Schneier on Security
A blog covering security and security technology.
« Popsicle Makers a Security Threat |
| TacSat-3 "Hyperspectral" Spy Satellite »
June 24, 2010
Long, but interesting, profile of WikiLeaks's Julian Assange from The New Yorker.
Assange is an international trafficker, of sorts. He and his colleagues collect documents and imagery that governments and other institutions regard as confidential and publish them on a Web site called WikiLeaks.org. Since it went online, three and a half years ago, the site has published an extensive catalogue of secret material, ranging from the Standard Operating Procedures at Camp Delta, in Guantánamo Bay, and the “Climategate” e-mails from the University of East Anglia, in England, to the contents of Sarah Palin’s private Yahoo account.
This is only peripherally related, but Bradley Manning -- an American soldier -- has been arrested for leaking classified documents to WikiLeaks.
Another article from The Guardian, directly related to Manning.
EDITED TO ADD (7/13): More links.
Posted on June 24, 2010 at 1:13 PM
• 53 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This is, for me a good segue(sp?) into what behavior, (ticket purchasing, luggage, general profile, appearance) to follow so as to hasten my ability to pass through TSA security and on to my airline seat. IF there is an article on this already, please point me in the right direction.
Cryptome is not exactly a disinterested player here; that funding story is quite the hatchet job.
How can we verify the fact that the Wikileaks insider is actually an insider?
I mean, wouldn't you expect an insider to actually *leak* something?
I can't imagine what they need quite so much money for. The nature of the internet makes leaking things pretty easy.
> How can we verify the fact that the Wikileaks insider is actually an insider?
How can we verify that anything ON Wikileaks was leaked by an insider? And, for that matter, how can we verify that it is true, whether leaked by an insider or not?
This is not a rhetorical question; just randomly browsing about, I get the feeling that an increasing proportion of these "leaks" are planted by interested parties. It's just that more and more often I find myself tugging my beard and asking myself "do I really believe this?!?"
The ability of interested parties to muddy the waters is certainly aided by Assange's policy of not collecting information about contributors, nor recording the history of their relationship. This means that the traditional wiki trust model -- of building pseudonymous reputation -- is impossible on Wikileaks.
To take one random example. Many of the pages on Wikileaks are not leaked documents, but "analyses." By which they in fact mean, essays. Essays written by people selected, so far as I can tell, because their political views seem sympathetic to Assange's. One such essay is this:
(This example is "random" in the sense that it was literally the first thing on the front page that was in a language I can read. I had not read it before looking for this example, and in fact I do not even particularly disagree with it.)
Now, I am not unsympathetic to "Servant of Chaos's" views about internet censorship. But what may not be entirely obvious from this "analysis" is the background of its author. The information is not actually concealed, but it's at least 3 clicks away to discover that this essay was written by a publicist. A publicist who works for an internet company which, for purely commercial reasons, is opposed to the Australian government policy that their publicist is attacking in this essay.
Supposedly Wikileaks has its own verification process for leaked documents -- a process involving a panel of just 5 people. They claim never to have passed a misattributed document, but that is not true. I don't know how many misattributed documents they have up there, but I personally know of one which has been pointed out repeatedly, and never corrected. Back in February 25, 2009, this very blog covered a story about an alleged bomb plot in Maine being ignored supposedly because the (murdered) suspect was not Muslim. The story was based on an "analysis", signed by Assange himself, of a Wikileaked document which was supposedly a leaked FBI intelligence document.
In fact, the document was an unclassified bulletin by WRTAC, which was an organ of the Washington DC city government and had nothing to do with the FBI. By the time of Assange's essay, WRTAC had already withdrawn the document due to discovering that it contained serious errors. Specifically, it relied heavily on statements by the murder suspect, which investigators had deemed "not credible."
The inaccuracy of Assange's essay was pointed out in its comments page; I note that since then, posting new comments anywhere on Wikileaks has been prohibited, so the wisdom of the masses can no longer point out their errors.^W^W^W^W help them find bad documents.
So what we are left with is a group of 5 mostly anonymous people who are the sole vetters of everything on Wikileakers, with no-one else's checking allowed. Assange himself asked "How is it that a team of five people has managed to release to the public more suppressed information, at that level, than the rest of the world press combined?" Well, how indeed? In the 4 years since it started up, it is not even possible for five people to have actually read all of Wikileaks' documents, never mind vetted them.
