|Developer(s)||Hermes Center for Transparency and Digital Human Rights|
|Initial release||6 September 2011|
|Stable release||2.60 / April 22, 2014|
|Operating system||Linux, Tails|
|License||Affero General Public License|
GlobaLeaks is an open-source, free software intended to enable anonymous whistleblowing initiatives. It was developed by the Hermes Center for Transparency and Digital Human Rights, a largely Italian foundation. The leading figures in its creation are programmer and security analyst Claudio Agosti; Università di Roma computer science student and Tor developer Arturo Filastò; privacy solutions provider PrivateWave Italia founder Fabio Pietrosanti; and computer engineer and Tor2web developer Giovanni Pellerano.
The software empowers anyone, even non-technical people, to easily set up and maintain a whistleblowing platform. It can help many different types of users: media organizations, activist groups, corporations and public agencies.” The GlobaLeaks project is “aimed at supporting the practice of whistleblowing by giving people the software tools necessary to start their own initiative.
Asked by an interviewer how the GlobaLeaks project began, Filastò explained: “After the whole Wikileaks Cablegate drama we decided to work on this.” The idea for GlobaLeaks “was born from the realization of a need for journalists to ensure the confidentiality of their sources despite an insecure network.” It is designed to be used by journalists who do not have advanced computer skills but who need a secure platform to protect their sources. The software enables journalists and their sources to communicate securely, allowing “a continuous flow of data among individuals with complete security.” It also enables journalists to verify sources by requesting various kinds of data and documents. Moreover, GlobaLeaks is more flexible than WikiLeaks, which is only in English, and is centralized, with a focus on “events of national and international resonance.” GlobaLeaks, by contrast, “allows you to communicate in the language of users and is open to local issues with an impact on everyday life.”
Filastò and his partners noted that most leaksites “had poor security,” with the vulnerabilities of the Wall Street Journal’s whistleblowing dropbox SafeHouse, for instance, being “exposed only hours after it went online.” Filastò commented that: “We saw that there is a user base but the developers were doing it wrong. We said: ‘we are security people, we can do this better’. So two years ago we came up with an advanced prototype: Globaleaks 0.1. It was an initial experiment but it went quite well. We then redid it from scratch and we’re now at version 2.24.”
According to an article published in January 2011, GlobaLeaks was based during “an initial phase” in the Netherlands and Italy, but was now being spread around the world through downloads. In the then-current phase, the goal was to establish a broad base of leak-sharing collaborators, so as to “create a kind of ‘dropbox’ community” with “the minimum possible exposure to potential political repression or legal foes.”
By 2012 the Hermes Center for Transparency and Digital Human Rights ONG was set up in Italy.
In a report from the December 2013 Chaos Communication Congress (CCC), John Borland wrote that “the whistleblower-support community has never been healthier.” He explained that the whistleblowing movement was “now filtering into country after country at a smaller level, as local activist and media organizations work with technology providers to fine-tune the collection and solicitation of leaks to specific populations or subject areas.” Much of this work, he noted, “is being facilitated by the Italian GlobaLeaks, a project of the Hermes Center for Transparency and Digital Human Rights.”
As of October 2013, the founders of GlobaLeaks were “writing an app extension and multimedia support, and work on a Tor2web proxy software to facilitate first steps towards some more privacy for wannabe Tor users.”
GlobaLeaks was co-founded and designed by Fabio Pietrosanti and Arturo Filastò. In the 2012 book This Machine Kills Secrets, Andy Greenberg recounts the story of Pietrosanti and Filastò, “a pair of Italian hackers hoping to reshape the future of leaking” and who “say they aim to create the BitTorrent to WikiLeaks’ Napster. Where WikiLeaks was a single, vulnerable target, GlobaLeaks aims to create what they’ve called a ‘worldwide, distributed leak amplification network.’”
Greenberg describes Pietrosanti as “a thirty-year-old security engineer who looks like a twenty-one-year-old actor, small, with big eyes and Tom Cruise hair. Filastò, on the other hand, is an actual twenty-one-year-old former actor, who spent two years playing the gangly, long-haired teen geek heartthrob on a popular Italian soap opera before leaving the TV industry to study mathematics and become a Tor developer.”
Greenberg writes that “The software the two Italians and a few other coders have been working on – and the group merely aims to offer software, not run an active leaking service like WikiLeaks or OpenLeaks – is designed to allow anyone to set up a leaking conduit in minutes, using Tor’s Hidden Services to offer a submissions system that’s both secure and untraceable. Unlike OpenLeaks, GlobaLeaks won’t limit who uses its software, and has posted its source code online for all to see, tweak, and use.”
