GlobaLeaks

GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives. It was developed by the Hermes Center for Transparency and Digital Human Rights, an Italian-based NGO supporting freedom of speech online.

GlobaLeaks
File:GlobaLeaks.svg
Developer(s)Hermes Center for Transparency and Digital Human Rights
Initial release6 September 2011 (2011-09-06)
Stable release
v3.11.21 / 2 October 2019 (2019-10-02)
Repositoryhttps://github.com/globaleaks/GlobaLeaks
Written inPython, JavaScript
Operating systemLinux
LicenseAffero General Public License
Websitehttps://www.globaleaks.org/

The software empowers anyone, even non-technical people, to easily setup and maintain a whistleblowing platform.

History

The project concept was initiated by Fabio Pietrosanti and shared for the first time within the hacktivist community on 15 December 2010.[1]

Relevant figures in the first development are Claudio Agosti, Arturo Filastò, Michele Orrù, Giovanni Pellerano, and Fabio Pietrosanti.[2][3][4][5]

The first prototype was announced on 6 September 2011 on the Full disclosure mailing list.[6]

Asked by an interviewer on how the GlobaLeaks project began, Filastò explained: "After the whole WikiLeaks Cablegate drama we decided to work on this."[7]

The idea for GlobaLeaks "was born from the realization of a need for journalists to ensure the confidentiality of their sources despite an insecure network." It is designed to be used by journalists who do not have advanced computer skills but who need a secure platform to protect their sources. The software enables journalists and their sources to communicate securely, allowing "a continuous flow of data among individuals with complete security." It also enables journalists to verify sources by requesting various kinds of data and documents. Moreover, GlobaLeaks is more flexible than WikiLeaks, which is only in English, and is centralized, with a focus on "events of national and international resonance." GlobaLeaks, by contrast, "allows you to communicate in the language of users and is open to local issues with an impact on everyday life."[8]

Filastò and his partners noted that most leaksites "had poor security," with the vulnerabilities of the Wall Street Journal's whistleblowing dropbox SafeHouse,[9] for instance, being "exposed only hours after it went online." Filastò commented that: "We saw that there is a user base but the developers were doing it wrong. We said: 'we are security people, we can do this better'. So two years ago we came up with an advanced prototype: Globaleaks 0.1. It was an initial experiment but it went quite well. We then redid it from scratch and we're now at version 2.24.".[7]

In 2011, Tor2web, Tor Hidden Service proxy designed by Aaron Swartz and Virgil Griffith, became part of the GlobaLeaks project as a component intended for extending platforms reachability to traditional HTTPS connections.

In 2012, the Hermes Center for Transparency and Digital Human Rights NGO was founded in Italy.

Reception

Brandon Stosh has described GlobaLeaks as "an open source project aimed at creating a worldwide, anonymous, censorship-resistant, distributed whistleblowing platform."[10] GlobaLeaks seeks "to democratize the WikiLeaks model" and to become "the de-facto standard in technologically-powered whistleblowing" focused on the research of the best trade-off between security and usability. The Hermes Center NGO "aims to help with the release of information on a different scale than WikiLeaks can address." Pietrosanti said in December 2013, we identified the needed for a "solution or software that would enable any organization to engage in whistleblower solicitation, even at the local level." he added.[11]

Andy Greenberg has quoted Pietrosanti in saying that Hermes's goal "is to expand the leaking movement from the current fifty or so WikiLeaks copycats to a network of hundreds or thousands of 'leak nodes' run by everyone from U.S. corporations that are legally mandated to run an internal whistleblowing outlet to radical activists that hope to pass their materials on to publishers while using Tor to remain completely anonymous." GlobaLeaks, wrote Greenberg, "aims to disperse the risk of handling sensitive material over an army of individuals rather than one vulnerable group of intermediaries. 'Some people may be like Assange, and say, OK, we'll publish and fight and whatever,' says Pietrosanti. 'But lots of people want to fight corruption without taking that much responsibility. If the risk profile of everyone who runs a leak node is reduced, there will be a lot more leak nodes. WikiLeaks taught us something. And it brought the word whistleblower back into the awareness of the public (...) But GlobaLeaks is the next logical step." Filastò added.[12]

In October 2013, Tessel Renzenbrink wrote in her article "Building an Infrastructure for Whistleblowing" that "there are very few protection mechanisms in place for whistleblowers," and that because of this, "whistleblowing featured as an important topic at OHM2013, the biggest outdoor hacker festival in Europe." At the festival, Renzenbrink spoke with people from "several organizations that have started initiatives to build a better whistleblowing infrastructure," including Filastò, who told her: "Globaleaks is a software designed to allow anybody to easily set up a whistleblower site". Filastò emphasized that "It is open source software so anybody can download it, install it and have a whistleblower site set up. (...) we don't run a whistleblowing platform ourselves (...) but we contribute to this ecosystem by enabling other people to run successful initiatives."

