From LeakDirectory

Jump to: navigation, search


General Notes is a current work in progress by former people, including | Daniel Domscheit-Berg with the intention of providing a whistleblowing infrastructure for local whistleblowers and the mainstream media and non-governmental organisations, without the controversy associated with Julian Assange and

They should have much to contribute in terms of computer infrastructure security, anonymity and scalability experience, but their system, like that of / itself, is not currently accepting any whistleblower submissions.

See Andy Greenberg's article:

OpenLeaks Announces A Test Launch, Invites 3,000 Hackers To Attack It

Domscheit-Berg argues that leaking sites’ security measures don’t need to be as tight as WikiLeaks were during Domscheit-Berg’s time with the group – they need to be tighter. Adversaries of leaking like corporations, law enforcement and intelligence, he says, have ramped up their security measures in the wake of WikiLeaks record-breaking breaches. “WikiLeaks appeared out of nowhere,” says Domscheit-Berg. “It cause a lot of new problems no one had thought about before. Now they’ve thought about this whole thing for a bit. The dust has settled. And it will never be as easy again.”

That means facilitating leakers needs to become more systematic and rigorous, Domscheit-Berg says.

Update 05 February 2012

The self signed Digital Certificate for has been allowed to expire on 18th October 2011, which rather casts doubt on whether the project is still active or not in February 2012.

There are Twitter rumours that Daniel Domscheit-Berg has been re-admitted into the Chaos Computer Club, after making it clear that the project is not officially endorsed by CCC i.e. something which almost nobody outside of the CCC bureaucracy thought was either true or important.

Update 21 August 2011

The publicity about this test preview of the submission system, the temporary website has lead to controversy in Germany. It was used as the excuse to expel Daniel Domscheit-Berg from the Chaos Computer Club.

The real reason for his expulsion seems to be related to a single copy of an encrypted disk, which which Julian Assange was the only person to have the cryptographic keys, but which was in the physical possession of Daniel-Domscheit Berg possession of when he and the other main technical team members left last year.

The main effect on of this expulsion may be to make it impossible for them to make use of the Wau Holland charitable foundation as a conduit for financial contributions, a service which they provide to the project. see

Chaos Computer Club expels Daniel Domscheit-Berg - will this affect finances ?

Update 08 September 2011

Daniel Domscheit-Berg is reported as having now destroyed the encrypted data from, citing the need to protect whistleblower sources, something which still cannot be trusted with.

The propaganda and threats aimed personally at Daniel Domscheit-Berg by fanatics, to somehow blame him for their own security failings and incompetence ( leaked their own "crown jewels" leak of unredacted US Diplomatic Cables online through BitTorrent and by stupidly re-using a cryptographic password) may make it difficult or impossible for the project to proceed as planned.

Whistleblower websites need to learn from these personnel and procedural failures - technology is only part of the anonymity / security / trust / publicity / publishing system that such websites aim to achieve.

Contact Details


Press inquiries

   *   email:

General inquiries

   *   telephone:   +49 30 57706454 0
   *   fax:         +49 30 57706454 9
   *   email address:
   *   OpenLeaks on Skype:

Postal Address:


Social Networking publicity

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.


While we would like to use the twitter account we registered (openleaks), we can not because something is wrong with the account. We tried to recover it through the official process of working together with twitter but were turned down.





Financial Donation methods

Methods of accepting payments from the the public and supporters, also come under political and legal pressure, as have learned to their cost: is currently soliciting money through several payment methods:





Currently accepting submissions of whistleblower leaks ?


Planned Submission system launch date ?

- perhaps after the Chaos Communication Camp in the Summer of 2011

10|11|12|13|14th August 2011 at Finowfurt (near Berlin), Germany

Leak Submission Encryption

Digital Certificate fingerprints published on their website:

   The SSL certificate we use for this website has the following fingerprints:
   * SHA-1: 14:1F:81:F7:A2:F6:01:52:4C:82:B2:94:43:6D:5C:D9:A4:65:22:C5
   * MD5: D9:83:FC:4D:6A:65:F8:2F:85:CA:20:2C:F2:93:3C:A8

The serial of the certificate is 0A:1D:E6.

N.B. these published cryptographic hash fingerprints now do actually match the currently installed Digital Certificate - there have been 2 or 3 Digital Certificate changes between January and May 2011.

This self signed Digital Certificate has been allowed to expire on 18th October 2011, which rather casts doubt on whether the project is still active or not in February 2012.

It is a good idea to publish these on the website, but only if the web page and the installed certificate are actually kept up to date.

Qualsys SSLLabs SSL Server Test rating:

Overall rating: F [0]

Certificate: 0

Protocol Support: 85

Key Exchange 80

Cipher Strength: 90

No weak cipher suites or deprecated SSL 2.0 protocol, but because this is a self signed Digital Certificate, some potential users will refuse to trust this website, or their web browser configurations will prevent them from trusting this website.

When launched their website back in January 2011, they did use a commercial Digital Certificate from GlobalSign nv-sa, which they abandoned for some undisclosed reason.

N.B. The DNS entries for have a second A record which points to another IP address:

perhaps for resilience or development, but which does not currently have any public Digital Certificate installed.

PGP Public Encryption Key


Created: 18/12/2010

Expires: 17/12/2012

Type: RSA 4096/4096

Cipher: AES 256 bit

PGP Fingerprint: 42CC E8DE 2463 8F46 8D9B 86A3 21D6 A86F B52D C7BA

TOR Hidden Service


I2P eepsite


Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which emulators should take note of:

Domain Name Registrar

Web Commerce Communications Limited dba based in Kualar Lumpur, Malaysia

Multiple Domain Name Service providers, in different legal jurisdictions ?

Yes is based in Iceland is based in California, USA is hosted in Germany

Alternate Domain Name aliases

The following alternate domains are currently available:

   *  [] and  [] 
   * [] and  []
   * []
   * []

Actual Physical Mirrors of the website:


Content available via BitTorrent etc P2P etc.


Personal tools