At the time Greenberg spoke with the two developers, “they were busy meeting with any group who might consider deploying their software to host a niche whistleblower site: two left-wing Italian political parties, a Serbian newspaper, an Italian energy utility that wants to facilitate internal whistleblowing, a British leak site called BritiLeaks, and even Atanas Tchobanov and Assen Yordanov at BalkanLeaks.”
In 2011 GlobaLeaks 0.1 received funding from USAID Serbia.
GlobaLeaks was mentioned by Tor developer Jacob Applebaum during the 30th Chaos Communications Congress as an important new whistleblowing platform that the press hadn’t discovered yet, but would soon.
Brandon Stosh has described GlobaLeaks as “an open source project aimed at creating a worldwide, anonymous, censorship-resistant, distributed whistleblowing platform.” GlobaLeaks seeks “to democratize the WikiLeaks model” and to become “the de-facto standard in technologically-powered whistleblowing, thanks to its unique usability, security and integrable APIs.” The Hermes group “aims to help with the release of information on a different scale than WikiLeaks can address.” Pietrosanti said in December 2013, “We saw that there needed to be a solution or software that would enable any organization to engage in whistleblower solicitation, even at the local level.”
Andy Greenberg has quoted Pietrosanti as saying that Hermes’s goal “is to expand the leaking movement from the current fifty or so WikiLeaks copycats to a network or hundreds or thousands of ‘leak nodes’ run by everyone from U.S. corporations that are legally mandated to run an internal whistleblowing outlet to radical activists that hope to pass their materials on to publishers while using Tor to remain completely anonymous.” GlobaLeaks, wrote Greenberg, “aims to disperse the risk of handling sensitive material over an army of individuals rather than one vulnerable group of intermediaries. ‘Some people may be like Assange, and say, OK, we’ll publish and fight and whatever,’ says Pietrosanti. ‘But lots of people want to fight corruption without taking that much responsibility. If the risk profile of everyone who runs a leak node is reduced, there will be a lot more leak nodes.’” Filastò added: “WikiLeaks taught us something. And it brought the word whistleblower back into the awareness of the public…. But GlobaLeaks is the next logical step.”
In an October 2013 article, “Building an Infrastructure for Whistleblowing,” Tessel Renzenbrink wrote that “there are very few protection mechanisms in place for whistleblowers,” and that because of this, “whistleblowing featured as an important topic at OHM2013, the biggest outdoor hacker festival in Europe.” At the festival, Renzenbrink spoke with people from “several organizations that have started initiatives to build a better whistleblowing infrastructure,” including Filastò, who told her: “Globaleaks is a software designed to allow anybody to easily set up a whistleblower site….It is open source software so anybody can download it, install it and have a whistleblower site set up.” Filastò emphasized that “We provide the technical infrastructure, we don’t run a whistleblowing platform ourselves. The technical part is definitely only one part of running a successful platform. You need to campaign it, review the leaks and create a publishing platform or collaborate with one. But we contribute to this ecosystem by enabling other people to run successful initiatives.”
“On the front end,” Renzenbrink noted, “the software provides a straightforward user interface for leakers. Through a series of clicks they can securely and anonymously submit documents to one or more receivers of their choosing. Receivers can be anyone from journalists to human rights organizations who have made themselves available for the whistleblowing platform. When the leaker decides to include a particular receiver into the submission, he or she will get an email with the documents.” Asked about GlobaLeaks’ security measures, Filastò said: “Globaleaks uses Tor to provide anonymity.” Renzenbrink pointed out that “Tor is free software and an open network that anonymizes Internet traffic; neither the receiver nor anyone intercepting the data packets can observe the identity of the sender. This is accomplished by sending the traffic through a series of encrypted connections over a network run by volunteers.” GlobaLeaks, explained Filastò, “runs a hidden Tor service to ensure the anonymity of the whistleblower and also that of the person or organization running the server. The location of the server is unknown so it can’t be raided. The receivers should not be anonymous because nobody is going to submit anything if you do not know who is on the receiving end.” Moreover, “the submission is encrypted. The file is sent to the receiver using PGP, a program used for encrypting email. The file itself is encrypted as well.”
