GlobaLeaks

GlobaLeaks

Developer(s)	Hermes Center for Transparency and Digital Human Rights
Initial release	6 September 2011 (2011-09-06)[1]
Stable release	2.61.13 / May 27, 2016; 8 years ago (2016-05-27)
Written in	Python, JavaScript
Operating system	Linux
License	Affero General Public License
Website	www.globaleaks.org

GlobaLeaks is an open-source, free software intended to enable anonymous whistleblowing initiatives. It was developed by the Hermes Center for Transparency and Digital Human Rights, a largely Italian foundation.^[2] The leading figures in its creation are programmer and security analyst Claudio Agosti; Università di Roma computer science student and Tor developer Arturo Filastò; privacy solutions provider PrivateWave Italia founder Fabio Pietrosanti; and computer engineer and Tor2web developer Giovanni Pellerano.^{[3][4][5][6][7][8][9]}

The software empowers anyone, even non-technical people, to easily set up and maintain a whistleblowing platform. It can help many different types of users: media organizations, activist groups, corporations and public agencies.” The GlobaLeaks project is “aimed at supporting the practice of whistleblowing by giving people the software tools necessary to start their own initiative.^[10]

History

Project

Asked by an interviewer how the GlobaLeaks project began, Filastò explained: “After the whole Wikileaks Cablegate drama we decided to work on this.”^[11] The idea for GlobaLeaks “was born from the realization of a need for journalists to ensure the confidentiality of their sources despite an insecure network.” It is designed to be used by journalists who do not have advanced computer skills but who need a secure platform to protect their sources. The software enables journalists and their sources to communicate securely, allowing “a continuous flow of data among individuals with complete security.” It also enables journalists to verify sources by requesting various kinds of data and documents. Moreover, GlobaLeaks is more flexible than WikiLeaks, which is only in English, and is centralized, with a focus on “events of national and international resonance.” GlobaLeaks, by contrast, “allows you to communicate in the language of users and is open to local issues with an impact on everyday life.”^[12]

Filastò and his partners noted that most leaksites “had poor security,” with the vulnerabilities of the Wall Street Journal’s whistleblowing dropbox SafeHouse,^[13] for instance, being “exposed only hours after it went online.” Filastò commented that: “We saw that there is a user base but the developers were doing it wrong. We said: ‘we are security people, we can do this better’. So two years ago we came up with an advanced prototype: Globaleaks 0.1. It was an initial experiment but it went quite well. We then redid it from scratch and we’re now at version 2.24.”^[11]

The initial plan was conceived on 15 December 2010,^[14] with the first prototype announced on 6 September 2011^[1] as an alpha release.

According to an article published in January 2011, GlobaLeaks was based during “an initial phase” in the Netherlands and Italy, but was now being spread around the world through downloads. In the then-current phase, the goal was to establish a broad base of leak-sharing collaborators, so as to “create a kind of ‘dropbox’ community” with “the minimum possible exposure to potential political repression or legal foes.”^[15]

In 2011 the Tor2web Project became part of GlobaLeaks, published as part of a long term vision of the GlobaLeaks Project Plan.^[16]

By 2012 the Hermes Center for Transparency and Digital Human Rights ONG was set up in Italy.

In a report from the December 2013 Chaos Communication Congress (CCC), John Borland wrote that “the whistleblower-support community has never been healthier.” He explained that the whistleblowing movement was “now filtering into country after country at a smaller level, as local activist and media organizations work with technology providers to fine-tune the collection and solicitation of leaks to specific populations or subject areas.” Much of this work, he noted, “is being facilitated by the Italian GlobaLeaks, a project of the Hermes Center for Transparency and Digital Human Rights.”^[17]

As of October 2013, the founders of GlobaLeaks were “writing an app extension and multimedia support, and work on a Tor2web proxy software to facilitate first steps towards some more privacy for wannabe Tor users.”^[18]