@u "How can we verify the fact that the Wikileaks insider is actually an insider?"
Pretty much the same way we tell if "unnamed administration offical" IS a part of the administration.
Quality of the Content +
Reaction of the organization + integrity of the reporter.
@Anonymous "an increasing proportion of these "leaks" are planted by interested parties."
Well yeah. They always have been.
But if you mean that the leaks are coming from those with power as opposed to those gallant whistleblower fighting for the ordinary guy. Well yeah. Always have been. Not to the level of a document or manual or thousands of cables.
Most egregious case is probably the Bush administrations disclosure of a CIA identity and their leaking of information so they could then dispute/agree with "that view" on the talking head shows. While the argument I heard (not from them but from the cheap seats) was He's the President/VP they have the ability to declassify classified information. The dynamic is different.
"Trust us" says the administration "if you knew what we knew. You'd wet yourself". They hold a monopoly on certain information and it's difficult to dispute someone's facts and reasoning when you can't get access to them.
So there's a difference between a President declassifying information as was done with the National Intelligence Estimate, and a VP ordering his staff to leak classified information strategically to influence public opinion to support Administration aims and goals.
But they've been doing it for so long because "what's good for the Administration politically is in the interest of National security" that makes everything all right.
Problem is when lower echelon folk see this personal use of classified information it sets a bad example.
"They are using it for their own purposes; why shouldn't I make a couple extra bucks or a reputation with hackers, or because it's morally right to me."
I hadn't actually realised this until reading this posting, then jumping to the Wikipedia and "New Yorker" articles on Assange, but -- his finances definitely are a little eyebrow raising.
He comes from a broken family, and had a spotty career and many legal troubles that saw him more or less broke in 1999. From c. 2000 to sometime in 2006, he was a university lecturer -- a respected but not highly paid job.
Then since 2006 he has supposedly worked full time for Wikileaks, and claims that this is without drawing any income from it. During this time he has had almost constant international travel and at one point had homes in two countries. Well, if he is not working for anyone, and not receiving any of Wikileaks' donations, what is he living on?
When Stefan Mey asked him this, he airily replied "I have made money on the Internet":
Made money on the internet doing what? Day trading? Or founding an information brokerage? (In the same interview he also states that people are the biggest expense at Wikileaks, but also that no-one is paid ... )
So when "Wikileaks Insider" claims that Assange lives by spending Wikileaks donations without accountability, well, it is at least plausible.
I just finished the rest of your post. Good analysis.
I would say that it's RARE when you can find the interested party as you were able to. It's become less rare in the age of the internet and John Stewart is making a good living showing how people in congress talk out of both sides of their mouths at the same time. (good trick). But even if there are interests behind a particular argument and view doesn't make it invalid. We expect people and organizations to advocate for themselves.
But we never really have that reporter integrity value completely defined.
You can trust Walter Cronkite and Bob Woodward. I also trust the honored dead.
Can you trust Fox? (Fox went to court to defend their 1st ammendment right to tell deliberate lies in the factual statements of their reportage). But people do. Even though they are somewhat aware that news organizations are being integrated into global corporate conglomerates where as a buisness unit they are expected to support company goals.
So where does that leave us?
Critical thinking and Facts. Facts can be tested. If someone is wrong, or lies, about a fact then rule 1 applies. 'They are bogus and should be dismissed out of hand.'
I would like to see someone do an independent review of the security and identity protecting claims wikileaks makes, in terms of how they protect those who submit information.
Of course Cryptome is not neutral, but the material posted on it's own website is still worth a read and it is worth knowing that Cryptome's founder originally registered the wikileaks domain name, so has a vested interest in making things transparent. The original emails of the discussion that led to wikileaks has also be posted on Cryptome.
@WhiteNoise "independent review"
A SAS70 audit maybe?
@u "How can we verify the fact that the Wikileaks insider is actually an insider?"
In an interview (sorry couldn't find a quote) Assange said that Wikileaks isn't checking the people or insiders, they are testing the documents themselves for authenticity only.
WikiLeaks On document testing:
And it does make sense: even a validated source could give wrong information, knowingly or not.
And intense checking of a source's personal details may even expose him or her since it involuntarily leaves traces in whatever channels used for checking.