Operation

A GlobaLeaks site utilizes Tor Hidden Services[13] in order to guarantee the anonymity of the source. [3]

Once the submission is performed on a GlobaLeaks platform, the data is encrypted using PGP and the system automatically notifies registered recipients (e.g., local media, NGOs, or even single journalists). GlobaLeaks platforms do not store anything permanently and the submitted information and files are deleted as soon as possible with a strict data retention policy.[14][15]

The process is generally improved by suggesting the sources to use the Tails anonymous operating system while connecting to GlobaLeaks.[10]

JavaScript is required from the user agent to access GlobaLeaks.[16]

Implementations

By 2019, GlobaLeaks has been internationalized in 20+ languages and implemented by several thousands projects and initiatives all over the world. The vast range of adopters include independent media, activists, media agencies, corporations, and more.

Describing the early deployments, Wired reporter John Borland, GlobaLeaks had been "deployed around Europe, by independent journalism and activist groups in Serbia, investigative journalism organizations in Hungary and Italy, and an anti-Mafia group in Italy." Borland noted that "A GlobaLeaks-powered whistleblowing site in Iceland, called Ljost,[17][18] today [30 December 2013] released new documents on that country's 2008 financial collapse." Pietrosanti told Borland that GlobaLeaks was "currently talking with organizations in a number of other countries, including several media groups that want to replicate the successful Dutch model." Borland added that "activists are also examining topic-specific leaks sites for issues such as human rights, wildlife crimes, surveillance, food safety in the United States, and censorship."[11]

The largest implementation of GlobaLeaks occurred in 2014 by PubLeaks in the Netherlands,[19][20] "a foundation that counts 42 of the country's biggest media organizations among its members. There, each organization pays €500 per year, and in return receives a special laptop designed to access the leak system." Borland noted that "When accessing Publeaks from the web, whistleblowers can choose to send information to three of these media organizations. All participating organizations agree to honor embargo periods, enabling information to be examined without immediate publication pressure. The group has already had several high-profile leaks, including one that led to the resignation of a prominent parliamentarian."[11]

Other major organizations supporting the setup of GlobaLeaks based whistleblowing platforms are Free Press Unlimited (FPU) and Associated Whistleblowing Press (AWP).

FPU, a Netherland-based organization, created AfriLeaks and MéxicoLeaks. AfriLeaks was GlobaLeaks' first project outside the western world run by an alliance of 15+ African news organisations that are committed to speaking truth to power. "Whistleblowing is an important instrument that should be used carefully, so future training is now being planned and will continue to take place regularly." said Pellerano to the Guardian.[5] As for MéxicoLeaks, it is an active independent whistleblowing platform aimed at revealing information for the public interest in Mexico which was awarded the 2016 FRIDA award.[21]

AWP, a Belgium-based organization, created Ljost (Iceland), Filtrala (Spain), EcuadorTransparente (Ecuador)[22][23] and PeruLeaks (Peru).[24] AWP co-founder Pedro Noel describes AWP as "a nonprofit organization which struggles for freedom of expression and against human rights violations by means of whistleblowing."[7]

One of the most successful GlobaLeaks projects is WildLeaks, the world's first whistleblower initiative dedicated to Wildlife and Forest Crime funded and managed by the Elephant Action League (EAL) which reported and investigated various crimes. One of the investigations was highlighted in the award-winning Netflix documentary "The Ivory Game".[25][26][27]

GlobaLeaks also partnered with major anticorruption and human rights NGOs like Transparency International Allerta Anticorruzione,[28] OCCRP (OCCRPLeaks) and Amnesty International Amlea.[29]

In 2017, Xnet, an activist project which has been working on and for networked democracy and digital rights since 2008, launched in the Barcelona City Hall the first public Anti-Corruption Complaint Box using anonymity protection technology like Tor and GlobaLeaks ("Bústia Ètica" in Catalan). With this pioneering project, the Barcelona City Hall is the first municipal government to invite citizens to use tools which enable them to send information in a way that is secure, that guarantees privacy and gives citizens the option to be totally anonymous.[30]

In 2018 the Italian Anti-Corruption Authority (ANAC), an administrative watchdog, launched their national online whistleblowing platform using GlobaLeaks and onion services, giving whistleblowers who come forward a secure way to report illegal activity while protecting their identities.[31]

Funding

In 2011, GlobaLeaks 0.1 received funding from USAID Serbia.

In 2012, GlobaLeaks 2.0 had been funded with $108,400 by the Open Technology Fund under the Freedom2Connect program.[32]

In 2013, the project was able to survive with few donations and a lot of volunteer work done by its core members.

In 2014, Hermes Center has been awarded €200,000 by the Hivos Foundation for Project Deployments of Whistleblowing Initiatives in the Global South.[33]

In July 2014, GlobaLeaks project has been funded with ~$234,000 by the Open Technology Fund in order to develop a new Roadmap from Q3/2014 up to Q1/2016[34] for which all progress reports are publicly available.[35]

In September 2014, Transparency International Italy started up its AntiCorruption Advocacy and Legal Advice Centre (ALAC)[36] with a contribution of €6,000 from an EU grant.