Founders

GlobaLeaks was co-founded and designed by Fabio Pietrosanti and Arturo Filastò. In the 2012 book This Machine Kills Secrets, Andy Greenberg recounts the story of Pietrosanti and Filastò, “a pair of Italian hackers hoping to reshape the future of leaking” and who “say they aim to create the BitTorrent to WikiLeaks’ Napster. Where WikiLeaks was a single, vulnerable target, GlobaLeaks aims to create what they’ve called a ‘worldwide, distributed leak amplification network.’”^[19]

Greenberg describes Pietrosanti as “a thirty-year-old security engineer who looks like a twenty-one-year-old actor, small, with big eyes and Tom Cruise hair. Filastò, on the other hand, is an actual twenty-one-year-old former actor, who spent two years playing the gangly, long-haired teen geek heartthrob on a popular Italian soap opera before leaving the TV industry to study mathematics and become a Tor developer.”^[19]

Greenberg writes that “The software the two Italians and a few other coders have been working on – and the group merely aims to offer software, not run an active leaking service like WikiLeaks or OpenLeaks – is designed to allow anyone to set up a leaking conduit in minutes, using Tor’s Hidden Services to offer a submissions system that’s both secure and untraceable. Unlike OpenLeaks, GlobaLeaks won’t limit who uses its software, and has posted its source code online for all to see, tweak, and use.”^[19]

At the time Greenberg spoke with the two developers, “they were busy meeting with any group who might consider deploying their software to host a niche whistleblower site: two left-wing Italian political parties, a Serbian newspaper, an Italian energy utility that wants to facilitate internal whistleblowing, a British leak site called BritiLeaks, and even Atanas Tchobanov and Assen Yordanov at BalkanLeaks.”^[19]

Funding

In 2011 GlobaLeaks 0.1 received funding from USAID Serbia.

In 2012 GlobaLeaks 2.0 and Tor2web 3.0 software had been funded with $108,400 by the Open Technology Fund under the Freedom2Connect program.^[20]

In 2013 the project was able to survive with few donations and a lot of volunteer work done by its core member.

In 2014 Hermes Center has been awarded €200.000 by the Hivos Foundation for Project Deployments of Whistleblowing Initiatives in the Global South.^[21]

In July 2014 GlobaLeaks project has been funded with ~$234,000 by the Open Technology Fund^[20] in order to develop a new Roadmap from Q3/2014 up to Q1/2016^[22] for which all Progress Reports are publicly available.^[23]

Late 2014 Transparency International Italy started up its AntiCorruption Advocacy and Legal Advice Centre (ALAC)^[24] with a contribution of €6.000 from an EU grant.

Reception

GlobaLeaks was mentioned by Tor developer Jacob Applebaum during the 30th Chaos Communications Congress as an important new whistleblowing platform that the press hadn’t discovered yet, but would soon.^[10]

Brandon Stosh has described GlobaLeaks as “an open source project aimed at creating a worldwide, anonymous, censorship-resistant, distributed whistleblowing platform.”^[18] GlobaLeaks seeks “to democratize the WikiLeaks model” and to become “the de-facto standard in technologically-powered whistleblowing, thanks to its unique usability, security and integrable APIs.”^[10][25] The Hermes group “aims to help with the release of information on a different scale than WikiLeaks can address.” Pietrosanti said in December 2013, “We saw that there needed to be a solution or software that would enable any organization to engage in whistleblower solicitation, even at the local level.”^[17]

Andy Greenberg has quoted Pietrosanti as saying that Hermes’s goal “is to expand the leaking movement from the current fifty or so WikiLeaks copycats to a network or hundreds or thousands of ‘leak nodes’ run by everyone from U.S. corporations that are legally mandated to run an internal whistleblowing outlet to radical activists that hope to pass their materials on to publishers while using Tor to remain completely anonymous.” GlobaLeaks, wrote Greenberg, “aims to disperse the risk of handling sensitive material over an army of individuals rather than one vulnerable group of intermediaries. ‘Some people may be like Assange, and say, OK, we’ll publish and fight and whatever,’ says Pietrosanti. ‘But lots of people want to fight corruption without taking that much responsibility. If the risk profile of everyone who runs a leak node is reduced, there will be a lot more leak nodes.’” Filastò added: “WikiLeaks taught us something. And it brought the word whistleblower back into the awareness of the public…. But GlobaLeaks is the next logical step.”^[19]

