Your SlideShare is downloading. ×
0
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
GloabLeaks ESC2011
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

GloabLeaks ESC2011

694

Published on

Why does GlobaLeaks exists? …

Why does GlobaLeaks exists?
How does it work?
Who will use it?
How can you hack on it? Join GlobaLeaks!
# ./startglobaleaks

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
694
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. GlobaLeaks The Open Whistleblowing FrameworkSunday, September 4, 2011
  • 2. Agenda • Why does GlobaLeaks exists? • How does it work? • Who will use it? • How can you hack on it? Join GlobaLeaks! • # ./startglobaleaksSunday, September 4, 2011
  • 3. ARG*: GlobaLeaks Organization • There is no hierarchy of power • No Official Role • Every member of GlobaLeaks is A Random GlobaLeaks Contributor|Developer| Spokesperson|AdvocateSunday, September 4, 2011
  • 4. Why does GlobaLeaks exists Why we want to change the world into a better placeSunday, September 4, 2011
  • 5. Motivations • We wish to make this world a better place • We strive to increase transparency and accountability in our societySunday, September 4, 2011
  • 6. Existing Solutions • The existing software lacked basic privacy- aware (anonymity) and security features (encryption). • Existing projects are less open that they want to make people believe. • Only commercial software or outsourced WhistleBlowing servicesSunday, September 4, 2011
  • 7. Research on WB • We started a research a research on Whistleblowing on Dec 2010 https://leakdirectory.org SHA Fingerprint: 2F 78 1A E7 34 32 44 35 1D 68 6A DE B7 83 58 F6 11 41 BC E0Sunday, September 4, 2011
  • 8. The WB ecosystemSunday, September 4, 2011
  • 9. So what’s Whistleblowing? • A whistleblower is somebody that informs of illicit activity. • Activates citizens in their own local politics • Activate people in their global viewSunday, September 4, 2011
  • 10. Active citizenship “... which of two common types of character, for the general good of humanity, it is most desirable should predominate — the active, or the passive type; that which struggles against evils, or that which endures them; that which bends to circumstances, or that which endeavours to make circumstances bend to itself.” John Stuart Mill, "Representative Government" (1869)Sunday, September 4, 2011
  • 11. Transparency and Accountability • People should start demanding transparency and enforcing it with GlobaLeaks. • Corporations and governments will understand the need to be more transparentSunday, September 4, 2011
  • 12. How GlobaLeaks works How we plan to change the WorldSunday, September 4, 2011
  • 13. The actors involved in GlobaLeaks • The Whistleblower • The Targets • The Node AdministratorSunday, September 4, 2011
  • 14. Whistleblower • An Active citizen that is aware of some malpractice and wrongdoing • She/He will notify the GL node of such informationSunday, September 4, 2011
  • 15. Targets • She/He is the person responsible for analyzing the material • No consent • Diversified actors as incentiveSunday, September 4, 2011
  • 16. Node Administrator • The person running GlobaLeaks software • Choose the target list • Choose the goals and objective of ther activities • Behave depending on the context and goalsSunday, September 4, 2011
  • 17. Interaction Audience WhistleBlower Submission Output pre NGO ss download Node Administrator Targets node • the node administrator notification select a list of targets • A Tulip is createdSunday, September 4, 2011
  • 18. Notification (TULIP) • Temporary Unique Link Information Provider • The means of communications between the target and WhistleBlowerSunday, September 4, 2011
  • 19. TULIP • Expires after a fixed amount of downloads and time • Is unique to every target/material • The data can be stored inside a flexible and configurable container (see local storage, FTP, Dropbox,Tahoe-LAFS, etc.)Sunday, September 4, 2011
  • 20. TULIP notification • Flexible and expandable notification system • email, twitter, facebook, SCP, ticketing systemSunday, September 4, 2011
  • 21. TULIP receiptSunday, September 4, 2011
