nettime's avid reader on Tue, 10 May 2011 11:41:48 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Don't Leak to the Wall Street Journal's New Wikileaks Knockoff

Donât Leak to the Wall Street Journalâs New Wikileaks Knockoff ->

Adrian Chen â The Wall Street Journal is trying to make a play for 
whistleblowers with its very own Wikileaks clone, SafeHouse. But SafeHouse 
is the opposite of safe, thanks to basic security flaws and fine print that 
lets the Journal rat on leakers.

SafeHouse, which launched today to much fanfare, promises to let leakers 
"securely share information with the Wall Street Journal," by uploading 
documents directly to its servers, just like Wikileaks! But unlike 
Wikileaks, SafeHouse includes a doozy of a caveat in its Terms of Use:

> "Except when we have a separately negotiated confidentiality agreementâ
> we reserve the right to disclose any information about you to law
> enforcement authorities or to a requesting third party, without notice,
> in order to comply with any applicable laws and/or requests under legal
> process, to operate our systems properly, to protect the property or
> rights of Dow Jones or any affiliated companies, and to safeguard the
> interests of others."

So, go ahead and upload your explosive documents to SafeHouse. But if they 
publish a scoop based on your material and someone gets mad, they can sell 
you out to anyone for any reason, including the insanely broad one of 
safeguarding "the interests of others." (And Rupert Murdoch, who controls 
the paper, sure has a lot of interests!)

Although you might get outed by hackers before you're sold out to the cops. 
Despite the WSJ's assurances that the SafeHouse submission system is 
secure, it is "rife with amateur security flaws." Security researcher Jacob 
Appelbaum has been tweeting out a stream of holes he's spotted in 
SafeHouse's security. He calls the Journal's claim that people submitting 
documents can remain anonymous if they choose a "blatant lie". Appelbaum 
knows a thing about security: He's one of the chief developers of the 
anonymizing software TOR, which SafeHouse ironically recommends leakers use 
to help hide their identity. (Granted, Appelbaum has a horse in the race, 
since he's been a prominent Wikileaks volunteer.)

Bottom line, writes Appelbaum: "[The Wall Street Journal is] negligent and 
this is the wrong project to beta-test on an open internet."

Wikileaks has attracted its high-profile leaks because of its unequivocal 
promise to protect the anonymity of all leakers and its super-secure 
submission system. SafeHouse portrays itself as a similarly, um, safe space 
for leakers. In fact it offers threadbare protections and could sell you 
out on a dime. SafeHouse's only real similarity to Wikileaks is that both 
benefit megalomaniacal Australians.

By all means, call up Journal editors with a hot tip if you've got one. But 
leak to SafeHouse at your peril.

Update: A WSJ spokeswoman told Forbes that SafeHouse is updating its 
encryption. (Forbes has a good in-depth account of the security holes.)

As for the sketchy terms of service, she says:

> "There is nothing more sacred than our sources; we are committed to
> protecting them to the fullest extent possible under the law. Because
> there is no way to predict the breadth of information that might be
> submitted through SafeHouse, the Terms of Use reserve certain rights in
> order to provide flexibility to react to extraordinary circumstances.

So, just don't send any extraordinary documents and you should be OK.

#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info:
#  archive: contact: