GlobaLeaks live launch - Venice 2011
-
Upload
globaleaks -
Category
News & Politics
-
view
2.037 -
download
2
description
Transcript of GlobaLeaks live launch - Venice 2011
![Page 1: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/1.jpg)
GlobaLeaksThe Open Whistleblowing Framework
1Tuesday, September 6, 2011
![Page 2: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/2.jpg)
Agenda
• Why does GlobaLeaks exists?
• How does it work?
• Who will use it?
• How can you hack on it? Join GlobaLeaks!
• # ./startglobaleaks
2Tuesday, September 6, 2011
![Page 3: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/3.jpg)
ARG*:GlobaLeaks Organization
• There is no hierarchy of power
• No Official Role
• Every member of GlobaLeaks is A Random GlobaLeaks Contributor|Developer|Spokesperson|Advocate
3Tuesday, September 6, 2011
![Page 4: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/4.jpg)
Why does GlobaLeaks exists
Why we want to change the world into a better place
4Tuesday, September 6, 2011
![Page 5: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/5.jpg)
Motivations
• We wish to make this world a better place
• We strive to increase transparency and accountability in our society
5Tuesday, September 6, 2011
![Page 6: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/6.jpg)
Existing Solutions
• The existing software lacked basic privacy-aware (anonymity) and security features (encryption).
• Existing projects are less open that they want to make people believe.
• Only commercial software or outsourced WhistleBlowing services
6Tuesday, September 6, 2011
![Page 7: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/7.jpg)
Research on WB
https://leakdirectory.org
SHA Fingerprint: 2F 78 1A E7 34 32 44 35 1D 68 6A DE B7 83 58 F6 11 41 BC E0
• We started a research a research on Whistleblowing on Dec 2010
7Tuesday, September 6, 2011
![Page 8: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/8.jpg)
The WB ecosystem
8Tuesday, September 6, 2011
![Page 9: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/9.jpg)
So what’s Whistleblowing?
• A whistleblower is somebody that informs of illicit activity.
• Activates citizens in their own local politics
• Activate people in their global view
9Tuesday, September 6, 2011
![Page 10: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/10.jpg)
Active citizenship “... which of two common types of character,
for the general good of humanity, it is most desirable should predominate — the active, or the passive type; that which struggles against evils, or that which endures them; that which
bends to circumstances, or that which endeavours to make circumstances bend to
itself.” John Stuart Mill, "Representative Government" (1869)
10Tuesday, September 6, 2011
![Page 11: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/11.jpg)
Transparency and Accountability
• People should start demanding transparency and enforcing it with GlobaLeaks.
• Corporations and governments will understand the need to be more transparent
11Tuesday, September 6, 2011
![Page 12: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/12.jpg)
How GlobaLeaks works
How we plan to change the World
12Tuesday, September 6, 2011
![Page 13: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/13.jpg)
The actors involved in GlobaLeaks
• The Whistleblower
• The Targets
• The Node Administrator
13Tuesday, September 6, 2011
![Page 14: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/14.jpg)
Whistleblower
• An Active citizen that is aware of some malpractice and wrongdoing
• She/He will notify the GL node of such information
14Tuesday, September 6, 2011
![Page 15: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/15.jpg)
Targets
• She/He is the person responsible for analyzing the material
• No consent
• Diversified actors as incentive
15Tuesday, September 6, 2011
![Page 16: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/16.jpg)
Node Administrator
• The person running GlobaLeaks software
• Choose the target list
• Choose the goals and objective of ther activities
• Behave depending on the context and goals
16Tuesday, September 6, 2011
![Page 17: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/17.jpg)
Interaction
node Targets
pressNGO
Audience
• the node administrator select a list of
targets • A Tulip is created
notification
download
Submission
Out
put
WhistleBlower
NodeAdministrator
17Tuesday, September 6, 2011
![Page 18: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/18.jpg)
Notification (TULIP)
• Temporary Unique Link Information Provider
• The means of communications between the target and WhistleBlower
18Tuesday, September 6, 2011
![Page 19: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/19.jpg)
TULIP
• Expires after a fixed amount of downloads and time
• Is unique to every target/material
• The data can be stored inside a flexible and configurable container (see local storage, FTP, Dropbox,Tahoe-LAFS, etc.)
19Tuesday, September 6, 2011
![Page 20: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/20.jpg)
TULIP notification
• Flexible and expandable notification system
• email, twitter, facebook, SCP, ticketing system
20Tuesday, September 6, 2011
![Page 21: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/21.jpg)
TULIP receipt
21Tuesday, September 6, 2011
![Page 22: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/22.jpg)
GlobaLeaks anonymity
• Tor Hidden Services for pubblishing
• Protection of WhistleBlower and Node maintainer
• Tor client for notifications
22Tuesday, September 6, 2011
![Page 23: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/23.jpg)
GlobaLeaks security• Authentication
• TULIP based authentication
• optional password
• Encryption (optional)
• ZIP AES, PGP container
• Applies to data and notification
• Security
• optional metadata cleanup facilities (MAT)
23Tuesday, September 6, 2011
![Page 24: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/24.jpg)
Target - Whistleblower interaction
• Send and receive comments
• WhistleBlower is able to upload more material regarding a submission
• Secure JS based chat system?
