WCITLeaks

From LeakDirectory

Jump to: navigation, search

Contents

General Notes

As you may have heard, the UN is trying to take over the internet. Well, that’s not really true, but member states of the UN’s International Telecommunications Union (ITU) are definitely going to negotiate an agreement related to the Internet at the World Conference on International Communications(WCIT - pronounced ‘wicket’) this December in Dubai. U.S. officials have warned that some member states, including Russia and China, have put forth proposals to regulate the Internet.

[...]

So what are these proposals? Well, we don’t know exactly. To see them, you have to have access to the ITU’s password protected website. This lack of transparency brings to mind secret negotiations like the one that gave us ACTA, and several civil society groups have written to the ITU demanding access to the documents.

[...]

Of course, while it’s not illegal, publishing these documents is probably not considered polite in the rarefied diplomatic circles of the ITU. So, I thought we’d give folks with access to the documents a helping hand.

Yesterday Eli Dourado and I spent a couple of hours putting together a website at WCITLeaks.org. The idea is simple: If you have a WCIT or ITU related document you’d like to share, submit it anonymously and we will publish it. That’s it. We hope you find it useful and that you’ll spread the word.

http://jerrybrito.org/post/24541436396/today-were-launching-wcitleaks-org

After initial criticism, the website does now offer a simple SSL encrypted upload form, hosted on the Amazon Cloud at

https://files.wcitleaks.org.s3.amazonaws.com/


Contact Details

website:

Press Enquiries

No

General Enquiries

  • email:
  • telephone:
  • mobile phone / SMS text message:
  • fax:

Postal Address:

Social Media / Networks

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.

Twitter

https://twitter.com/#!/WCITLeaks

FaceBook

No

Blog

No

Financial Donation methods

No

Currently accepting submissions of whistleblower leaks ?

Yes

Explicit promises about Anonymity, Privacy or Security

No

Restrictive legal Terms & Conditions

No

Practical Advice on preserving Whistleblower Anonymity

No

Leak Submission Encryption

Digital Certificate fingerprints published on their website:

No

Qualsys SSLLabs SSL Server Test rating:

Web upload form is hosted on the Amazon Cloud:

https://files.wcitleaks.org.s3.amazonaws.com/

N.B. the analysis below may not be valid for the particular Amazon S3 server infrastructure you happen to be using to access it from around the world, but is probably typical:

https://www.ssllabs.com/ssltest/analyze.html?d=s3.amazonaws.com&s=207.171.163.215

Overall rating: **A [85]**

Certificate: 100

Protocol Support: 85

Key Exchange 80

Cipher Strength: 90


N.B. the Digital certificate for this Amazon S3 file space does not match the URL, so submitters will have to accept the browser trust warning

PGP Public Encryption Key

No

TOR Hidden Service

No

I2P eepsite

No

PrivacyBox.de

No

Hushmail Secure Form

No

Leak Submission Anonymity

Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:

TOR users blocked from access

No

3rd Party or persistent tracking cookies or graphics

Yes

unnecessary Twitter follow button graphics betraying web page visitor details to Twitter

CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha

No

Mixed mode non-SSL graphics or style sheets

No

Embedded video clips or deep linked graphics etc. from another website e.g. YouTube

No

Flash file uploader class

No

Communications / Acknowledgement back to the whistleblower via the website

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

Yes


Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

No

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.

No

Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:

Domain Name Registrar

dreamhost.com

United States of America

Multiple Internet Service Providers, in different legal jurisdictions ?

No

wcitleaks.org

69.163.240.238 is from United States(US) in region North America


Domain Name Server(s) & jurisdiction(s)

ns3.dreamhost.com 66.33.216.216 ns2.dreamhost.com 208.96.10.221 ns1.dreamhost.comA 66.33.206.206

USA

Alternate Domain Name aliases

No

Actual Physical Mirrors of the website:

No

Content available via BitTorrent etc P2P etc.

No

Hosting of Mirrors of other whistleblowing websites

No

Open Source software published

No

Personal tools