See also

References
  1. Pietrosanti, Fabio (15 December 2010). "An idea of leaking alternative to wikileaks". Full Disclosure.
  2. "About Us - HERMES Center For Transparency And Digital Human Rights". HERMES - Centro Studi Trasparenza e Diritti Umani in Rete. Retrieved 24 May 2016.
  3. 28th Chaos Communication Congress. "Workshops/GlobaLeaks". Retrieved 21 January 2012.
  4. "Whistleblowing Rippling into New Corners". wired.com. Retrieved 22 February 2014.
  5. Cummings, Basia. "Wikileaks for Africa? Introducing Afrileaks". The Guardian.
  6. Filastò, Arturo (6 September 2011). "Globaleaks demo of the Prototype online!". Full Disclosure (Mailing list). Retrieved 21 January 2012.
  7. Renzenbrink, Tessel. "Building an Infrastructure for Whistleblowing". Tech the Future. Archived from the original on 24 September 2015. Retrieved 23 April 2014.
  8. "GlobaLeaks e la protezione delle fonti nell'era digitale: intervista a Claudio Agosti". Web Magazine. 28 April 2013.
  9. Halliday, Josh. "Wall Street Journal faces backlash over WikiLeaks rival". The Guardian.
  10. Stosh, Brandon. "Interview with GlobaLeaks – The Open Source Whistleblowing Platform". Freedom Hacker.
  11. Borland, John (30 December 2013). "Whistleblowing Rippling into New Corners". Wired.
  12. Greenberg, Andy (13 September 2012). This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight. Google Books. ISBN 9781101593585.
  13. Steele, Shari. "Tor at the Heart: GlobaLeaks". Tor Blog. Retrieved 3 January 2017.
  14. "GlobaLeaks Threat Model". Retrieved 3 February 2017.
  15. "GlobaLeaks Application Security Design and Details". Retrieved 3 February 2017.
  16. Reference to the "Javascript required" page why Javascript it's required article #1928 Github
  17. Dreyfus, Suelette. "Whistleblowers: gagged by those in power, admired by the public". theguardian.com. Retrieved 25 February 2014.
  18. Veal, Lowana. "Alternative to Wikileaks Arises in Iceland". inter press service. Retrieved 25 February 2014.
  19. "Vanaf vandaag: anoniem lekken naar media via doorgeefluik Publeaks". volkskrant.nl. Retrieved 22 February 2014.
  20. "Handling ethical problems in counterterrorism An inventory of methods to support ethical decisionmaking" (PDF). RAND Corporation. Retrieved 24 February 2014.
  21. "Frida Award by MexicoLeaks". Retrieved 1 February 2017.
  22. Rodriguez, Katitza (24 April 2016). "Leaked Documents Confirm Ecuador's Internet Censorship Machine". Electronic Frontier Foundation. Retrieved 3 January 2017.
  23. Franceschi Biccherai, Lorenzo (14 April 2016). "Ecuador Briefly Censored Google and YouTube, Leaked Document Shows". Vice. Retrieved 3 January 2017.
  24. "La República se suma a 'Perúleaks'". [La_República]. Retrieved 3 January 2017.
  25. Neme, Lauren. "New WildLeaks Website Invites Whistle-Blowers on Wildlife Crime". nationalgeographic.com. Retrieved 22 February 2014.
  26. Drake, Nadia. "A New Website That Lets Tipsters Report Wildlife Crimes". wired.com. Retrieved 22 February 2014.
  27. Carrington, Damian. "WildLeaks attracts major wildlife crime leads in first three months". [The Guardian]. Retrieved 13 June 2014.
  28. "Allerta Anticorruzione project by Transparency International". Archived from the original on 19 March 2016. Retrieved 3 January 2017.
  29. "Amlea project by Amnesy International". Archived from the original on 23 February 2019. Retrieved 3 January 2017.
  30. "Xnet installs a Whistleblowing Platform against corruption for the City Hall of Barcelona – powered by GlobaLeaks and Tor friendly". Material was copied from this source, which is available under a Creative Commons Attribution-ShareAlike 3.0 Unported license.
  31. "Italian Anti-Corruption Authority (ANAC) Adopts Onion Services".
  32. "Open Technology Fund". Retrieved 1 May 2012.
  33. "GlobaLeaks 2014/2015". Archived from the original on 10 June 2016. Retrieved 24 May 2016.
  34. "2014-2015 GlobaLeaks project roadmap". Google Docs. Retrieved 24 May 2016.
  35. "OTF Reporting". GitHub. Retrieved 24 May 2016.
  36. "Allerta Anticorruzione - ALAC". Retrieved 24 May 2016.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.