[liberationtech] Safer submission of content to news organizations
liberationtech at lewman.us
liberationtech at lewman.us
Tue Jan 17 16:47:09 PST 2012
On Tue, Jan 17, 2012 at 12:47:33PM -0500, DObrien at cpj.org wrote 4.5K bytes in 105 lines about:
: Your problem is that any networked connection is vulnerable to making
: that identification between the two users, journalist and whistleblower,
: unless you maintain absolute anonymity over the network, but provide
: some form of consistent attestation (ie, I don't know who you are, but
: you're the same person as I talked to last time). Any actual identity
: can be ascertained out of band. (I'm that guy you met that one time
: wearing a rose. We both know Bill's shoe size. etc)
I agree with Danny's interpretation. The submitter wants network
anonymity, but maybe not an anonymous identity. There are thousands of
people who use Tor to login to Facebook, Google+, and other quasi-real
name websites. I use Tor to check my credit reports on experian. My
current IP address and network location are irrelevant to my real
world identity. I certainly do not trust the network between me and
some destination so I use Tor to protect my traffic in transit. I
use https to protect the communications between my browser and the
destination website. I transmit my real identity through https over Tor
to authenticate with the destination website.
It's probably easier for the government, network provider, or criminal
to subpoena/break into experian's computers to get my identity than it is to
break https and tor.
Replace the word 'experian' with 'whistleblower contact form at a
newspaper' and the concept and realities are the same.
--
Andrew
http://tpo.is/contact
pgp 0x74ED336B
More information about the liberationtech
mailing list