Regarding the Cryptome critique of WikiLeaks, it sure is good to check if they can offer what they promise and don't overdo it on expenses (like some major NGOs did and still do), but as long as there is only a limited number of alternatives to WikiLeaks we can just hope Assange knows what he is doing.
Maybe Iceland's initiative in becoming a safe haven for whistleblowing orgs will bring us more choice in the future.
The "Wikileaks Insider" is unknown to Cryptome. There have been others designated by that term as sources for Wikileaks statements: http://cryptome.org/wikileaks-auth.htm.
If Wikileaks can generate funds to support itself for expanded operations that is a good thing. If a few become wealthy in the process that is an alluring Internet jackpot a slew of folks have hit.
Less glamorously, Cryptome would like to see the Wikileaks website return to providing bountiful documents in lieu of promotional tweets and overly dramatic public statements about bombshell videos. This promotional churn is not up to the high standard of Wikileaks admirable supply of forbidden information.
Why Wikileaks is no longer publishing the valuable documents it claims to be receiving by the thousands each month by persons putting themselves at risk has not been explained.
It is hoped that the site and its valuable hoard is not being held hostage or worse, being forced to perform a role contrary to its original purpose.
Bruce, I just thought I'd comment that I am a huge fan of your linking style. Linking every word in a complete sentence to a different article on the same subject is masterful.
The best commentary on Manning's arrest is from Glenzilla:
He points out the history between Adrian Lamo and the Wired journalist, as well as some less than above board behavior on the journalist's behalf.
Terrific articles and commentary. Thanks for showing the bigger picture.
I was reflecting about the whistleblower program about how many good people we have in our government who are prevented from coming forward. This idea of internal safeguards for these programs is shown to be a myth by the way the whistleblowers are treated.
I feel empathy for the good people at the NSA and other places who can't come forward. I wish other branches of government were protecting whistleblowers instead of punishing them.
It looks like things have to come out to the public eye in our country to be cleaned up, and the people who bring them out to the public eye aren't necessarily saints, but once the information is out change comes. It reminds me of the story about the folks who brought the COINTELPRO info to the fore. The folks who broke the COINTELPRO info were not saints, but what they revealed allowed our judiciary to function.
Regarding Wikileaks finances
@cryptome opins "thing. If a few become wealthy in the process that is an alluring Internet jackpot a slew of folks have hit."
If Wikileaks was a straight up buisness venture no argument. But it's a declared non-profit isn't it? It's not fighting the good fight to make profit but to right wrongs and expose scoundrels. So it gets a lot of volunteers who share its stated ideals and are willing to donate their own time and fortune.
But if you asked them "Hey man you're going to volunteer, and give me labor and money and I'm going live the high life off it." Well the volunteers would tell him to go stuff it. That sounds a LOT more like oh say PTL or Rasneesh or the Catholic Church.
Transparency is a control against embezzelment and misappropriation of funds.
But here's the problem I see.
This is an organization that has set itself to get up the collective nose of every powerful secret keeper on the planet. (Ellsberg has a point he was only pursued by an incompetent FBI who didn't bother to look around his neighborhood in Cambridge, MA. The US has since adopted and Obama accepts the principal of rendition. and Lieberman/McCains Belligerent detention bill would give the military the right to detain anyone in the world (including US citizens on US soil) at the say so of the President. Reviewable only by a limited group in Congress.)
So Wikileaks is now/is going to be attacked. Probably not by hard kill (at least from the US Government; Swiss Bankers now...different story). The more an organization documents itself the easier an attacker has of going after and pressuring/arresting donors, DoSing communications, turning individuals with the org, causing evictions from properties, harrassments, tax wars.
Wikileaks security is only paritally (and maybe the minority part) a technology issue.
Too bad the IC isn't being smart about it. Me? I'd go through my intel files and start disclosing my enemies secrets on it, set traces up that lead back to individuals I wanted to damage and away from my sources.
They have a lot of trips, hardware and bandwidth going on. They might even have to pay those engineers or bribe officials in certain countries. Anonymity is hardly efficient. It's why I'm pseudonymous. ;)
@ BF Skinner
I like your formula for vetting the articles. It's hard to tell if they are trustworthy, in light of some of the comments and stories. I think the documents that they personally work hard on, like the unedited video footage, are trustworthy. My reason will probably be controversial: they are mentally insane. I think they suffer from constant Asperger's and occasional paranoid schizophrenia. They seem to effectively channel the schizophrenic episodes to prevent a negative impact on work quality. The hyperfocused mindset that comes from Asperger's is probably the reason for the quality of their personal submissions. If anything, I'd trust them less if they were normal people trying to live that way.
