Leaks+Streisandeffect=freedom of speech

In a previous post I wrote about how not to build a leak site. Now, Al Jazeera has made one, and it looks pretty good. Perhaps this is the first ”big media” drop box.

It has https for secure transfers and a GPG public key for an extra layer of encryption. Also, it recommends using Tor to hide your destination. Update: A friend told me on IRC that the GPG key is only 2014 bits. 2048 bits is recommended. (I personally use 4096 for extra security/paranoia).

A good way of detecting a possible man-in-the-middle-attack is to always check the certificate. Also, to make a physical copy of the md5 and sha1 hashsums for continous verification (in Firefox it is under tools -> page info. See image below:

Moreover, Al Jazeera stores no log files, which is the proper way to go.

I am excited to see these technologies spread to lots of other media stations. And for them to be constantly reviewed to increase security.

Meanwhile, on an other corner of the internet, the Streisand Me project was launched this week. It is a mirror site for mirroring content that was blocked for some reasons. By adding fuel to the internet copy-machine, streisand.me utilizes the power of distributed networks to make sure nothing can be blocked… at least not easily.

5 reaktioner till “Leaks+Streisandeffect=freedom of speech”

  1. Did you notice they save a cookie? I wonder why. Clearing your cache after uploading stuff to this site makes sense, of course, so perhaps that cookie isn’t much to worry about. But it sure wouldn’t look good if Mossad knocked on your door to have that cookie on your computer…

  2. ‘Mozilla Corp. plans to add a do-not-track feature to its Firefox Web browser, which could let users avoid having their actions monitored online.The announcement makes Firefox the first Web browser to heed the Federal Trade Commission’s call for the development of a do-not-track system.’

    http://goo.gl/pj3vl

  3. Imported their key and saw that it uses DSA/ELG encryption. DSA 1024-bit for signing/certifying and 2048-bit ELG for the encryption

    I don’t understand why people don’t just set their RSA-keys and the like to 4096-bit lengths, it’s not like they’re used when you need low CPU-load and large data amounts. RSA-keys are normally used to initialize encrypted communication under a different more CPU efficient algorithm, or the files can be decrypted at leisure.

Kommentera

E-postadressen publiceras inte. Obligatoriska fält är märkta *

Time limit is exhausted. Please reload CAPTCHA.