  • 22. GlobaLeaks anonymity • Tor Hidden Services for pubblishing • Protection of WhistleBlower and Node maintainer • Tor client for notificationsSunday, September 4, 2011
  • 23. GlobaLeaks security • Authentication • TULIP based authentication • optional password • Encryption (optional) • ZIP AES, PGP container • Applies to data and notification • Security • optional metadata cleanup facilities (MAT)Sunday, September 4, 2011
  • 24. Target - Whistleblower interaction • Send and receive comments • WhistleBlower is able to upload more material regarding a submission • Secure JS based chat system?Sunday, September 4, 2011
  • 25. Who will use GlobaLeaks Different ways of using GlobaLeaks... ...The Swiss Army Knife of WhistleblowingSunday, September 4, 2011
  • 26. Media • Media outlets, Magazine and Journalism associations can setup a WB interface • Collects Anonymous report by default • Two real world use casesSunday, September 4, 2011
  • 27. Transparency Activism (1) • NGO and informal activism organisations • They will promote the GL node • They will only promote the GL node and others will analyze the data • Advocacy on the importance of Transparency and accountability • Corruption spottingSunday, September 4, 2011
  • 28. Transparency Activism (II) • Break the three monkey principleSunday, September 4, 2011
  • 29. Private Corporations • Important tool to be integrated within the corporate organizational model • Typically managed by internal audit • Accountability mandated by the law • Sarbanes-Oxley Act (USA) • Dlgs 231 (Italy)Sunday, September 4, 2011
  • 30. Public Agencies • Internal and external public WB services • USA IRS, US SEC, EU Antitrust • Involve citizens into spotting tax evasion, market manipulation, corruption, malpractice in health and environmentSunday, September 4, 2011
  • 31. Ways to publish a GlobaLeaks Site Different ways of bringing online a GlobaLeaks site depending on how you want to use itSunday, September 4, 2011
  • 32. Pure Hidden Service • Pros • Submission is highly secure. • Does not rely on legacy technologies such as SSL. • DDOS protected. • Location of every network entity protected. • Requires to setup only one device. • Cons • Submitters must use a Tor client.Sunday, September 4, 2011
  • 33. Hybrid: HS + tor2web • Pros • Location of the backend storage server protected. • Backend DDOS protected. • Does not require clients to install any software except a browser. • Cons • Relies on legacy technology such as SSL. • The tor2web node can be targeted by a DDOS or SSL man in the middle.Sunday, September 4, 2011
  • 34. Web only solution • Pros • Does not require clients to install any software except a browser. • Requires to setup only one device. • Cons • Relies on legacy technology such as SSL. • The location of the server is disclosed. • It can be targeted by DDOS attacks and MITM. • One single point of failure.Sunday, September 4, 2011
  • 35. WTF!? ... Or, how will we change the world.Sunday, September 4, 2011
  • 36. The Tulip movement • The WB gives TULIPs out to targets • This is a gift to humanity • TULIP is also used as an acronym in Calvinism • Flower power leads to open and transparent society.Sunday, September 4, 2011
  • 37. How can you hack on it ? Practical way to start hacking on GlobaLeaks, have lots of fun, drink lots of wine and taste good Italian foodSunday, September 4, 2011
  • 38. Launchpad and Bazaar • Seif, hellais bitch, recommended it, but it’s a bit of PITA. • send him emails for help on bzr (seif@globaleaks.org) • Install bazaar, is the versioning system • register your user in http://lauchpad.net • we’re http://launchpad.net/globaleaks • check the blueprints: https://blueprints.launchpad.net/globaleaksSunday, September 4, 2011
  • 39. Technologies • Python • web2py (http:///web2py.org/book) • MVC model • Secure by default against web attacks • Object OrientedSunday, September 4, 2011
  • 40. Delivery • Self contained .exe • Self contained .app • Drag and drop install experience • Even non techie people will run it.Sunday, September 4, 2011
  • 41. and now...Sunday, September 4, 2011
  • 42. brace yourselves.Sunday, September 4, 2011
  • 43. # ./startglobaleaksSunday, September 4, 2011
  • 44. Questions?Sunday, September 4, 2011

×