In an October 2013 article, “Building an Infrastructure for Whistleblowing,” Tessel Renzenbrink wrote that “there are very few protection mechanisms in place for whistleblowers,” and that because of this, “whistleblowing featured as an important topic at OHM2013, the biggest outdoor hacker festival in Europe.” At the festival, Renzenbrink spoke with people from “several organizations that have started initiatives to build a better whistleblowing infrastructure,” including Filastò, who told her: “Globaleaks is a software designed to allow anybody to easily set up a whistleblower site….It is open source software so anybody can download it, install it and have a whistleblower site set up.” Filastò emphasized that “We provide the technical infrastructure, we don’t run a whistleblowing platform ourselves. The technical part is definitely only one part of running a successful platform. You need to campaign it, review the leaks and create a publishing platform or collaborate with one. But we contribute to this ecosystem by enabling other people to run successful initiatives.”

“On the front end,” Renzenbrink noted, “the software provides a straightforward user interface for leakers. Through a series of clicks they can securely and anonymously submit documents to one or more receivers of their choosing. Receivers can be anyone from journalists to human rights organizations who have made themselves available for the whistleblowing platform. When the leaker decides to include a particular receiver into the submission, he or she will get an email with the documents.” Asked about GlobaLeaks’ security measures, Filastò said: “Globaleaks uses Tor to provide anonymity.” Renzenbrink pointed out that “Tor is free software and an open network that anonymizes Internet traffic; neither the receiver nor anyone intercepting the data packets can observe the identity of the sender. This is accomplished by sending the traffic through a series of encrypted connections over a network run by volunteers.” GlobaLeaks, explained Filastò, “runs a hidden Tor service to ensure the anonymity of the whistleblower and also that of the person or organization running the server. The location of the server is unknown so it can’t be raided. The receivers should not be anonymous because nobody is going to submit anything if you do not know who is on the receiving end.” Moreover, “the submission is encrypted. The file is sent to the receiver using PGP, a program used for encrypting email. The file itself is encrypted as well.”^[11]

Operation

The organization who develops GlobaLeaks does not run any leaksite. The organization instead, invites anyone to install the software on their own computers, thus making it a node in a distributed private anonymous network. Whereas Wikileaks uses a centralized data distribution system similar to Napster, Globaleaks uses a shared download distribution system similar to BitTorrent.^[26]

A GlobaLeaks site utilizes Tor Hidden Services in order to guarantee the anonymity of the identity of the source, and Tor2web in order to obtain public web reachability.^[3]

Once submission are performed on a GlobaLeaks node, the system automatically notifies registered recipients (e.g., local media, NGOs, or even single journalists.).

The founders “strongly suggest to use a Tails CDrom to connect to GlobaLeaks. Tails is a GNU/Linux, fully Torified live CD that does not allow the user to make mistakes installing Tor and that does not leave any trace on the PC that is used.”^[11] GlobaLeaks nodes “do not store anything permanently” and “the leaked files are deleted as soon as possible.”^[11]

Implementations

As of the end of 2013, the largest implementation of GlobaLeaks was by PubLeaks in the Netherlands, “a foundation that counts 42 of the country’s biggest media organizations among its members. There, each organization pays €500 per year, and in return receives a special laptop designed to access the leak system.” Borland noted that “When accessing Publeaks from the web, whistleblowers can choose to send information to three of these media organizations. All participating organizations agree to honor embargo periods, enabling information to be examined without immediate publication pressure. The group has already had several high-profile leaks, including one that led to the resignation of a prominent parliamentarian.”^[17]

A GlobaLeaks founder has said that “Investigative journalists immediately understood the GlobaLeaks model power, but in fact all journalist can use it, in a way or another, to empower their sources and themselves. They need just to have the time to understand how much their work needs to change.”^[11]