24Tuesday, September 6, 2011
![Page 25: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/25.jpg)
Who will use GlobaLeaks
Different ways of using GlobaLeaks......The Swiss Army Knife of Whistleblowing
25Tuesday, September 6, 2011
![Page 26: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/26.jpg)
Media
• Media outlets, Magazine and Journalism associations can setup a WB interface
• Collects Anonymous report by default
• Two real world use cases
26Tuesday, September 6, 2011
![Page 27: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/27.jpg)
Transparency Activism (1)
• NGO and informal activism organisations
• They will promote the GL node
• They will only promote the GL node and others will analyze the data
• Advocacy on the importance of Transparency and accountability
• Corruption spotting
27Tuesday, September 6, 2011
![Page 28: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/28.jpg)
• Break the three monkey principle
Transparency Activism (II)
28Tuesday, September 6, 2011
![Page 29: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/29.jpg)
Private Corporations
• Important tool to be integrated within the corporate organizational model
• Typically managed by internal audit
• Accountability mandated by the law
• Sarbanes-Oxley Act (USA)
• Dlgs 231 (Italy)
29Tuesday, September 6, 2011
![Page 30: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/30.jpg)
Environmental Malpractice
• Involve citizen to send photos, reports and dossiers about environmental malpractice
• Setup a node linked to environmental associations, pollution experts, journalists and environmental activists.
30Tuesday, September 6, 2011
![Page 31: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/31.jpg)
Public Agencies
• Internal and external public WB services
• USA IRS, US SEC, EU Antitrust
• Involve citizens into spotting tax evasion, market manipulation, corruption, malpractice in health
31Tuesday, September 6, 2011
![Page 32: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/32.jpg)
Ways to publish a GlobaLeaks Site
Different ways of bringing online a GlobaLeaks site depending on how you want to use it
32Tuesday, September 6, 2011
![Page 33: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/33.jpg)
Pure Hidden Service• Pros
• Submission is highly secure.
• Does not rely on legacy technologies such as SSL.
• DDOS protected.
• Location of every network entity protected.
• Requires to setup only one device.
• Cons
• Submitters must use a Tor client.
33Tuesday, September 6, 2011
![Page 34: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/34.jpg)
Hybrid: HS + tor2web• Pros
• Location of the backend storage server protected.
• Backend DDOS protected.
• Does not require clients to install any software except a browser.
• Cons
• Relies on legacy technology such as SSL.
• The tor2web node can be targeted by a DDOS or SSL man in the middle.
34Tuesday, September 6, 2011
![Page 35: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/35.jpg)
Web only solution• Pros
• Does not require clients to install any software except a browser.
• Requires to setup only one device.
• Cons
• Relies on legacy technology such as SSL.
• The location of the server is disclosed.
• It can be targeted by DDOS attacks and MITM.
• One single point of failure.
35Tuesday, September 6, 2011
![Page 36: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/36.jpg)
WTF!?... Or, how will we change the world.
36Tuesday, September 6, 2011
![Page 37: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/37.jpg)
The Tulip movement• The WB gives TULIPs
out to targets
• This is a gift to humanity
• TULIP is also used as an acronym in Calvinism
• Flower power leads to open and transparent society.
37Tuesday, September 6, 2011
![Page 38: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/38.jpg)
How can you hack on it ?
Practical way to start hacking on GlobaLeaks, have lots of fun, drink lots of wine and taste good Italian food
38Tuesday, September 6, 2011
![Page 39: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/39.jpg)
Launchpad and Bazaar
• Install bazaar, is the versioning system
• register your user at http://lauchpad.net
• our launchpad page is http://launchpad.net/globaleaks
• check out the blueprints:https://blueprints.launchpad.net/globaleaks
39Tuesday, September 6, 2011
![Page 40: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/40.jpg)
Technologies
• Python
• web2py (http:///web2py.org/book)
• MVC model
• Secure by default against web attacks
• Object Oriented
40Tuesday, September 6, 2011
![Page 41: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/41.jpg)
Delivery
• Self contained .exe
• Self contained .app
• Drag and drop install experience
• Even non techie people will run it.
41Tuesday, September 6, 2011
![Page 42: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/42.jpg)
and now...
42Tuesday, September 6, 2011
![Page 43: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/43.jpg)
brace yourselves.
43Tuesday, September 6, 2011
![Page 44: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/44.jpg)
# ./startglobaleaks
44Tuesday, September 6, 2011
![Page 45: GlobaLeaks live launch - Venice 2011](https://reader036.fdocuments.net/reader036/viewer/2022062418/5556dacfd8b42a0f028b4878/html5/thumbnails/45.jpg)
Questions?Contacs
Main site: http://www.globaleaks.orgGlobaLeaks demo: http://demo.globaleaks.orgWiki for the project: http://wiki.globaleaks.org/Planet GlobaLeaks: http://planet.globaleaks.org/Mailing list: http://globaleaks.org/mailman/listinfo/people_globaleaks.orgIRC: irc.oftc.net #globaleaksWEBCHAT: http://irc.lc/OFTC/globaleaks/webchat
45Tuesday, September 6, 2011