GlobaLeaks                             The Open Whistleblowing FrameworkTuesday, September 6, 2011                        ...
Agenda                    • Why does GlobaLeaks exists?                    • How does it work?                    • Who wi...
ARG*:                GlobaLeaks Organization                    • There is no hierarchy of power                     • No ...
Why does GlobaLeaks                          exists                  Why we want to change the world into a better placeTu...
Motivations                    • We wish to make this world a better place                    • We strive to increase tran...
Existing Solutions                    • The existing software lacked basic privacy-                             aware (ano...
Research on WB                                                      • We started a research a                             ...
The WB ecosystemTuesday, September 6, 2011                      8
So what’s                                 Whistleblowing?                    • A whistleblower is somebody that informs   ...
Active citizenship                        “... which of two common types of character,                    for the general ...
Transparency and                                Accountability                    • People should start demanding         ...
How GlobaLeaks                                 works                             How we plan to change the WorldTuesday, S...
The actors involved in                          GlobaLeaks                    • The Whistleblower                    • The...
Whistleblower                    • An Active citizen that is aware of some                             malpractice and wro...
Targets                    • She/He is the person responsible for                             analyzing the material      ...
Node Administrator                    • The person running GlobaLeaks software                    • Choose the target list...
Interaction                                                                                  Audience   WhistleBlower     ...
Notification (TULIP)                    •        Temporary Unique Link                             Information Provider    ...
TULIP                    • Expires after a fixed amount of downloads                             and time                  ...
TULIP notification                    • Flexible and expandable notification system                     • email, twitter, fa...
TULIP receiptTuesday, September 6, 2011                   21
GlobaLeaks anonymity                    • Tor Hidden Services for pubblishing                     • Protection of WhistleB...
GlobaLeaks security                    •        Authentication                             •   TULIP based authentication ...
Target - Whistleblower                        interaction                    • Send and receive comments                  ...
Who will use                                  GlobaLeaks                                 Different ways of using GlobaLeak...
Media                    • Media outlets, Magazine and Journalism                             associations can setup a WB ...
Transparency Activism (1)                    • NGO and informal activism organisations                    • They will prom...
Transparency Activism (II)                    • Break the three monkey principleTuesday, September 6, 2011                ...
Private Corporations                    • Important tool to be integrated within the                             corporate...
Environmental                                   Malpractice                    • Involve citizen to send photos, reports a...
Public Agencies                    • Internal and external public WB services                    • USA IRS, US SEC, EU Ant...
Ways to publish a                             GlobaLeaks Site                      Different ways of bringing online a Glo...
Pure Hidden Service                             •   Pros                                 •   Submission is highly secure. ...
Hybrid: HS + tor2web                             •   Pros                                 •   Location of the backend stor...
Web only solution                             •   Pros                                 •   Does not require clients to ins...
WTF!?                             ... Or, how will we change the world.Tuesday, September 6, 2011                         ...
The Tulip movement                    •        The WB gives TULIPs                             out to targets             ...
How can you hack on                              it ?                 Practical way to start hacking on GlobaLeaks, have l...
Launchpad and Bazaar                    • Install bazaar, is the versioning system                    • register your user...
Technologies                    • Python                    • web2py (http:///web2py.org/book)                     • MVC m...
Delivery                    • Self contained .exe                    • Self contained .app                    • Drag and d...
and now...Tuesday, September 6, 2011                42
brace yourselves.Tuesday, September 6, 2011                       43
# ./startglobaleaksTuesday, September 6, 2011                         44
Questions?                                                  Contacs                Main site: http://www.globaleaks.org   ...
Upcoming SlideShare
Loading in …5
×

GlobaLeaks live launch - Venice 2011

2,366 views
2,311 views

Published on

GlobaLeaks aims to become the first Open Source Whistleblowing Framework.
We wish to empower anyone to easily setup and maintain their own whistleblowing platform for use in very different environments: media, corporation, public agency, activists.

It's developed with security features that support anonymous, censorship-resistant communications along with strong data encryption.

The final goal is the creation of a network of independent organizations (even individuals) running GlobaLeaks powered Whistleblowing platform. These will allow anonymous submission of reports and material to interested targets providing maximum impact at a local/regional and context specific level.

