Tag Archives: tor

Interview: president of IRPI Cecilia Anesi talks about secure leaks platform IRPILeaks

IRPI leaks

Last year the Investigative Reporting Italian Project (IRPI) introduced a platform for Italian and international whistleblowers, the first of its kind in the country.

The project has been called IRPILeaks and, like the Dutch PubLeaks and WikiLeaks, is a tool for those want to leak staying anonymous and safe.

IRPI aims to use this anonymity to encourage leaks from people who want to expose misconducts of companies and public authorities. A list of risks they could face in the process is published on IRPI‘s site. Continue reading

Web security for journalists – takeaway tips and review

Web security for journalists - book cover

Early in Alan Pearce‘s book on web security, Deep Web for Journalists, a series of statistics appears that tell a striking story about the spread of surveillance in just one country.

199 is the first: the number of data mining programs in the US in 2004 when 16 Federal agencies were “on the look-out for suspicious activity”.

Just six years later there were 1,200 government agencies working on domestic intelligence programs, and 1,900 private companies working on domestic intelligence programs in the same year.

As a result of this spread there are, notes Pearce, 4.8m people with security clearance “that allows them to access all kinds of personal information”. 1.4m have Top Secret clearance.

But the most sobering figure comes at the end: 1,600 – the number of names added to the FBI’s terrorism watchlist each day.

Predictive policing

This is the world of predictive policing that a modern journalist must operate in: where browsing protesters’ websites, making particular searches, or mentioning certain keywords in your emails or tweets can put you on a watchlist, or even a no-fly list. An environment where it is increasingly difficult to protect your sources – or indeed for sources to trust you.

Alan Pearce’s book attempts to map this world – and outline the myriad techniques to avoid compromising your sources. Continue reading

Online security for journalists: never assume you’re secure

image from xkcd

image from xkcd

With news last week of the New York Times and Washington Post being hacked recently, The Muckraker‘s Lyra McKee looks at internet security.

“They were able to hack into the computer and remotely access my Facebook account, printing out a transcript of a private conversation. Then they told me who I’d been talking to over the past week and who was on my contacts list. They’d hacked into my phone. When they first told me they could hack into computers and phones, I didn’t believe them. So they showed me.”

I was sitting at the kitchen table of one of Northern Ireland’s few investigative journalists. He was shaken.

In thirty years of reporting, Colin (not his real name) has seen things that would leave the average person traumatized. A confidante of IRA terrorists, he has shaken hands with assassins and invited them into his home for a chat over a cup of tea – as he had done with me that night.

A few weeks previous, during one visit from a source, the subject of hacking had come up. Continue reading

7 ways to blog anonymously {updated}

Following today’s landmark judgement on one blogger’s right (or not) to anonymity, I thought it might be useful to post the following tips on maintaining anonymity online.

1. Use an anonymous email account to register your blog. Hushmail is one free service that provides encrypted accounts; RiseUp is aimed at activists; MintEmail gives you a 3 hour temporary email address and FilzMail gives you one that expires after 24 hours. You could also use these to post to your blog via email. Posterous is a great blogging service that allows you to do this.

2. Make sure your IP address isn’t logged when you register or post to the blog. You could use something like Anonymizer or Tor or Psiphon. Other services that mask your IP are listed on this forum.

3. Or you could use an anonymous blogging platform. Invisiblog was one but no longer exists. BlogACause claims to be “anonymous” but I’m trying to find out exactly how UPDATE: here’s how, apparently. In the meantime, this post recommends WordPress and something like Tor.

4. Use a pseudonym that you don’t use anywhere else. If you use a pseudonym, don’t use it on other services as well, as this will make it easier to trace you. If you’re struggling, this Random Name Generator will create one for you.

5. If you’re going to register a domain name do so anonymously with a service like The Online Policy Group.

6. Be careful what information you include. Although police blogger NightJack changed or did not include names in cases he was involved in, the details were specific enough for a journalist to track him down.

7. Don’t win awards. Or book deals. It’s safe to say that a major newspaper would not have been interested in the identities of NightJack or Girl With A One Track Mind if both had remained cult underground heroes. So just pretend you’re sub-literate, OK?

For more information, the following guides go into much more detail:

More links and tips welcome. My Delicious bookmarks on anonymity are at http://delicious.com/paulb/anonymity