Two years ago I wrote about WSJ SafeHouse, an effort on the part of the Wall Street Journal to start their own version of Wikileaks. The idea was that prospective whistle blowers would have a safe way to send documents to the WSJ, which would, in turn, vet and edit them with an eye to publishing the results in the Journal. Sadly, the effort was stillborn. First, the Journal would not guarantee the whistle blowers anonymity and required that they certify they had the legal authority to upload the documents they were revealing. Second, the site itself was not secure. You can read the details at the link above.
Now The New Yorker is setting up a similar facility under the name Strongbox. Unlike the Journal, they appear to have gotten things right1. Whistle blowers connect to a private segregated server through the Tor network. The New Yorker does not log their IP addresses (which would be useless anyway with Tor) or set cookies on their machines. Each user is given a random ID to serve as a name so that no one at The New Yorker knows their actual identity. If the New Yorker needs to communicate with the user, they leave a message on the server under the user’s ID; the user is responsible for checking for responses. The New Yorker has no other way of communicating with the user. The actual protocol The New Yorker uses takes additional steps to insure the user’s anonymity.
The software that Strongbox uses is called DeadDrop and has an interesting backstory described by Kevin Poulsen. Its chief designer and coder was Aaron Swartz, long a champion of open government as well as open data. DeadDrop is open source software made available under the GPL. If Strongbox and other future DeadDrop sites prosper and help turn over the rocks hiding corruption, it will be another fitting legacy for a man who gave everything for his belief in our right to know.
Footnotes:
1 The anonymity protocol that Strongbox uses appears quite strong to me. I haven’t yet looked at the code that runs on the Strongbox server so I can’t comment on that but given its provenance, as described in the body of the post, it’s reasonable to assume it’s well done.