The organization who develops GlobaLeaks does not run any leaksite. The organization instead, invites anyone to install the software on their own computers, thus making it a node in a distributed private anonymous network. Whereas Wikileaks uses a centralized data distribution system similar to Napster, Globaleaks uses a shared download distribution system similar to BitTorrent.
Once submission are performed on a GlobaLeaks node, the system automatically notifies registered recipients (e.g., local media, NGOs, or even single journalists.).
The founders “strongly suggest to use a Tails CDrom to connect to GlobaLeaks. Tails is a GNU/Linux, fully Torified live CD that does not allow the user to make mistakes installing Tor and that does not leave any trace on the PC that is used.” GlobaLeaks nodes “do not store anything permanently” and “the leaked files are deleted as soon as possible.”
As of the end of 2013, the largest implementation of GlobaLeaks was by PubLeaks in the Netherlands, “a foundation that counts 42 of the country’s biggest media organizations among its members. There, each organization pays €500 per year, and in return receives a special laptop designed to access the leak system.” Borland noted that “When accessing Publeaks from the web, whistleblowers can choose to send information to three of these media organizations. All participating organizations agree to honor embargo periods, enabling information to be examined without immediate publication pressure. The group has already had several high-profile leaks, including one that led to the resignation of a prominent parliamentarian.”
A GlobaLeaks founder has said that “Investigative journalists immediately understood the GlobaLeaks model power, but in fact all journalist can use it, in a way or another, to empower their sources and themselves. They need just to have the time to understand how much their work needs to change.”
As of December 30, 2013, according to an article by Wired reporter John Borland, GlobaLeaks had been “deployed around Europe, by independent journalism and activist groups in Serbia, investigative journalism organizations in Hungary and Italy, and an anti-Mafia group in Italy.” Borland noted that “A GlobaLeaks-powered whistleblowing site in Iceland, called Ljost, today [December 30, 2013] released new documents on that country’s 2008 financial collapse.” Pietrosanti told Borland that GlobaLeaks was “currently talking with organizations in a number of other countries, including several media groups that want to replicate the successful Dutch model.” Borland added that “activists are also examining topic-specific leaks sites for issues such as human rights, wildlife crimes, surveillance, food safety in the United States, and censorship.”
The foundation Radio Free Asia (RFA) has funded the project for potential use in countries ruled by dictatorships, in environments with a high level of criminal infiltration, and in places where the Internet is strictly controlled.
One whistleblowing platform that runs the GlobaLeaks software is the Belgium-based Associated Whistleblowing Press Press. AWP co-founder Pedro Noel describes AWP as “a nonprofit organization which struggles for freedom of expression and against human rights violations by means of whistleblowing.”
The following table show the list of initiatives using GlobaLeaks software:
- Associated Whistleblowing Press
- Tor (anonymity network)
- Pretty Good Privacy
- Tails (operating system)
- Filastò, Arturo (6 September 2011). "Globaleaks demo of the Prototype online!". Full Disclosure mailing list. http://seclists.org/fulldisclosure/2011/Sep/38. Retrieved 21 January 2012.
- 28th Chaos Communication Congress. "Workshops/GlobaLeaks". Retrieved 21 January 2012.
- 28th Chaos Communication Congress (28 December 2011). "Social Hacking with GlobaLeaks". Retrieved 21 January 2012.
- 30th Chaos Communication Congress (29 December 2013). "Whistleblowing_Everywhere". Retrieved 5 February 2014.
- 30th Chaos Communication Congress (29 December 2013). "GlobaLeaks". Retrieved 5 February 2014.
- "Whistleblowing Rippling into New Corners". wired.com. Retrieved 22 February 2014.
- OHM2013 (2 August 2013). "Digital Whistleblowing with GlobaLeaks". Retrieved 5 February 2014.
- OHM2013 (2 August 2013). "Setting up a Whistleblowing or Leaking initiative with GlobaLeaks". Retrieved 5 February 2014.
- "‘GlobaLeaks’ Lets You Create Your Own WikiLeaks". Ultra Culture.
- Renzenbrink, Tessel. "Building an Infrastructure for Whistleblowing". Tech the Future.
- "GlobaLeaks e la protezione delle fonti nell’era digitale: intervista a Claudio Agosti". Web Magazine. Apr 28, 2013.
- Halliday, Josh. "Wall Street Journal faces backlash over WikiLeaks rival". The Guardian.
- Pietrosanti, Fabio (15 December 2010). "An idea of leaking alternative to wikileaks". Full Disclosure mailing list. http://lists.grok.org.uk/pipermail/full-disclosure/2010-December/077954.html. Retrieved 15 December 2010.