Does that make any sense? Any thoughts on a possible Asperger's condition existing and improving their performance (or trustworthiness) in reporting of this nature?
Quite a few folks (or one douche trying to pretend to be a few folks) keep making references to stuff by "Wikileaks Insider" linked to on Cryptome, trying to portray it as if the material itself was generated by Cryptome, and as if the soi-disant 'insider' has actual provenance.
EVERY SINGLE ONE of the Cryptome links referenced above, is a link in which Cryptome links to an external posting (mostly on a PGP group) - most of which consist of this self-styled 'insider' who has an obvious personal gripe with Julian Assange.
SRSLY? That's the best that the plant-trolls can come up with? Relying on the stupidity of Americans, hoping that they will immediately associate anything presented on a site as being AUTHORED by the site on which it appears? What contempt for the audience.
Folks ought to be directing their spleen at Lamo (who is a sad dickhead who thinks that guessing his sisters' password is 'hacking' 'crypto') rather than trying to paint Assange as some sort of self-promoting demagogue.
He's a lightning rod, who has helped take the pressure off a bunch of other folks by attracting attention (and surveillance resources) toward himself.
Meanwhile a bunch of folks are currently combing through TONS of material trying to cleanse it of 'barium meals' that would otherwise enable trace-ability back to sources.... while working inside an encrypted distributed network (slow, slow, slow).
Make no mistake about the end game: the good guys win.
GT (if the whiner is an actual "Wikileaks Insider" then I'm Jesus, and I killed Hitler... send me money).
Oh - and while I think of it... are none of you aware of the detailed plan to attempt to discredit Wikileaks - via deception, smear and planting of 'poison pill' leaks - in a bid to try to bludgeon would-be leakers into silence?
It was an internal police-state security-apparatus (FGestapo or NVKD, I forgert which)... that got leaked to Wikileaks within a day of its promulgation. And imagine their wrath when the version that was uploaded had been stripped of its radium meal.
Obviously the Gestapo can't find any decent tech folks who are prepared to work for the pittance they pay, so they need to employ intellectual equivalent of cannon-fodder to turn up in newsgroups (and to send to relays in the hope of finding a gullible ear).
GT (Jesus the Man Who Killed Hitler and Saved Democracy and all the Children)
@ WhiteNoise & Cryptome
What is the point of an "independent security review" of WikiLeakS.org, when the website currently has no "secure" online whistleblower upload methods any more ?
# WikiLeakS.org allowed the only PGP Public Encryption / Digital Signing key (0x11015F80) which they publicised on their website, i.e. the only one which could be trusted, to expire on 2nd November 2007
# WikiLeakS.org stopped their Tor Hidden Service method of accessing the website and of securely submitting whistleblower leaked document around Christmas 2009, when they took the website down to beg for more money. i.e. no more http://gaddbiwdftapglkq.onion/
# When the WikiLeakS.org website returned partially in May 2010 after their fund-raising strike, the only method of securely submitting a document to them was via their SSL/TLS encrypted web page.
This used an old , deprecated, RapidSSL Digital Certificate, with a potentially forgeable MD5 signed Digital Certificate. This Digital Certificate expired on 12th June 2010 and has not been replaced.
The supposedly secure document submission system via https://secure.wikileaks.org has been disabled.
# The current WikiLeakS.org website no longer even qualifies as a "wiki", as new online Discussions have been turned off.
# There have been no new whistleblower leaked documents submitted via the website, actually published on WikiLeakS.org for at least 6 months
I haven't verified your claims, but I have noticed that Wikileaks seems to have lost momentum. I see a few possibilities. Assange took the money and ran. They might have some new people who suck at what they are doing, replacing the older people who quit when Wikileaks unofficially became an enemy of the US gov.'t. They might be changing their format. One of Bruce's articles did note that many models have been tried and failed to garner interest or peer review for published documents. If their documents are just gathering dust, why keep publishing them? Their helicopter video got 7 million views thanks their editing and commentary skills. They might have slowed down because they are adopting that presentation style for other releases. Wouldn't explain the security lapses if they exist, but Assange is known to be forgetful of the little things even when they are big things.
