globaleaks live launch - venice 2011
DESCRIPTION
GlobaLeaks aims to become the first Open Source Whistleblowing Framework. We wish to empower anyone to easily setup and maintain their own whistleblowing platform for use in very different environments: media, corporation, public agency, activists. It's developed with security features that support anonymous, censorship-resistant communications along with strong data encryption. The final goal is the creation of a network of independent organizations (even individuals) running GlobaLeaks powered Whistleblowing platform. These will allow anonymous submission of reports and material to interested targets providing maximum impact at a local/regional and context specific level. Demo launch http://www.globaleaks.org/news/#TRANSCRIPT
![Page 1: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/1.jpg)
GlobaLeaksThe Open Whistleblowing Framework
1Tuesday, September 6, 2011
![Page 2: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/2.jpg)
Agenda
• Why does GlobaLeaks exists?
• How does it work?
• Who will use it?
• How can you hack on it? Join GlobaLeaks!
• # ./startglobaleaks
2Tuesday, September 6, 2011
![Page 3: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/3.jpg)
ARG*:GlobaLeaks Organization
• There is no hierarchy of power
• No Official Role
• Every member of GlobaLeaks is A Random GlobaLeaks Contributor|Developer|Spokesperson|Advocate
3Tuesday, September 6, 2011
![Page 4: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/4.jpg)
Why does GlobaLeaks exists
Why we want to change the world into a better place
4Tuesday, September 6, 2011
![Page 5: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/5.jpg)
Motivations
• We wish to make this world a better place
• We strive to increase transparency and accountability in our society
5Tuesday, September 6, 2011
![Page 6: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/6.jpg)
Existing Solutions
• The existing software lacked basic privacy-aware (anonymity) and security features (encryption).
• Existing projects are less open that they want to make people believe.
• Only commercial software or outsourced WhistleBlowing services
6Tuesday, September 6, 2011
![Page 7: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/7.jpg)
Research on WB
https://leakdirectory.org
SHA Fingerprint: 2F 78 1A E7 34 32 44 35 1D 68 6A DE B7 83 58 F6 11 41 BC E0
• We started a research a research on Whistleblowing on Dec 2010
7Tuesday, September 6, 2011
![Page 8: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/8.jpg)
The WB ecosystem
8Tuesday, September 6, 2011
![Page 9: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/9.jpg)
So what’s Whistleblowing?
• A whistleblower is somebody that informs of illicit activity.
• Activates citizens in their own local politics
• Activate people in their global view
9Tuesday, September 6, 2011
![Page 10: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/10.jpg)
Active citizenship “... which of two common types of character,
for the general good of humanity, it is most desirable should predominate — the active, or the passive type; that which struggles against evils, or that which endures them; that which
bends to circumstances, or that which endeavours to make circumstances bend to
itself.” John Stuart Mill, "Representative Government" (1869)
10Tuesday, September 6, 2011
![Page 11: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/11.jpg)
Transparency and Accountability
• People should start demanding transparency and enforcing it with GlobaLeaks.
• Corporations and governments will understand the need to be more transparent
11Tuesday, September 6, 2011
![Page 12: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/12.jpg)
How GlobaLeaks works
How we plan to change the World
12Tuesday, September 6, 2011
![Page 13: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/13.jpg)
The actors involved in GlobaLeaks
• The Whistleblower
• The Targets
• The Node Administrator
13Tuesday, September 6, 2011
![Page 14: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/14.jpg)
Whistleblower
• An Active citizen that is aware of some malpractice and wrongdoing
• She/He will notify the GL node of such information
14Tuesday, September 6, 2011
![Page 15: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/15.jpg)
Targets
• She/He is the person responsible for analyzing the material
• No consent
• Diversified actors as incentive
15Tuesday, September 6, 2011
![Page 16: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/16.jpg)
Node Administrator
• The person running GlobaLeaks software
• Choose the target list
• Choose the goals and objective of ther activities
• Behave depending on the context and goals
16Tuesday, September 6, 2011
![Page 17: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/17.jpg)
Interaction
node Targets
pressNGO
Audience
• the node administrator select a list of
targets • A Tulip is created
notification
download
Submission
Out
put
WhistleBlower
NodeAdministrator
17Tuesday, September 6, 2011
![Page 18: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/18.jpg)
Notification (TULIP)
• Temporary Unique Link Information Provider
• The means of communications between the target and WhistleBlower
18Tuesday, September 6, 2011
![Page 19: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/19.jpg)
TULIP
• Expires after a fixed amount of downloads and time
• Is unique to every target/material
• The data can be stored inside a flexible and configurable container (see local storage, FTP, Dropbox,Tahoe-LAFS, etc.)
19Tuesday, September 6, 2011
![Page 20: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/20.jpg)
TULIP notification
• Flexible and expandable notification system
• email, twitter, facebook, SCP, ticketing system
20Tuesday, September 6, 2011
![Page 21: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/21.jpg)
TULIP receipt
21Tuesday, September 6, 2011
![Page 22: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/22.jpg)
GlobaLeaks anonymity
• Tor Hidden Services for pubblishing
• Protection of WhistleBlower and Node maintainer
• Tor client for notifications
22Tuesday, September 6, 2011
![Page 23: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/23.jpg)
GlobaLeaks security• Authentication
• TULIP based authentication
• optional password
• Encryption (optional)
• ZIP AES, PGP container
• Applies to data and notification
• Security
• optional metadata cleanup facilities (MAT)
23Tuesday, September 6, 2011
![Page 24: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/24.jpg)
Target - Whistleblower interaction
• Send and receive comments
• WhistleBlower is able to upload more material regarding a submission
• Secure JS based chat system?
