social hacking with globaleaks
DESCRIPTION
Slides of GlobaLeaks and Social Hacking workshop at 28C3. More info on following links * http://events.ccc.de/congress/2011/wiki/Workshops/GlobaLeaks * http://events.ccc.de/congress/2011/wiki/SocialHacking_LeakDirectoryTRANSCRIPT
![Page 1: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/1.jpg)
Social Hacking with GlobaLeaks
Secure and anonymous Open Source Whistleblowing platform
Wednesday, December 28, 11
![Page 2: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/2.jpg)
Whistleblowing
• Whistleblower speaks up in the public interest on an issue
• Related to Transparency and Public Disclosure
• Whistleblowing is not just Wikileaks
Wednesday, December 28, 11
![Page 3: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/3.jpg)
The WB ecosystem
Wednesday, December 28, 11
![Page 4: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/4.jpg)
Whistleblowing International Network
• A network of researchers and organizations dedicated to WB
• Internation Whistleblowing Conference in London
Wednesday, December 28, 11
![Page 5: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/5.jpg)
Existing platform
• Anonymity is not technologically supported
• Security is not verified by third parties
• Closed source, no implementation details
• Improvements are limited to vendors will
Wednesday, December 28, 11
![Page 6: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/6.jpg)
Wednesday, December 28, 11
![Page 7: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/7.jpg)
Wednesday, December 28, 11
![Page 8: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/8.jpg)
Wednesday, December 28, 11
![Page 9: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/9.jpg)
Where WB is used
• Old-Media and New-Media
• Transparency Activism
• Citizen driven initiatives
• Private and Public organizations
Wednesday, December 28, 11
![Page 10: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/10.jpg)
LeakDirectory
• Most comprehensive whistleblowing resource
• Community driven, wiki
• In future it will allow WB the right site for their submission
• http://leakdirectory.org
Wednesday, December 28, 11
![Page 11: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/11.jpg)
Sounds good?
Wednesday, December 28, 11
![Page 12: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/12.jpg)
Why GlobaLeaks?
• To promote whistleblowing across civil society
• Allow people to easily start a WB initiative
• Be flexible to suit every need
Wednesday, December 28, 11
![Page 13: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/13.jpg)
GL Dependencies
=GLOBALEAKS
Wednesday, December 28, 11
![Page 14: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/14.jpg)
GlobaLeaks actors
• Node Administrator
• Sets up and promotes a site on a Topic
• Whistleblower
• Has material to share on the Topic
• Receivers
• Is knowledgeable in the Topic and will make information into action
Wednesday, December 28, 11
![Page 15: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/15.jpg)
GlobaLeaks issues
• Anonymous and secure by default
• Simple to deploy
• Easy to use by the WB in any environment
• Customizable usability/security-anonymity tradeoff
Wednesday, December 28, 11
![Page 16: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/16.jpg)
GlobaLeaks architecture
node Targets
pressNGO
Audience
• the node administrator select a list of
targets •A Tulip is created
notification
download
Submission
Out
put
WhistleBlower
NodeAdministrator
Wednesday, December 28, 11
![Page 17: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/17.jpg)
GlobaLeaks deployment
• Self contained system (ie: GlobaLeaks.exe)
• Automatic exposure (Tor HS / Tor2web)
• Can be published and indexed by LeakDirectory
• Build Free Mobile Application
Wednesday, December 28, 11
![Page 18: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/18.jpg)
GL Cross-platform
• Usable on Mobile, web, desktop, fax etc.
Wednesday, December 28, 11
![Page 19: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/19.jpg)
GlobaLeaks 0.1• Resilient file upload
• Anonymity of WB
• Customizable submission fields (XML)
• Submission receipt for WB-Receiver interaction
• Unique, Temporary URI for tip access
• Comment / Statistics
• TorCheck (https://github.com/globaleaks/TorCheck)
• Anonymity awareness for Whistleblower
• Web widget for Anonymity checking
Wednesday, December 28, 11
![Page 20: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/20.jpg)
GlobaLeaks 0.1
• Demo!
Wednesday, December 28, 11
![Page 21: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/21.jpg)
GlobaLeaks 0.1 issues
• Low responsiveness over Tor HS (white page effect)
• Limitation of MVC framework
• Not properly designed
• Not modularized
• Big code base
Wednesday, December 28, 11
![Page 22: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/22.jpg)
GlobaLeaks future
• Modularized
• GLClient and GLBackend separation
• Future features on: https://github.com/globaleaks/GlobaLeaks/issues
Wednesday, December 28, 11
![Page 23: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/23.jpg)
GLBackend
• Flask
• SQLAlchemy
• Modular storage system
• Modular notification system
Wednesday, December 28, 11
![Page 24: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/24.jpg)
GLClient
• Backbone.js
• Require.js for minify and uglify
• Preloaded into browser
• Let’s show some mockups of how it looks like
Wednesday, December 28, 11
![Page 25: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/25.jpg)
Fax2social
• Allows people to submit documents through fax machines
• Through in the internet kill switch use case
• Automatic OCR
• One number for each nation
• Anonymizing of sender data
Wednesday, December 28, 11
![Page 26: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/26.jpg)
Tor2web
• Exposes Tor Hidden Services to the surface web
• Tomorrow we will go into more detail
Wednesday, December 28, 11
![Page 27: Social hacking with GlobaLeaks](https://reader033.vdocument.in/reader033/viewer/2022051411/5481306eb4795969578b483e/html5/thumbnails/27.jpg)
Let’s setup a GlobaLeaks node
• Howto: https://github.com/globaleaks/GlobaLeaks/wiki
• Configuration: https://github.com/globaleaks/GlobaLeaks/wiki/Configurationfile
• Let’s setup a GlobaLeaks node!!
Wednesday, December 28, 11