The real story behind Wikileaks is not Wikileaks it's self, that is just an "instance" of a whistle blower release site.
The real story is how do you set up a secure system to do the same.
It has been noted by many that various political entities need to hide their activities from the very top to the grubiest of parasites on the bellies of the bottom feeders.
There should not be one wikileaks" but many.
On a related note the BRUSA (UK-USA) agrement gets released today it should make interesting bed time reading 8)
@NickP: you're falling for a campaign aimed at numpties. Taking each of "No S"' points in turn -
(1) It takes about 30 seconds to find the new PGP key for WikiLeaks secure submission - if I had my way this method would be deprecated as it does not encrypt and distribute the incoming material immediately.
(2) Anyone who wanted to use a submission mechanism similar to the Tor service (xxxx.onion) can submit MORE securely via freenet (again, can find the mechanism within 5 minutes, and can download and install freenet in ten, and be darknetted in 25);
(3), (4) and (5) - see the comment about freenet.
Yes, it has become somewht more difficult for a 'vanilla' person to upload material, and in some sense there is a quiet campaign to discourage the use of 'vanilla' HTTP/HTTPS/SFTP/SCP (and even SSL) connections - for the obvious reason of traceability (I hate that word...) and the requirement to avoid having a 'beacon' file uploaded, which would enable the location of distribution nodes (by reporting back the IP address of its storage site).
Note - I am actually in favour of private agents who embed beacons in illegal porn in order to find degenerates (and submit them to 'adverse life events'). I'm not in favour of state agents who do the same thing.
Folks who slend more than half an hour trying, will be furnished with detailed instructions on how to deploy MORE secure solutions, in ways that protect them from beacons and barum meals.
Anyhow - anybody who thinks that the full-court press to 'whte-ant' Julian Assange/WikiLeaks is actually achieving anything, is mistaken unless by 'anything' they mean 'convincing people who are as dumb as a bag of hammers' and/or 'preparing the ground for further violations of liberties'.
The endgame: the good duys win. Everyone really ought to get that through their skulls.
And we all know that we would be stupid to trust Iceland as a 'haven': the political class in iceland is made up of... wait for it... politicians, who are vermin who will throw whistleblowers under a bus the moment it becomes expedient. Ask anyone with a Swiss bank account.
Jesus' Better Looking Big Brother
The Man Who Killed Hitler, Freed Moses, and taught David how to use a slingshot
Correction - to me more precise I should not have written
"Note - I am actually in favour of private agents who embed beacons in illegal porn in order to find degenerates (and submit them to 'adverse life events'). I'm not in favour of state agents who do the same thing."
I should have written
"Note - I am actually in favour of private agents who embed beacons in files which overtly claim to be illegal porn, which are distributed in order to find degenerates (and submit them to 'adverse life events'). I'm not in favour of state agents who do the same thing."
The good guys don't distribute ACTUAL illegal pornography in order to try and trace degenerates. That would require the maintenance of a store of the stuff, which would be sick - all that needs to be pushed is a file of random rubbish with an appropriately degenerate file description (so that anybody who downloads it is obviously looking for something depraved and therefore is OrgA-permissible). Decrypting switches on the beacon, and bingo - gotcha.
Anyone who knows how 4chan tracks down sickos, knows how it's done.
@ Nick P - verification is easy - just follow the instructions on the WikiLeakS.org website and you will see that the https://secure.wikileaks.org "secure submission" system has been disabled.
The Apache helicopter video was not published via the WikiLeakS.org secure submission system and website - they set up the dedicated http://CollateralMurder.com website and used YouTube etc. to stream the videos instead.
@ GT - The only mention of Freenet on the WikiLeakS.org website has been their initial, misleading claims about which technologies the site used, or perhaps intended to use.
There has never been any publication of a Freenet id key on the WikiLeakS.org website.
Have there ever been any whistleblowers who chose to use Freenet, above all other possible methods, to publish their revelations and whose story was then picked up by the mainstream media, external regulators, politicians or the general public ? I have never heard of a single such case.
Given the technical security knowledge and fast internet access needed to set up a Freenet node securely, before you can even upload a single whistleblower leak document, this is likely to remain true for a long time.
