As you may have heard, the UN is trying to take over the internet. Well, that’s not really true, but member states of the UN’s International Telecommunications Union (ITU) are definitely going to negotiate an agreement related to the Internet at the World Conference on International Communications(WCIT - pronounced ‘wicket’) this December in Dubai. U.S. officials have warned that some member states, including Russia and China, have put forth proposals to regulate the Internet.
So what are these proposals? Well, we don’t know exactly. To see them, you have to have access to the ITU’s password protected website. This lack of transparency brings to mind secret negotiations like the one that gave us ACTA, and several civil society groups have written to the ITU demanding access to the documents.
Of course, while it’s not illegal, publishing these documents is probably not considered polite in the rarefied diplomatic circles of the ITU. So, I thought we’d give folks with access to the documents a helping hand.
Yesterday Eli Dourado and I spent a couple of hours putting together a website at WCITLeaks.org. The idea is simple: If you have a WCIT or ITU related document you’d like to share, submit it anonymously and we will publish it. That’s it. We hope you find it useful and that you’ll spread the word.
After initial criticism, the website does now offer a simple SSL encrypted upload form, hosted on the Amazon Cloud at
- mobile phone / SMS text message:
Social Media / Networks
Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.
Financial Donation methods
Currently accepting submissions of whistleblower leaks ?
Explicit promises about Anonymity, Privacy or Security
Restrictive legal Terms & Conditions
Practical Advice on preserving Whistleblower Anonymity
Leak Submission Encryption
Digital Certificate fingerprints published on their website:
Qualsys SSLLabs SSL Server Test rating:
Web upload form is hosted on the Amazon Cloud:
N.B. the analysis below may not be valid for the particular Amazon S3 server infrastructure you happen to be using to access it from around the world, but is probably typical:
Overall rating: **A **
Protocol Support: 85
Key Exchange 80
Cipher Strength: 90
N.B. the Digital certificate for this Amazon S3 file space does not match the URL, so submitters will have to accept the browser trust warning
PGP Public Encryption Key
TOR Hidden Service
Hushmail Secure Form
Leak Submission Anonymity
Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:
TOR users blocked from access
3rd Party or persistent tracking cookies or graphics
unnecessary Twitter follow button graphics betraying web page visitor details to Twitter
CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha
Mixed mode non-SSL graphics or style sheets
Embedded video clips or deep linked graphics etc. from another website e.g. YouTube
Flash file uploader class
Communications / Acknowledgement back to the whistleblower via the website
Acknowledgement of receipt of information
e.g. file upload success indicator - has the leak message or upload actually been received successfully ?
Leak analysis work flow status reporting
e.g. Has anyone actually looked at what the whistleblower has submitted ?
Private message box
e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.
Domain Name Resilience
The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:
Domain Name Registrar
United States of America
Multiple Internet Service Providers, in different legal jurisdictions ?
220.127.116.11 is from United States(US) in region North America
Domain Name Server(s) & jurisdiction(s)
ns3.dreamhost.com 18.104.22.168 ns2.dreamhost.com 22.214.171.124 ns1.dreamhost.comA 126.96.36.199
Alternate Domain Name aliases
Actual Physical Mirrors of the website:
Content available via BitTorrent etc P2P etc.
Hosting of Mirrors of other whistleblowing websites
Open Source software published