The Easy Way - Plone Conference 2011
The Easy Way - Plone Conference 2011
Mikko Ohtamaa
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
Ammar WK
 
Mozilla & Connected Devices
Mozilla & Connected DevicesMozilla & Connected Devices
Mozilla & Connected Devices
Robert 'Bob' Reyes
 
LCA14: LCA14-110: FLOSS Training
LCA14: LCA14-110: FLOSS TrainingLCA14: LCA14-110: FLOSS Training
LCA14: LCA14-110: FLOSS Training
Linaro
 
AIIM Ottawa Sept 8 2011 Agenda
AIIM Ottawa Sept 8 2011 Agenda AIIM Ottawa Sept 8 2011 Agenda
AIIM Ottawa Sept 8 2011 Agenda
Cheryl McKinnon
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
antitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
antitree
 
Censorship Detection Techniques
Censorship Detection TechniquesCensorship Detection Techniques
Censorship Detection Techniques
Arturo Filastò
 
Community management
Community managementCommunity management
Community management
Paul Bradshaw
 
Fred Spencer: Designing a Great UI
Fred Spencer: Designing a Great UIFred Spencer: Designing a Great UI
Fred Spencer: Designing a Great UI
Axway Appcelerator
 
Education 2.3 m erwin
Education 2.3 m erwinEducation 2.3 m erwin
Education 2.3 m erwin
Erwin Huang
 
Silicon beach d01
Silicon beach d01Silicon beach d01
Silicon beach d01
Made by Many
 
Social Media Evolved
Social Media EvolvedSocial Media Evolved
Social Media Evolved
The Media Kitchen
 
Localbysocial sunderland
Localbysocial sunderlandLocalbysocial sunderland
Localbysocial sunderland
localgovuk
 
Localbysocial North East
Localbysocial North EastLocalbysocial North East
Localbysocial North East
Ingrid Koehler
 
Mobile devices and audio for expanding boundaries of learning
Mobile devices and audio for expanding boundaries of learningMobile devices and audio for expanding boundaries of learning
Mobile devices and audio for expanding boundaries of learning
Julia Leong
 
102611 justice and journalism
102611 justice and journalism102611 justice and journalism
102611 justice and journalism
Val Hoeppner
 
Data Driven Innovation
Data Driven InnovationData Driven Innovation
Data Driven Innovation
ideas.org
 
Data Driven Innovation
Data Driven InnovationData Driven Innovation
Data Driven Innovation
Simon Grice
 
Open source jura CBS (03 11-2010)
Open source jura CBS (03 11-2010)Open source jura CBS (03 11-2010)
Open source jura CBS (03 11-2010)
Martin von Haller Groenbaek
 
SCPRSA 2011 Annual Conference Prensentation
SCPRSA 2011 Annual Conference PrensentationSCPRSA 2011 Annual Conference Prensentation
SCPRSA 2011 Annual Conference Prensentation
Bobby Rettew
 
Thesis_Presentation5 Social Module
Thesis_Presentation5 Social ModuleThesis_Presentation5 Social Module
Thesis_Presentation5 Social Module
Oylum Boran
 
Fundraising & New Media - Jonathan Marks
Fundraising & New Media - Jonathan MarksFundraising & New Media - Jonathan Marks
Fundraising & New Media - Jonathan Marks
dianakaekebeke
 
Pres e safety-yd
Pres e safety-ydPres e safety-yd
Pres e safety-yd
Torbjørn D. Moe
 
Anyone can research: guerilla user research tips for design and development -...
Anyone can research: guerilla user research tips for design and development -...Anyone can research: guerilla user research tips for design and development -...
Anyone can research: guerilla user research tips for design and development -...
Girl Geek Dinners Milano
 
How to Podcast Your Passion
How to Podcast Your PassionHow to Podcast Your Passion
How to Podcast Your Passion
Heidi Miller
 
Mobile communities and innovation
Mobile communities and innovationMobile communities and innovation
Mobile communities and innovation
Victor Miclovich
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
 