24Tuesday, September 6, 2011
![Page 25: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/25.jpg)
Who will use GlobaLeaks
Different ways of using GlobaLeaks......The Swiss Army Knife of Whistleblowing
25Tuesday, September 6, 2011
![Page 26: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/26.jpg)
Media
• Media outlets, Magazine and Journalism associations can setup a WB interface
• Collects Anonymous report by default
• Two real world use cases
26Tuesday, September 6, 2011
![Page 27: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/27.jpg)
Transparency Activism (1)
• NGO and informal activism organisations
• They will promote the GL node
• They will only promote the GL node and others will analyze the data
• Advocacy on the importance of Transparency and accountability
• Corruption spotting
27Tuesday, September 6, 2011
![Page 28: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/28.jpg)
• Break the three monkey principle
Transparency Activism (II)
28Tuesday, September 6, 2011
![Page 29: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/29.jpg)
Private Corporations
• Important tool to be integrated within the corporate organizational model
• Typically managed by internal audit
• Accountability mandated by the law
• Sarbanes-Oxley Act (USA)
• Dlgs 231 (Italy)
29Tuesday, September 6, 2011
![Page 30: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/30.jpg)
Environmental Malpractice
• Involve citizen to send photos, reports and dossiers about environmental malpractice
• Setup a node linked to environmental associations, pollution experts, journalists and environmental activists.
30Tuesday, September 6, 2011
![Page 31: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/31.jpg)
Public Agencies
• Internal and external public WB services
• USA IRS, US SEC, EU Antitrust
• Involve citizens into spotting tax evasion, market manipulation, corruption, malpractice in health
31Tuesday, September 6, 2011
![Page 32: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/32.jpg)
Ways to publish a GlobaLeaks Site
Different ways of bringing online a GlobaLeaks site depending on how you want to use it
32Tuesday, September 6, 2011
![Page 33: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/33.jpg)
Pure Hidden Service• Pros
• Submission is highly secure.
• Does not rely on legacy technologies such as SSL.
• DDOS protected.
• Location of every network entity protected.
• Requires to setup only one device.
• Cons
• Submitters must use a Tor client.
33Tuesday, September 6, 2011
![Page 34: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/34.jpg)
Hybrid: HS + tor2web• Pros
• Location of the backend storage server protected.
• Backend DDOS protected.
• Does not require clients to install any software except a browser.
• Cons
• Relies on legacy technology such as SSL.
• The tor2web node can be targeted by a DDOS or SSL man in the middle.
34Tuesday, September 6, 2011
![Page 35: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/35.jpg)
Web only solution• Pros
• Does not require clients to install any software except a browser.
• Requires to setup only one device.
• Cons
• Relies on legacy technology such as SSL.
• The location of the server is disclosed.
• It can be targeted by DDOS attacks and MITM.
• One single point of failure.
35Tuesday, September 6, 2011
![Page 36: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/36.jpg)
WTF!?... Or, how will we change the world.
36Tuesday, September 6, 2011
![Page 37: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/37.jpg)
The Tulip movement• The WB gives TULIPs
out to targets
• This is a gift to humanity
• TULIP is also used as an acronym in Calvinism
• Flower power leads to open and transparent society.
37Tuesday, September 6, 2011
![Page 38: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/38.jpg)
How can you hack on it ?
Practical way to start hacking on GlobaLeaks, have lots of fun, drink lots of wine and taste good Italian food
38Tuesday, September 6, 2011
![Page 39: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/39.jpg)
Launchpad and Bazaar
• Install bazaar, is the versioning system
• register your user at http://lauchpad.net
• our launchpad page is http://launchpad.net/globaleaks
• check out the blueprints:https://blueprints.launchpad.net/globaleaks
39Tuesday, September 6, 2011
![Page 40: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/40.jpg)
Technologies
• Python
• web2py (http:///web2py.org/book)
• MVC model
• Secure by default against web attacks
• Object Oriented
40Tuesday, September 6, 2011
![Page 41: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/41.jpg)
Delivery
• Self contained .exe
• Self contained .app
• Drag and drop install experience
• Even non techie people will run it.
41Tuesday, September 6, 2011
![Page 42: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/42.jpg)
and now...
42Tuesday, September 6, 2011
![Page 43: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/43.jpg)
brace yourselves.
43Tuesday, September 6, 2011
![Page 44: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/44.jpg)
# ./startglobaleaks
44Tuesday, September 6, 2011
![Page 45: GlobaLeaks live launch - Venice 2011](https://reader036.vdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/45.jpg)
Questions?Contacs
Main site: http://www.globaleaks.orgGlobaLeaks demo: http://demo.globaleaks.orgWiki for the project: http://wiki.globaleaks.org/Planet GlobaLeaks: http://planet.globaleaks.org/Mailing list: http://globaleaks.org/mailman/listinfo/people_globaleaks.orgIRC: irc.oftc.net #globaleaksWEBCHAT: http://irc.lc/OFTC/globaleaks/webchat
45Tuesday, September 6, 2011