Publishing on a darknet, between already trusted friends and contacts, is not the same as making supposedly anonymously and securely uploaded documents available for download and commentary and analysis, by a very large world wide web audience including, crucially, lots of short attention span, time and budget limited mainstream media journalists and broadcasters i.e. what WikiLeaksS.org used to allow a few people to do, for a couple of years.
@ Clive Robinson
"There should not be one wikileaks" but many."
That has been one of the WikiLeakS.org statements or aspirations in the past.
Hopefully others will have learned from the successes and mistakes of WikiLeakS.org project.
What would you be willing to contribute to a different WikiLeakS.org style project ?
"What would you be willing to contribute to a different WikiLeakS.org style project ?"
A Freenet appliance with manual written for lay audience. Leaked document would be encrypted with 256-bit random-as-possible key. Shamir Sharing scheme would be used to split the key among many channels to ensure only the Wikileaks' people got the document(s). They can then use their technical expertise and internal systems to do the rest. Assuming good manual and implementation, the security of the protocol should be at least as strong as its critical components and anonymity as strong as freenet and cost/feasibility of eavesdropping on enough channels. Redundancy and diversity of implementation can be used to improve trust of any given component.
Is Wikileaks a good idea? Certainly!
Has it achieved its full potential? No !
Do people support Wikileaks after reading about it in international media including New Yorker, BBC, New York Times, Washington Post, ABC, NBC? Not really! If the public really supported it they would have donated to it like they donate to Greenpeace. Wikileaks was shut for many months and has not uploaded anyting for 2 months. Does it seem that this site has sustained public backing?
I think the main reason the public do not support this idealistic cause is that Wikileaks refuses to audit any donations. Is there not a single person in EFF or Greanpeace they can trust to do a confidential audit while protecting the identities of every donor?
The second reason that the public is hesitant about Wikileaks is that they may be killing stories. The well regarded Ex New York Times reporter Jennifer 8 works as a Wikileaks volunteer. She is also on the Independant Advisory Board hired by Knights Foundation which 'recommended' Wikileaks application for an $500,000 grant. Despite the Independant Advistory Board's recommendation, Knight Foundation did not give Wikileaks the half a mill $. Do you think Wikileaks with ever publish such inside stories because its volunteer also works with the Knight Foundation? Should Knight Foundation ever give funds to any organization if it cannot provide an audit of the money?
The great idea of Wikileaks can be realized only if there is some way to ensure donations cannot be misused. And some good stories are not killed just because a Wikileaks volunteer works in that organization.
Last but not the least, how can Wikileaks really assure some courageous whistleblowers that their communications are not being intercepted by NSA, Russian and Chinese spy agencies? Does anyone really believe that NSA lacks the tech expertise to monitor every aspect of Wikileaks? While Assange may live the good life in Iceland, the intelligence services of many countries will pick up whistleblowers in their countries based on electronic intercepts.
I respect Cryptome for what they tell all whistleblowers - Don't blindly trust Cryptome, only trust your good judgment.
Wikileaks will work well only if ironically it became a bit more transparent about itself.
@ Nick P
A Freenet manual written for lay audience would be welcome, especially one illustrated with step by step configuration examples suitable for protecting the online anonymity of a whistleblower leak source.
It is too easy to make the wrong choices, leading to either an installation of Freenet which offers little or no IP connection address anonymity or one which is so locked down as to be unusable.
"Leaked document would be encrypted with 256-bit random-as-possible key."
Does "random as possible" also include the known weak keys special cases in various cryptographic algorithms ?
"Shamir Sharing scheme would be used to split the key among many channels to ensure only the Wikileaks' people got the document(s). "
How is this superior to properly countersigned, WikiLeakS.org PGP Keys and / or Digital Certificates, published on their public webservers ?
How could you reassure a sceptical potential whistleblower like me, that your Freenet appliance knows where the genuine WikiLeakS.org people are, for the purpose of entrusting my confidential data to them and only to them, initially at least ?
"I think the main reason the public do not support this idealistic cause is that Wikileaks refuses to audit any donations. Is there not a single person in EFF or Greanpeace they can trust to do a confidential audit while protecting the identities of every donor? "
I totally agree that their lack of financial transparency makes them inherently untrustworthy, especially for large potential financial donors.
Publishing some professionally audited financial accounts, just like lots of other voluntary pressure groups and campaigns do, all around the world, is not that difficult.
