Security for the Whistleblower
When submitting sensitive information, you must consider the risks involved in revealing information about a party who may not like what you have to say. They may seek retaliation against you, the recipients of the information, or us.
Acting as an anonymous source throughout the whistleblowing process is a good way to protect yourself and others from external threats. This document looks at the threats associated with submitting information to the public media and ways to address and minimize those risks.
While technical methods to discover your identity might seem intimidating, the largest threat to your anonymity are the people around you.
Before submitting any information you should consider what will happen after the information has been given to journalists and what will happen when the leak becomes public.
Ask yourself the following questions to assess your risk:
- Are you acting in the public interest or with spiteful intent?
- Will your actions evoke a violent or legal response from some group?
- Do people other than you have access to the information you are going to submit?
- If this information reaches the public, will someone question you about it?
- Can you cope with the stress of an internal or external investigation?
You should only consider blowing the whistle after giving serious consideration to these kinds of questions.
Realize that while using a computer and the Internet to exchange information, the actions you take may leave traces on your computer, the intended recipient’s computer, and many other computers in between. These logs and other forensic information could lead an investigator to identify where you are and who you are.
You may leave computer traces while:
- Researching the information to be submitted
- Acquiring the information to be submitted
- Reading this web page
- Submitting the information to us
- Exchanging data with recipients of your submission
With the right tools and knowledge you can minimize the risk of leaving digital traces and compromising your anonymity.
What follows is a minimum set of actions you should take to protect yourself in social situations.
- Before you make a submission, do not share your intentions with anyone.
- Try to be certain that there are no surveillance systems or observers in the place where you acquire and submit information.
- Try to be certain that the information you submit does not identify you if someone other than intended recipient gains access to it.
- After you make a submission, do not share your actions with anyone.
- After the news about the submission gets to the public, be careful about expressing your opinion about the news with anyone.
Due to the technical complexity of modern computing and network systems, understanding how to protect yourself can be difficult. It is possible to do, but it can be complicated. You should also understand that nobody understands every detail of computer and network systems, including the authors of this document.
However, if you strictly follow the guidelines below, you should be safe enough.
- While acquiring the information to submit, be sure that there are no traces left on the IT systems leading back to your identity (eg: collect files with a USB stick. When you have completed the submission destroy and dispose of the USB stick)
- Realize that “deleting a file” on almost all computers does not remove traces of the files presence from that computer.
- Be aware that “meta data information” may be present in some of the data you are submitting.
- Consider cleaning up the Metadata by using tools such as MAT bundled with the TAILS linux live CD.
- Consider converting all the data that you send us into a standard format like PDF.
- Submit information using Anonymous Web Browsing software Tor Browser Bundle
- Do not keep any copies of the information you submitted.
- Do not submit information from the computer provided to you by your employer (use a spare one)
- Keep the Submission’s receipt you receive secret and destroy it once you no longer need it.
- Do not look around on search engines or news media website for the information you submitted.
Safe enough does not mean your anonymity is guaranteed. It means that even computer experts should not be able to determine that you were the source of the leak after the fact.
If you wish to better understand how to safely proceed in this digital environment, consider reading the excellent guides produced as part of the Security in a Box project.
Security of the Submission System
The Tor Browser is a state-of-the-art Web Browser that protects your anonymity on the Internet. It has proven itself effective after significant scrutiny from both the academic research community and computer security experts.
WBS is an open source, secure whistleblowing platform designed by the Hermes Center for Transparency and Digital Human Rights. The platform enforces strict policies that protects the identities of its users and information submitted to the system.
When these two software tools are used together a whistleblower’s anonymity while submitting information receives strong protection. This setup lets us manage the process of safe communication with sources.
The Difference Between Anonymity and Confidentiality
If you follow the guidelines outlined in the Social Protection and Technical Protection sections then when you submit information to us you should remain anonymous.
This means that no one, not even the recipients of the information knows that you are the person blowing the whistle. By default, WBS used with Tor provides strong protection for your anonymity.
However, there are many whistleblowing scenarios where anonymity of a whistleblower is only temporary. Imagine a whistleblower coming forward as a plaintiff in a civil suit in the United States. In a case like that the whistleblower may have significant monetary incentives to reveal who they are.
When a source reveals their identity to a recipient, then their identity becomes confidential. All it takes for a whistleblower to go from an anonymous source to a confidential one is a first and last name.
Why Trust WBS
Total anonymity can never be guaranteed; however, we have designed this technology taking into account scenarios where a whistleblower’s life is at stake. Additionally Security experts have performed multiple audits on this software.
This is the best way to ensure that the application is truly secure. We do not ask you to blindly trust our security decisions: we have received various independent security analyses from third parties.
Moreover, the source code of GlobaLeaks is open, so anybody can inspect it and make sure that it does what we say it does.
For more in-depth analysis of the security of GlobaLeaks, see GlobaLeaks Application Security Design and Details.