Demo launch http://www.globaleaks.org/news/#

Published in: News & Politics, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,366
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

GlobaLeaks live launch - Venice 2011

  1. 1. GlobaLeaks The Open Whistleblowing FrameworkTuesday, September 6, 2011 1
  2. 2. Agenda • Why does GlobaLeaks exists? • How does it work? • Who will use it? • How can you hack on it? Join GlobaLeaks! • # ./startglobaleaksTuesday, September 6, 2011 2
  3. 3. ARG*: GlobaLeaks Organization • There is no hierarchy of power • No Official Role • Every member of GlobaLeaks is A Random GlobaLeaks Contributor|Developer| Spokesperson|AdvocateTuesday, September 6, 2011 3
  4. 4. Why does GlobaLeaks exists Why we want to change the world into a better placeTuesday, September 6, 2011 4
  5. 5. Motivations • We wish to make this world a better place • We strive to increase transparency and accountability in our societyTuesday, September 6, 2011 5
  6. 6. Existing Solutions • The existing software lacked basic privacy- aware (anonymity) and security features (encryption). • Existing projects are less open that they want to make people believe. • Only commercial software or outsourced WhistleBlowing servicesTuesday, September 6, 2011 6
  7. 7. Research on WB • We started a research a research on Whistleblowing on Dec 2010 https://leakdirectory.org SHA Fingerprint: 2F 78 1A E7 34 32 44 35 1D 68 6A DE B7 83 58 F6 11 41 BC E0Tuesday, September 6, 2011 7
  8. 8. The WB ecosystemTuesday, September 6, 2011 8
  9. 9. So what’s Whistleblowing? • A whistleblower is somebody that informs of illicit activity. • Activates citizens in their own local politics • Activate people in their global viewTuesday, September 6, 2011 9
  10. 10. Active citizenship “... which of two common types of character, for the general good of humanity, it is most desirable should predominate — the active, or the passive type; that which struggles against evils, or that which endures them; that which bends to circumstances, or that which endeavours to make circumstances bend to itself.” John Stuart Mill, "Representative Government" (1869)Tuesday, September 6, 2011 10
  11. 11. Transparency and Accountability • People should start demanding transparency and enforcing it with GlobaLeaks. • Corporations and governments will understand the need to be more transparentTuesday, September 6, 2011 11
  12. 12. How GlobaLeaks works How we plan to change the WorldTuesday, September 6, 2011 12
  13. 13. The actors involved in GlobaLeaks • The Whistleblower • The Targets • The Node AdministratorTuesday, September 6, 2011 13
  14. 14. Whistleblower • An Active citizen that is aware of some malpractice and wrongdoing • She/He will notify the GL node of such informationTuesday, September 6, 2011 14
  15. 15. Targets • She/He is the person responsible for analyzing the material • No consent • Diversified actors as incentiveTuesday, September 6, 2011 15
  16. 16. Node Administrator • The person running GlobaLeaks software • Choose the target list • Choose the goals and objective of ther activities • Behave depending on the context and goalsTuesday, September 6, 2011 16
  17. 17. Interaction Audience WhistleBlower Submission Output pre NGO ss download Node Administrator Targets node • the node administrator notification select a list of targets • A Tulip is createdTuesday, September 6, 2011 17
  18. 18. Notification (TULIP) • Temporary Unique Link Information Provider • The means of communications between the target and WhistleBlowerTuesday, September 6, 2011 18
  19. 19. TULIP • Expires after a fixed amount of downloads and time • Is unique to every target/material • The data can be stored inside a flexible and configurable container (see local storage, FTP, Dropbox,Tahoe-LAFS, etc.)Tuesday, September 6, 2011 19
  20. 20. TULIP notification • Flexible and expandable notification system • email, twitter, facebook, SCP, ticketing systemTuesday, September 6, 2011 20
  21. 21. TULIP receiptTuesday, September 6, 2011 21
  22. 22. GlobaLeaks anonymity • Tor Hidden Services for pubblishing • Protection of WhistleBlower and Node maintainer • Tor client for notificationsTuesday, September 6, 2011 22
  23. 23. GlobaLeaks security • Authentication • TULIP based authentication • optional password • Encryption (optional) • ZIP AES, PGP container • Applies to data and notification • Security • optional metadata cleanup facilities (MAT)Tuesday, September 6, 2011 23