Mais conteúdo relacionado

Semelhante a GloabLeaks ESC2011

Community management
Community managementCommunity management
Community management
Paul Bradshaw
 
Fred Spencer: Designing a Great UI
Fred Spencer: Designing a Great UIFred Spencer: Designing a Great UI
Fred Spencer: Designing a Great UI
Axway Appcelerator
 
Education 2.3 m erwin
Education 2.3 m erwinEducation 2.3 m erwin
Education 2.3 m erwin
Erwin Huang
 
102611 justice and journalism
102611 justice and journalism102611 justice and journalism
102611 justice and journalism
Val Hoeppner
 
SCPRSA 2011 Annual Conference Prensentation
SCPRSA 2011 Annual Conference PrensentationSCPRSA 2011 Annual Conference Prensentation
SCPRSA 2011 Annual Conference Prensentation
Bobby Rettew
 
Thesis_Presentation5 Social Module
Thesis_Presentation5 Social ModuleThesis_Presentation5 Social Module
Thesis_Presentation5 Social Module
Oylum Boran
 
Fundraising & New Media - Jonathan Marks
Fundraising & New Media - Jonathan MarksFundraising & New Media - Jonathan Marks
Fundraising & New Media - Jonathan Marks
dianakaekebeke
 
Anyone can research: guerilla user research tips for design and development -...
Anyone can research: guerilla user research tips for design and development -...Anyone can research: guerilla user research tips for design and development -...
Anyone can research: guerilla user research tips for design and development -...
Girl Geek Dinners Milano
 

Semelhante a GloabLeaks ESC2011 (20)

Censorship Detection Techniques
Censorship Detection TechniquesCensorship Detection Techniques
Censorship Detection Techniques
 
Community management
Community managementCommunity management
Community management
 
Fred Spencer: Designing a Great UI
Fred Spencer: Designing a Great UIFred Spencer: Designing a Great UI
Fred Spencer: Designing a Great UI
 
Education 2.3 m erwin
Education 2.3 m erwinEducation 2.3 m erwin
Education 2.3 m erwin
 
Silicon beach d01
Silicon beach d01Silicon beach d01
Silicon beach d01
 
Social Media Evolved
Social Media EvolvedSocial Media Evolved
Social Media Evolved
 
Localbysocial sunderland
Localbysocial sunderlandLocalbysocial sunderland
Localbysocial sunderland
 
Localbysocial North East
Localbysocial North EastLocalbysocial North East
Localbysocial North East
 
Mobile devices and audio for expanding boundaries of learning
Mobile devices and audio for expanding boundaries of learningMobile devices and audio for expanding boundaries of learning
Mobile devices and audio for expanding boundaries of learning
 
102611 justice and journalism
102611 justice and journalism102611 justice and journalism
102611 justice and journalism
 
Data Driven Innovation
Data Driven InnovationData Driven Innovation
Data Driven Innovation
 
Data Driven Innovation
Data Driven InnovationData Driven Innovation
Data Driven Innovation
 
Open source jura CBS (03 11-2010)
Open source jura CBS (03 11-2010)Open source jura CBS (03 11-2010)
Open source jura CBS (03 11-2010)
 
SCPRSA 2011 Annual Conference Prensentation
SCPRSA 2011 Annual Conference PrensentationSCPRSA 2011 Annual Conference Prensentation
SCPRSA 2011 Annual Conference Prensentation
 
Thesis_Presentation5 Social Module
Thesis_Presentation5 Social ModuleThesis_Presentation5 Social Module
Thesis_Presentation5 Social Module
 
Fundraising & New Media - Jonathan Marks
Fundraising & New Media - Jonathan MarksFundraising & New Media - Jonathan Marks
Fundraising & New Media - Jonathan Marks
 
Pres e safety-yd
Pres e safety-ydPres e safety-yd
Pres e safety-yd
 
Anyone can research: guerilla user research tips for design and development -...
Anyone can research: guerilla user research tips for design and development -...Anyone can research: guerilla user research tips for design and development -...
Anyone can research: guerilla user research tips for design and development -...
 
How to Podcast Your Passion
How to Podcast Your PassionHow to Podcast Your Passion
How to Podcast Your Passion
 
Mobile communities and innovation
Mobile communities and innovationMobile communities and innovation
Mobile communities and innovation
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Último (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

GloabLeaks ESC2011

  • 1. GlobaLeaks The Open Whistleblowing Framework Sunday, September 4, 2011
  • 2. Agenda • Why does GlobaLeaks exists? • How does it work? • Who will use it? • How can you hack on it? Join GlobaLeaks! • # ./startglobaleaks Sunday, September 4, 2011
  • 3. ARG*: GlobaLeaks Organization • There is no hierarchy of power • No Official Role • Every member of GlobaLeaks is A Random GlobaLeaks Contributor|Developer| Spokesperson|Advocate Sunday, September 4, 2011
  • 4. Why does GlobaLeaks exists Why we want to change the world into a better place Sunday, September 4, 2011
  • 5. Motivations • We wish to make this world a better place • We strive to increase transparency and accountability in our society Sunday, September 4, 2011
  • 6. Existing Solutions • The existing software lacked basic privacy- aware (anonymity) and security features (encryption). • Existing projects are less open that they want to make people believe. • Only commercial software or outsourced WhistleBlowing services Sunday, September 4, 2011
  • 7. Research on WB • We started a research a research on Whistleblowing on Dec 2010 https://leakdirectory.org SHA Fingerprint: 2F 78 1A E7 34 32 44 35 1D 68 6A DE B7 83 58 F6 11 41 BC E0 Sunday, September 4, 2011
  • 8. The WB ecosystem Sunday, September 4, 2011
  • 9. So what’s Whistleblowing? • A whistleblower is somebody that informs of illicit activity. • Activates citizens in their own local politics • Activate people in their global view Sunday, September 4, 2011
  • 10. Active citizenship “... which of two common types of character, for the general good of humanity, it is most desirable should predominate — the active, or the passive type; that which struggles against evils, or that which endures them; that which bends to circumstances, or that which endeavours to make circumstances bend to itself.” John Stuart Mill, "Representative Government" (1869) Sunday, September 4, 2011
  • 11. Transparency and Accountability • People should start demanding transparency and enforcing it with GlobaLeaks. • Corporations and governments will understand the need to be more transparent Sunday, September 4, 2011
  • 12. How GlobaLeaks works How we plan to change the World Sunday, September 4, 2011
  • 13. The actors involved in GlobaLeaks • The Whistleblower • The Targets • The Node Administrator Sunday, September 4, 2011
  • 14. Whistleblower • An Active citizen that is aware of some malpractice and wrongdoing • She/He will notify the GL node of such information Sunday, September 4, 2011
  • 15. Targets • She/He is the person responsible for analyzing the material • No consent • Diversified actors as incentive Sunday, September 4, 2011
  • 16. Node Administrator • The person running GlobaLeaks software • Choose the target list • Choose the goals and objective of ther activities • Behave depending on the context and goals Sunday, September 4, 2011
  • 17. Interaction Audience WhistleBlower Submission Output pre NGO ss download Node Administrator Targets node • the node administrator notification select a list of targets • A Tulip is created Sunday, September 4, 2011
  • 18. Notification (TULIP) • Temporary Unique Link Information Provider • The means of communications between the target and WhistleBlower Sunday, September 4, 2011
  • 19. TULIP • Expires after a fixed amount of downloads and time • Is unique to every target/material • The data can be stored inside a flexible and configurable container (see local storage, FTP, Dropbox,Tahoe-LAFS, etc.) Sunday, September 4, 2011
  • 20. TULIP notification • Flexible and expandable notification system • email, twitter, facebook, SCP, ticketing system Sunday, September 4, 2011
  • 22. GlobaLeaks anonymity • Tor Hidden Services for pubblishing • Protection of WhistleBlower and Node maintainer • Tor client for notifications Sunday, September 4, 2011
  • 23. GlobaLeaks security • Authentication • TULIP based authentication • optional password • Encryption (optional) • ZIP AES, PGP container • Applies to data and notification • Security • optional metadata cleanup facilities (MAT) Sunday, September 4, 2011
  • 24. Target - Whistleblower interaction • Send and receive comments • WhistleBlower is able to upload more material regarding a submission • Secure JS based chat system? Sunday, September 4, 2011
  • 25. Who will use GlobaLeaks Different ways of using GlobaLeaks... ...The Swiss Army Knife of Whistleblowing Sunday, September 4, 2011
  • 26. Media • Media outlets, Magazine and Journalism associations can setup a WB interface • Collects Anonymous report by default • Two real world use cases Sunday, September 4, 2011
  • 27. Transparency Activism (1) • NGO and informal activism organisations • They will promote the GL node • They will only promote the GL node and others will analyze the data • Advocacy on the importance of Transparency and accountability • Corruption spotting Sunday, September 4, 2011
  • 28. Transparency Activism (II) • Break the three monkey principle Sunday, September 4, 2011
  • 29. Private Corporations • Important tool to be integrated within the corporate organizational model • Typically managed by internal audit • Accountability mandated by the law • Sarbanes-Oxley Act (USA) • Dlgs 231 (Italy) Sunday, September 4, 2011
  • 30. Public Agencies • Internal and external public WB services • USA IRS, US SEC, EU Antitrust • Involve citizens into spotting tax evasion, market manipulation, corruption, malpractice in health and environment Sunday, September 4, 2011
  • 31. Ways to publish a GlobaLeaks Site Different ways of bringing online a GlobaLeaks site depending on how you want to use it Sunday, September 4, 2011
  • 32. Pure Hidden Service • Pros • Submission is highly secure. • Does not rely on legacy technologies such as SSL. • DDOS protected. • Location of every network entity protected. • Requires to setup only one device. • Cons • Submitters must use a Tor client. Sunday, September 4, 2011
  • 33. Hybrid: HS + tor2web • Pros • Location of the backend storage server protected. • Backend DDOS protected. • Does not require clients to install any software except a browser. • Cons • Relies on legacy technology such as SSL. • The tor2web node can be targeted by a DDOS or SSL man in the middle. Sunday, September 4, 2011
  • 34. Web only solution • Pros • Does not require clients to install any software except a browser. • Requires to setup only one device. • Cons • Relies on legacy technology such as SSL. • The location of the server is disclosed. • It can be targeted by DDOS attacks and MITM. • One single point of failure. Sunday, September 4, 2011
  • 35. WTF!? ... Or, how will we change the world. Sunday, September 4, 2011
  • 36. The Tulip movement • The WB gives TULIPs out to targets • This is a gift to humanity • TULIP is also used as an acronym in Calvinism • Flower power leads to open and transparent society. Sunday, September 4, 2011
  • 37. How can you hack on it ? Practical way to start hacking on GlobaLeaks, have lots of fun, drink lots of wine and taste good Italian food Sunday, September 4, 2011
  • 38. Launchpad and Bazaar • Seif, hellais bitch, recommended it, but it’s a bit of PITA. • send him emails for help on bzr (seif@globaleaks.org) • Install bazaar, is the versioning system • register your user in http://lauchpad.net • we’re http://launchpad.net/globaleaks • check the blueprints: https://blueprints.launchpad.net/globaleaks Sunday, September 4, 2011
  • 39. Technologies • Python • web2py (http:///web2py.org/book) • MVC model • Secure by default against web attacks • Object Oriented Sunday, September 4, 2011
  • 40. Delivery • Self contained .exe • Self contained .app • Drag and drop install experience • Even non techie people will run it. Sunday, September 4, 2011