Office of the Privacy Commissioner of Canada
Canada has some of the best laws for protecting individual Privacy. The Office of the Privacy Commissioner of Canada is relatively powerful, compared with the deliberately weakened schemes in other countries e.g. United Kingdom or, the vast majority of countries which have no such protection at all.
They now have a reasonably well encrypted Privacy Complaint web form with a registration / feedback mechanism
Using this Privacy Complaint web form, we pointed out to them that they were allowing deprecated SSL 2.0 protocol on their https:// secure website (vulnerable to cipher strength down grade attacks). This has now been rectified.
Contact: Anne-Marie Hayden Tel: (613) 995-0103
Non-journalists are invited to contact our Information Centre. Please call 1-800-282-1376 (toll free) or (613) 947-1698 and ask to speak with an Information Officer.
Address: 112 Kent Street Ottawa, ON K1A 1H3 Fax: (613) 995-1139
Social Media / Networks
Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.
Financial Donation methods
No - Canadian taxpayer funded
Currently accepting submissions of whistleblower leaks ?
Explicit promises about Anonymity, Privacy or Security
Yes - the OPCC is a pioneer in advocating the use of Privacy and Security audits and policies etc.
Restrictive legal Terms & Conditions
Practical Advice on preserving Whistleblower Anonymity
Some words of warning to delete the (.pdf) version of your Complaint if you are using a public internet cafe etc.
Leak Submission Encryption
Digital Certificate fingerprints published on their website:
Qualsys SSLLabs SSL Server Test rating:
Overall rating: **B **
Overall rating: A 
Protocol Support: 85
Key Exchange 90
Cipher Strength: 90
Still allows the obsolete, deprecated SSL 2.0 protocol (which is vulnerable to cipher strength downgrade attacks) and is vulnerable to the BEAST man-in-in-the-middle attack.
The SSL ver 2.0 and BEAST vulnerabilities have now been rectified
PGP Public Encryption Key
TOR Hidden Service
Hushmail Secure Form
Content Delivery Network
Content Delivery Networks can provide scalable multimedia bandwidth and resistance to Denial of Service attacks, but sometimes this comes at the price of extra tracking and reduced anonymity for whisteblower sources.
Leak Submission Anonymity
Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:
TOR users blocked from access
3rd Party or persistent tracking cookies or graphics
CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha
Mixed mode non-SSL graphics or style sheets
Embedded video clips or deep linked graphics etc. from another website e.g. YouTube
Flash file uploader class
Communications / Acknowledgement back to the whistleblower via the website
Acknowledgement of receipt of information
e.g. file upload success indicator - has the leak message or upload actually been received successfully ?
Leak analysis work flow status reporting
e.g. Has anyone actually looked at what the whistleblower has submitted ?
Private message box
e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.
You need to provide an email address in order to register to fill out the form.
A "unique" Complaint identifier is reference is generated after the forma and any attachments have been submitted
Domain Name Resilience
The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:
Domain Name Registrar
IP address: 126.96.36.199 Host name: complaint-plainte.priv.gc.ca
Registrar: Internic.ca Inc.
Canadian Government website - unlikely to ever have legalistic problems with Domain Name etc.
Multiple Internet Service Providers, in different legal jurisdictions ?
Domain Name Server(s) & jurisdiction(s)
mag2.magmacom.com [188.8.131.52] mag1.magma.ca [184.108.40.206]
ns1.drenet.dnd.ca gocns-kedc.gc.ca 220.127.116.11 gocns-pdp.gc.ca 18.104.22.168 dns1.nrc.ca 22.214.171.124 dns2.nrc.ca 126.96.36.199
Alternate Domain Name aliases
Actual Physical Mirrors of the website:
Content available via BitTorrent etc P2P etc.
Hosting of Mirrors of other whistleblowing websites
Open Source software published