As of December 30, 2013, according to an article by Wired reporter John Borland, GlobaLeaks had been “deployed around Europe, by independent journalism and activist groups in Serbia, investigative journalism organizations in Hungary and Italy, and an anti-Mafia group in Italy.” Borland noted that “A GlobaLeaks-powered whistleblowing site in Iceland, called Ljost, today [December 30, 2013] released new documents on that country’s 2008 financial collapse.” Pietrosanti told Borland that GlobaLeaks was “currently talking with organizations in a number of other countries, including several media groups that want to replicate the successful Dutch model.” Borland added that “activists are also examining topic-specific leaks sites for issues such as human rights, wildlife crimes, surveillance, food safety in the United States, and censorship.”^[17]

The foundation Radio Free Asia (RFA) has funded the project for potential use in countries ruled by dictatorships, in environments with a high level of criminal infiltration, and in places where the Internet is strictly controlled.^[12]

One whistleblowing platform that runs the GlobaLeaks software is the Belgium-based Associated Whistleblowing Press Press. AWP co-founder Pedro Noel describes AWP as “a nonprofit organization which struggles for freedom of expression and against human rights violations by means of whistleblowing.”^[11]

As of October 2013, one of the GlobaLeaks founders estimated that their work had so far “empowered” about forty journalists, including “the aggregates like Publeaks.”^[18][27]

The following table show the list of initiatives using GlobaLeaks software:

