From LeakDirectory

Revision as of 01:28, 30 July 2011 by Anonymous (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


General Notes

What is This?

With the recent phone hacking scandal surrounding Rupert Murdoch's News of the World and other aspects of his empire, it's become evident that the fourth estate has failed so it's time to invoke the fifth estate. And what is that? - It is You!


We will accept tips or evidence of wrong doing relating to Rupert Murdoch's affiliated institutions such as News International and News Corporation. We do not accept rumor, opinion or material that is publicly available elsewhere.

Credible submissions will be distributed to our network of journalists (actual journalists) and law enforcement agencies in the UK, the US and Australia. We will not publish anything ourselves. is well above average in their use of website and email security techniques.

Some other intermediary whistleblower website projects have drop down selection lists of media organisations to which the whistleblower leak can be sent to, but has a drop down list of News Corporation controlled media targets for whistleblowers. provides a Submission Status tracking mechanism, to provide feedback to a whistleblower that their submission has actually been received and analysed.

  • Will any current News International and News Corporation insiders try to use this website at all, or will they just talk to the Police or other media organisations directly ?
  • Will any current News International and News Corporation insiders try to use this website from within the corporate infrastructure ?
  • Will News Corporation try to block it from being accessed from within their companies ?
  • Will News Corporation lawyers attempt to have it taken down ?
  • Will News Corporation lawyers attempt to subpoena any logfiles or financial records or any copyright internal documents etc. from when they try to identify current or future whistleblowers ?

Contact Details

Press inquiries
General inquiries
email address:


Postal Address:


Social Networking publicity



Blog / RSS


Financial Donation methods


Currently accepting submissions of whistleblower leaks ?


Explicit promises about Anonymity, Privacy or Security

We use anonymous technology to protect whistleblowers so they can confidently submit information that is in the public interest.

Restrictive Legal Terms & Conditions


Practical Advice on preserving Whistleblower Anonymity

Adovocate the use of the locked down Tor Browser software bundle and publish links to the Tor Project

* You can submit without Tor although anonymity can not be guaranteed. (hint: Internet cafe)

Leak Submission Encryption

* All submissions are encrypted using 1024bit RSA asymmetric keys (no private keys stored on any servers) with 256bit AES using open source Bouncy Castle Crypto

Digital Certificate fingerprints published on their website:

Not published on the website

The Digital Certificate for the shared SSL webserver

CN = O = CloudFlare, Inc. L = Palo Alto S = CA C = US

has multiple valid DNS aliases for other customers e.g.

Currently the Digital Certificate fingerprints for are:

SHA-1: 7E:B2:DE:56:1D:31:B1:53:B5:BB:57:4B:90:A7:3A:1D:99:AD:9F:92

MD5: 66:6A:EF:53:85:67:AC:68:04:7C:F6:3A:40:F6:53:77

Qualsys SSLLabs SSL Server Test rating:

Overall rating: A [85]

Certificate: 100

Protocol Support: 85

Key Exchange: 80

Cipher Strength: 90

PGP Public Encryption Key

PGP / GPG Public Key web page URL or file location or PGP Key Server URL


User ID aliases for:,,,,,,

N.B. The main (unencrypted) email address also uses:

PGP ID: 0x2E0883A4

Created: 01/07/2011

Expires: Never

Type: RSA 2048/2048

Cipher: AES 256 bit

PGP fingerprint: 1B7C 61F1 C652 D077 1C62 F799 EDD9 5F2F 2E08 83A4

TOR Hidden Service

I2P eepsite

Hushmail Secure Form

Leak Submission Anonymity

TOR users blocked from access


3rd Party or persistent tracking cookies or graphics


CAPTCHA graphics generated from another website e.g. Google Re-Captcha


Mixed mode non-SSL graphics or style sheets


Embedded video clips etc. from another website e.g. YouTube


Flash file uploader class


Communications / Acknowledgement back to the whistleblower via the website

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

Submission Form generates a Receipt

Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

Yes, the Submission Form generates a Receipt, with a 35 or so digit alphanumeric string which can be used to check the progress of a Submission via

Initially this reports the status as "queued"

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.


Domain Name Resilience

Domain Name Registrar


German company, registered in Panama, hosting their infrastructure in Malaysia , Estonia, USA etc.

Multiple Internet Service Providers, in different legal jurisdictions ?


Domain Name Server(s) & jurisdiction(s)

Palo Alto, California, USA

Web Server hosting jurisdiction(s)

Cloudflare Inc Palo Alto, California, USA

Alternate Domain Name aliases [] in the USA register via 's USA subsidiary.

That website is not an automatic redirection, but the home page only consists of a link to

Actual Physical Mirrors of the website:


Content officially available via BitTorrent etc P2P etc.


Personal tools