  24. 24. Target - Whistleblower interaction • Send and receive comments • WhistleBlower is able to upload more material regarding a submission • Secure JS based chat system?Tuesday, September 6, 2011 24
  25. 25. Who will use GlobaLeaks Different ways of using GlobaLeaks... ...The Swiss Army Knife of WhistleblowingTuesday, September 6, 2011 25
  26. 26. Media • Media outlets, Magazine and Journalism associations can setup a WB interface • Collects Anonymous report by default • Two real world use casesTuesday, September 6, 2011 26
  27. 27. Transparency Activism (1) • NGO and informal activism organisations • They will promote the GL node • They will only promote the GL node and others will analyze the data • Advocacy on the importance of Transparency and accountability • Corruption spottingTuesday, September 6, 2011 27
  28. 28. Transparency Activism (II) • Break the three monkey principleTuesday, September 6, 2011 28
  29. 29. Private Corporations • Important tool to be integrated within the corporate organizational model • Typically managed by internal audit • Accountability mandated by the law • Sarbanes-Oxley Act (USA) • Dlgs 231 (Italy)Tuesday, September 6, 2011 29
  30. 30. Environmental Malpractice • Involve citizen to send photos, reports and dossiers about environmental malpractice • Setup a node linked to environmental associations, pollution experts, journalists and environmental activists.Tuesday, September 6, 2011 30
  31. 31. Public Agencies • Internal and external public WB services • USA IRS, US SEC, EU Antitrust • Involve citizens into spotting tax evasion, market manipulation, corruption, malpractice in healthTuesday, September 6, 2011 31
  32. 32. Ways to publish a GlobaLeaks Site Different ways of bringing online a GlobaLeaks site depending on how you want to use itTuesday, September 6, 2011 32
  33. 33. Pure Hidden Service • Pros • Submission is highly secure. • Does not rely on legacy technologies such as SSL. • DDOS protected. • Location of every network entity protected. • Requires to setup only one device. • Cons • Submitters must use a Tor client.Tuesday, September 6, 2011 33
  34. 34. Hybrid: HS + tor2web • Pros • Location of the backend storage server protected. • Backend DDOS protected. • Does not require clients to install any software except a browser. • Cons • Relies on legacy technology such as SSL. • The tor2web node can be targeted by a DDOS or SSL man in the middle.Tuesday, September 6, 2011 34
  35. 35. Web only solution • Pros • Does not require clients to install any software except a browser. • Requires to setup only one device. • Cons • Relies on legacy technology such as SSL. • The location of the server is disclosed. • It can be targeted by DDOS attacks and MITM. • One single point of failure.Tuesday, September 6, 2011 35
  36. 36. WTF!? ... Or, how will we change the world.Tuesday, September 6, 2011 36
  37. 37. The Tulip movement • The WB gives TULIPs out to targets • This is a gift to humanity • TULIP is also used as an acronym in Calvinism • Flower power leads to open and transparent society.Tuesday, September 6, 2011 37
  38. 38. How can you hack on it ? Practical way to start hacking on GlobaLeaks, have lots of fun, drink lots of wine and taste good Italian foodTuesday, September 6, 2011 38
  39. 39. Launchpad and Bazaar • Install bazaar, is the versioning system • register your user at http://lauchpad.net • our launchpad page is http://launchpad.net/ globaleaks • check out the blueprints: https://blueprints.launchpad.net/globaleaksTuesday, September 6, 2011 39
  40. 40. Technologies • Python • web2py (http:///web2py.org/book) • MVC model • Secure by default against web attacks • Object OrientedTuesday, September 6, 2011 40
  41. 41. Delivery • Self contained .exe • Self contained .app • Drag and drop install experience • Even non techie people will run it.Tuesday, September 6, 2011 41
  42. 42. and now...Tuesday, September 6, 2011 42
  43. 43. brace yourselves.Tuesday, September 6, 2011 43
  44. 44. # ./startglobaleaksTuesday, September 6, 2011 44
  45. 45. Questions? Contacs Main site: http://www.globaleaks.org GlobaLeaks demo: http://demo.globaleaks.org Wiki for the project: http://wiki.globaleaks.org/ Planet GlobaLeaks: http://planet.globaleaks.org/ Mailing list: http://globaleaks.org/mailman/listinfo/people_globaleaks.org IRC: irc.oftc.net #globaleaks WEBCHAT: http://irc.lc/OFTC/globaleaks/webchatTuesday, September 6, 2011 45

×