How easy is it to securely leak information to some of America’s top news organizations? This easy by Laura Hazard Owen.
Laura’s “easy” process has six steps that involve you installing software on your computer (detectable), storing files to be leaked on the same computer (detectable), saving your acknowledgement from the recipient of your leak (detectable).
Although she cautions you to not use a work computer for installing Tor, good advice, but in leak investigations, all computers are generally seized.
In Lowering the Bar for Leakers I suggest leakers and news media should follow this protocol for leaks:
- Write login credentials (not your own), login URL, on paper
- Mail to (news address) – no return address
- News Media: Destroys all leaked credentials upon receipt
A leaker’s part reduces to two steps and it reduces their risk from copying/smuggling documents.
Which one do you think is “easier??
To Laura’s credit, she does list ten (10) SecureDrop sites for publishers still following a sneakernet model of leaking.
We live in an insecure and networked environment. Why cling to copy machine and hard copy models of leaking?