Name of organization	Implementation date	Category	Tor Url	Tor2web Url	Country
Perun[28]	2012-April-7	Investigative Journalism	Closed	Closed	Serbia
Ljost[29][30]	2012-September-30	Transparency Activism	w6csjytbrl273che.onion	https://w6csjytbrl273che.tor2web.org/	Iceland
MagyarLeaks[31]	2013-July-7	Investigative Journalism	ak2uqfavwgmjrvtu.onion	https://ak2uqfavwgmjrvtu.tor2web.org	Hungary
Publeaks [32][33]	2013-September-9	+40 National/Local Media Consortium	5karyquenden4d6k.onion	https://secure.publeaks.nl	Netherlands
Pistajka	2013-September	Anticorruption activism	acabtd4btrxjjrvr.onion	https://acabtd4btrxjjrvr.tor2web.org	Serbia
Irpileaks[34][35]	2013-October-7	Investigative Journalism	5r4bjnjug3apqdii.onion	https://5r4bjnjug3apqdii.tor2web.org/	Italy
Mafialeaks [36][37][38]	2013-November-5	Anti Mafia Activism	2dermafialks7aai.onion	https://secure.mafialeaks.org	Italy
InfodioLeaks	2014-January-28	Anticorruption Activism	ymi7h25hgp3bj63v.onion	https://ymi7h25hgp3bj63v.tor2web.org	Venezuela
WildLeaks [39][40][41][42][43][44]	2014-February-7	WildLife Crime Activism	ppdz5djzpo3w5k2z.onion	https://secure.wildleaks.org	United States/Africa
Salzburger-Piratenpartei	2014-March-4	Activism	pltloztihmfrg2sw.onion	https://pltloztihmfrg2sw.tor2web.org	Austria
Nawaatleaks [45]	2014-March-27	Activism	ur5b2b4brz427ygh.onion	https://ur5b2b4brz427ygh.tor2web.org	Tunisia
Internet Governance Transparency Initiative	2014-April-5	Transparency Activism	jeuhrnvdyr3xyqz3.onion	https://jeuhrnvdyr3xyqz3.tor2web.org	Unknown
Filtrala [46][47]	2014-April-23	Anticorruption Activism	w6csjytbrl273che.onion	https://w6csjytbrl273che.tor2web.org/	Spain
MediaDirect [48]	2014-May-11	Transparency Activism	abkjckdgoabr7bmm.onion	https://abkjckdgoabr7bmm.tor2web.org	Australia
ExpoLeaks[49][50][51]	2014-June-10	Investigative Journalism	5r4bjnjug3apqdii.onion	https://5r4bjnjug3apqdii.tor2web.org/	Italy
ExtremeLeaks	2014-June-18	Investigative Journalism focusing on extremism and extremist organisations in Europe, the Middle East and North Africa	bqs3dobnazs7h4u4.onion	https://www.extremeleaks.org/	Norway
EcuadorTransparente	2014-June-19	Transparency Activism	ea433ils4wtprqbv.onion	https://g5euuxsqph5u4uvm.tor2web.org/	Ecuador
ManxLeaks	2014-July-07	Transparency Activism	3qnry3qqjvc2u3c4.onion	https://3qnry3qqjvc2u3c4.tor2web.org	Isle of Man
Allerta Anticorruzione[52][53]	2014-October-14	Anticorruption Activism	fkut2p37apcg6l7f.onion	https://alac.transparency.it	Italy
Brussels Leaks	2014-October 24	Europe Focus Anticorruption Transparency Activism	6iolddfbfinntq2b.onion	https://6iolddfbfinntq2b.tor2web.org	Belgium
AfriLeaks[54]	2014-December 14	Pan African Investigative Journalism Initiative (publeaks-like)	wcnueib4qrsm544n.onion	https://secure.afrileaks.org	Africa
Whistleblowing.jp [55] [56]	2014-Dec 19	Activism	4ge3uua3uaxuhhaq.onion/#/	https://whistleblowing.jp/	Japan
SourceSure[57]	2015-February-12	French/Belgium PubLeaks initiative made by large French Speaking media partners Le Monde, La Libre Belgique RTBF Le Soir	hgowugmgkiv2wxs5.onion	https://secure.sourcesure.eu	France & Belgium
Xabardocs	2015-January 27	AntiCorruption Activism in Ukraine	rfftlkqzjdse5jvl.onion	http://www.xabardocs.org/start/	Ukraine
MexicoLeaks[58][59]	2015-Feb 25	MexicoLeaks	pb5icjbw6g5hnhl6.onion	https://mexicoleaks.mx/	Mexico
Buzón de Xnet - XnetLeaks	2015-March 1	Leaks to fight against corruption by Xnet	ztjn5gcdsqeqzmw4.onion	https://xnet-x.net/en/xnetleaks	Spain
DataLeaks	2015	Free Internet Serbia	x2tzc4z2kdi5io4j.onion	https://twitter.com/FreeInternetSRB	Serbia
The Torist	2015-March	Literary and Arts	toristinkirir4xj.onion	https://twitter.com/thetorist	Tor
OCCRPLeaks [60]	2015-March 1	Organized Crime and Corruption Reporting Project	c4br2yayzdfcfkae.onion	https://occrp.org/occrpleaks/	Bosnia (region)
Nieuwsleaks[61]	2015-April 1	VTM Media Whistleblowing site in Belgium	pb5icjbw6g5hnhl6.onion	https://nieuws.vtm.be/nieuwsleaks	Belgium
SecuriLeaks	2015-May	Investigative Journalism - focusing on threats against regional and global security, in particular in the aftermath of the Russian annexation of Crimea in February–March 2014 and on all issues related to NATO and Russia and beyond	ms5qd5es5qltiqsf.onion	https://www.securileaks.org/	Norway
Oživení	2015-June 15	Anticorruption activism	iopx5pchfdldldwp.onion	https://secure.bezkorupce.cz/	Czech Republic
ToristFR	2016-Feb 19	Literary and Arts	toristfgqiroaded.onion	https://mobile.twitter.com/TheToristFR	France
RegeniLeaks [62]	2016-May 16	Journalism	diy7cyqbjh4p5apa.onion	diy7cyqbjh4p5apa.onion	Italy

See also

• Whistleblowing
• Associated Whistleblowing Press
• Tor (anonymity network)
• Tor2web
• Pretty Good Privacy
• Tails (operating system)
• SecureDrop

References

External links

• Official website
• Code repository
• GitHub wiki