- "GlobaLeaks, concepto de WikiLeaks con alma de BitTorrent". Bitelia. Jan 27, 2011.
- "GlobaLeaks Project Plan". Retrieved 1 January 2012.
- Borland, John (Dec 30, 2013). "Whistleblowing Rippling into New Corners". Wired.
- Stosh, Brandon (Oct 21, 2013). "Interview with GlobalLeaks – The Open Source Whistleblowing Platform". Freedom Hacker.
- "This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight". Google Books.
- "Open Technology Fund". Retrieved May 2012.
- "GlobaLeaks API on apiary.io".
- Greenberg, Andy (26 January 2011). "GlobaLeaks Wants To Be The Bittorrent To WikiLeaks' Napster". Forbes. Retrieved 21 January 2012.
- Chiusi, Fabio. "How to protect the next Snowden". International Journalism Festival.
- "http://www.juznevesti.com/". juznevesti.com. Retrieved 30 April 2014.
- Dreyfus, Suelette. "Whistleblowers: gagged by those in power, admired by the public". theguardian.com. Retrieved 25 February 2014.
- Veal, Lowana. "Alternative to Wikileaks Arises in Iceland". inter press service. Retrieved 25 February 2014.
- "MagyarLeaks accepts leaked documents via Tor". atlatszo.hu. Retrieved 30 April 2014.
- "Vanaf vandaag: anoniem lekken naar media via doorgeefluik Publeaks". volkskrant.nl. Retrieved 22 February 2014.
- "Handling ethical problems in counterterrorism An inventory of methods to support ethical decisionmaking". RAND Corporation. Retrieved 24 February 2014.
- Chavkin, Sasha. "Initiatives seek to protect anonymity of leakers". the international consortium of investigative journalists. Retrieved 25 February 2014.
- Giulietti, Cristian. "President of IRPI Cecilia Anesi talks about secure leaks platform IRPILeaks". onlinejournalismblog.com. Retrieved 22 March 2014.
- Schlamp, Hans-Jürgen. "MafiaLeaks site calls on victims to inform on gangsters". bbc.co.uk. Retrieved 22 February 2014.
- "MafiaLeaks: Italian Portal Takes Aim at Organized Crime". spiegel.de. Retrieved 22 February 2014.
- Hern, Alex. "MafiaLeaks promises whistleblowers safety from the Family". theguardian.com. Retrieved 22 February 2014.
- Neme, Lauren. "New WildLeaks Website Invites Whistle-Blowers on Wildlife Crime". nationalgeographic.com. Retrieved 22 February 2014.
- Drake, Nadia. "A New Website That Lets Tipsters Report Wildlife Crimes". wired.com. Retrieved 22 February 2014.
- "WildLeaks launched - the WikiLeaks for wildlife". theecologist.org. Retrieved 22 February 2014.
- Amato, Sal. "Wildlife Crime Whistleblowers: Exclusive Interview with WildLeaks Founder Andrea Crosta". annamiticus.com.
- Garrett, Jemima. "Wildleaks forest crime whistleblower site looks to Asia Pacific - Interview to Andrea Crosta and Fiachra Kearney". Radio Australia. Retrieved 3 April 2014.
- Carrington, Damian. "WildLeaks attracts major wildlife crime leads in first three months". [The Guardian]. Retrieved 13 June 2014.
- Gharbia, Sami Ben. "Nawaatleaks: نواة تطلق موقعا خاصا و آمنا لتسريب الوثائق السرية". Nawaat.
- Sánchez, Juan Luis. "eldiario.es, medio colaborador de la nueva herramienta de filtraciones anónimas Filtrala". el diario. Retrieved 23 April 2014.
- Renzenbrink, Tessel. "The Associated Whistle-Blowing Press launches Spanish leak site". techthefuture.com. Retrieved 23 April 2014.
- KEANE, BERNARD. "Media Direct: towards better security for whistleblowers". [Crikey]. Retrieved 4 July 2014.
- "Al via ExpoLeaks la prima piattaforma per la trasparenza di Expo2015". Wired.
- "ExpoLeaks: trasparenza anti-corruzione, con l’aiuto di tutti". La Stampa. Retrieved 11 June 2014.
- Di Salvo, Philip. "ExpoLeaks, whistleblowing per Expo". European Journalism Observatory. Retrieved 11 June 2014.