It is ironic that the best mechanisms to protect the anonymity of WikLeakS.org financial donors, are actually the same "offshore tax haven" techniques used by rich people and corporations, which WikiLeakS.org activists, with their anti-capitalist political bias, so gleefully exposed in the Bank Julius Baer and Barclays etc. "leaks".
Despite a surge in mostly laudatory media portraying Wikileaks as a fearless, unstoppable outlet for documents that embarrass corporations and overbearing governments, the site has published only 12 documents since the beginning of the year, the last one four months ago.
And on June 12, Wikileaks’ secure submission page stopped working after the site failed to renew its SSL certificate, a basic web protection that costs less than $30 a year and takes only hours to set up.
Wikileaks still prominently displays a link on its homepage to a secure submission form for whistleblowers to upload documents. But the page doesn’t load. The site’s donation page remains reliably available. Wikileaks’ head Julian Assange declined to comment.
This is interesting. "Swedish authorities have issued an arrest warrant for Wikileaks founder Julian Assange on suspicion of molestation and rape." Guardian Maybe it was just a crush.
according to the FT site the Sweddish prosecutor has droped the charges relating to Mr Assange's visit last week as apparently "we do not belive Mr Assage commited rape."
Apparently Mr Assange told a reporter that he was told to be aware of dirty tricks...
The question arises if there is insufficient evidence to support the charge of rape what happens to the person making the allegation against Mr Assange...
As they say "watch this space"...
There are other reasons than legal for WikiLeaks setting up a 'bunker' in Iceland: the society is very close knit, outsiders stand out and here are vast areas of totally flat empty land where a rabbit could not approach within 5 km without being very visible. This makes it almost impossible for those how would like to "vanish" you to get close to your physical location undetected.
This is controlled leak. When The Afghan War Diary is simultaneously given to reporters from The New York Times, The Guardian and Der Spiegel, and the US government only "strongly condemns" it means that they're willingly letting you read something that would never have gone public if it was important, secret or in the nature of harming the agenda of the US foreign policy.
Accessed your site for the first time today and read some of the comments. Most are tame and nothing out of the ordinary. But one from July hit me: about how "Cryptome never publishes anything really interesting" followed by a link to what the writer presumably thinks is interesting - a NASA site. So I accessed it and read what was there. There is nothing interesting there -- except that the work described is technically obsolete and reads like a college term paper by a non-technical person. The examples of code provided look like "Easy C", a "C" programming language used by high school students to program their robots for the annual FIRST robotics competition, which is a blend of the "C" programming language and assembly dissassembler mneumonics. Frankly, the low technical quality is easily explained by referencing the points of contact: Raytheon, DAI - insider defense contractors. The NASA employees are probably the project managers. Pretty sad!!
I read an article in the Sept 2nd issue of Rolling Stone where they interviewed some guy Jonathan Applebaum from wikileaks, it was titled "The most dangerous man in cyberspace".
In the article it said he was promoting the use of Tor to hide the leaker's identity. I stumbled across Tor a year or so ago and was intrigued that it was developed by U.S. Naval Research and was given away to the public so now anyone can download it and use it for free for "anonymity". That just didn't smell right, generally the military-industrial complex doesn't engage in a whole bunch of development work in order to give it away to the public so we can regain some of our freedom and privacy.
So I installed it and fired it up with the default settings. And the first place I went was to whatismyip.com, and lo and behold my ip address according to them now appeared to be coming from Fort Meade, Maryland, particularly from the NSA headquarters itself, apparently they weren't trying to be slick about it, the DNS entry for the ip address literally said "NSA Headquarters". I guess with the default settings that was my Tor exit point, and with Tor, based on my limited understanding, the entry and exit points of the network can intercept the whole of your traffic, its only in between where it gets scrambled around.
But I guess, yeah, if you're going to spill the beans I'd definitely get someone who knows their way around encryption and whats really going on under the hood of these so called anonymizer products.
So I installed it and fired it up with the default settings. And the first place I went was to whatismyip.com, and lo and behold my ip address according to them now appeared to be coming from Fort Meade, Maryland, particularly from the NSA headquarters itself, apparently they weren't trying to be slick about it, the DNS entry for the ip address literally said "NSA Headquarters".
haha, that would be typical...
US government "services" could well be behind some other internet services as well, such as "free on-line email accounts", search, etc
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.