Probably more secure than the Drafts folder on a shared Gmail account
May 15, 2013 8:46 AM   Subscribe

Today The New Yorker unveiled Strongbox, a service that allows sources to share information with TNY journalists securely and anonymously. As explained in this infographic, Strongbox relies on the Tor network, a dedicated server, PGP encryption, VPNs, and multiple laptops and thumb drives to prevent files from being intercepted or traced. The codebase, which is open source, was designed by the late Aaron Swartz (Previously). Kevin Poulsen, one of the organizers of the project, chronicles how Swartz developed the code and how the project managed to carry on after his death. TNY hopes that Strongbox will help the magazine continue its long tradition of investigative journalism.
posted by Cash4Lead (34 comments total) 35 users marked this as a favorite
 
Not so on-topic, but: That 'infographic' is close to the nadir of information design, adding absolutely nothing to a simple bullet list containing the same text.
posted by signal at 9:01 AM on May 15, 2013 [13 favorites]


Yes, but why use a bullet list when you can have a Qbert level
posted by theodolite at 9:02 AM on May 15, 2013 [29 favorites]


Man, people take those caption contests super seriously.
posted by mph at 9:03 AM on May 15, 2013 [29 favorites]


Worse than a bullet list. I kept reading items in the wrong order.

The actual project and the history of its development is very interesting. I look forward to going through these links in more detail.
posted by figurant at 9:04 AM on May 15, 2013


If that infographic is accurate, there is still the risk that anonymous whistleblowers might be tracked and killed by Coily.
posted by Kabanos at 9:04 AM on May 15, 2013 [18 favorites]


dammit theodolite
posted by Kabanos at 9:06 AM on May 15, 2013


Finally a journalism outlet I can trust with pictures of my balls.
posted by Potomac Avenue at 9:17 AM on May 15, 2013 [8 favorites]


I mean illegal land developments in Iraq.
I meant.
posted by Potomac Avenue at 9:17 AM on May 15, 2013 [2 favorites]


Would be cool if it were an elaborate honeypot by NYorker to catch DOJ hackers.
posted by newdaddy at 9:28 AM on May 15, 2013


The New Yorker is pissed. This move to use some of the same technology as Wick-E-Leeks seems to be a big middle finger directed at this administration (and the previous too, if you like).
posted by RobotVoodooPower at 9:30 AM on May 15, 2013 [4 favorites]


a big middle finger directed at this administration (and the previous too, if you like).

There is an entire world and future administrations to direct a big middle finger at.

Lets not just limit this to 1 place and a short period of time.
posted by rough ashlar at 9:39 AM on May 15, 2013 [2 favorites]


Interesting. They're joining outlets like ABC News, WSJ Safehouse and others. See Leak Site Directory for a more comprehensive list.
posted by zarq at 9:45 AM on May 15, 2013 [2 favorites]


And here are those TNY journalists in action.
posted by markkraft at 9:45 AM on May 15, 2013


Can someone more familiar with the New Yorker's history post links some of their past investigative articles that relied on anonymous tip offs? I'd love to read a few of them.
posted by surenoproblem at 9:45 AM on May 15, 2013


Yes, but why use a bullet list when you can have a Qbert level

A good question! quop quop quop @!#?@!

This is a very interesting development in the context of that business with the AP's phone records. Could it possibly be that the press in the US is finally starting to awaken to the fact that they have to actually push against the government, and not just roll over whenever someone mentions a magic word, like "terror?"
posted by JHarris at 9:46 AM on May 15, 2013 [5 favorites]


I look forward to reading these links. The New Yorker is maybe the very last place I'd expect to see this kind of thing pop up.

With the exception of Seymore Hersh, that is. But he's not unique to the New Yorker, particularly.
posted by From Bklyn at 9:51 AM on May 15, 2013


RobotVoodooPower: "This move to use some of the same technology as Wick-E-Leeks seems to be a big middle finger directed at this administration (and the previous too, if you like)."

This may seem shocking, but the executive branch of the Federal Government is hardly all-encompassing.
posted by schmod at 9:52 AM on May 15, 2013


Speaking of Swartz: Boston judge limits access to Aaron Swartz court records
posted by homunculus at 10:10 AM on May 15, 2013




I fear the weak link is Tor, which is not having a great time of it, especially in China. It would help enormously if more high-profile organisations publicly hosted nodes not only for the bandwidth but also to encourage others to join in - tales of people being arrested because their Tor exit node has been used for kiddy porn is most definitely a chilling effect.
posted by Devonian at 10:21 AM on May 15, 2013 [2 favorites]


I fear the weak link is Tor...tales of people being arrested because their Tor exit node...is most definitely a chilling effect.

I wonder if setting up a non-profit corporation (with poorly-paid employees and everything) to own and operate exit nodes would help with that. It seems like it would be harder to jump to arrests and criminal charges with an organized group than with a single volunteer, especially if that group publicly about journalism, free speech, etc.
posted by cosmic.osmo at 10:31 AM on May 15, 2013 [1 favorite]


This may seem shocking, but the executive branch of the Federal Government is hardly all-encompassing.

When I say "administration" I really mean the DOJ, and certainly not the President who, by ancient tradition, silently watched as Lord Holder defeated Lord "Mark" Filip in a battle of mace and whip, thus claiming the seat of Attorney General, in accordance with the prophecy.
posted by RobotVoodooPower at 10:36 AM on May 15, 2013 [2 favorites]


Oh, and Congress too. And by extension, *us*. Hmm, we're going to need a bigger middle finger.
posted by RobotVoodooPower at 10:43 AM on May 15, 2013 [1 favorite]


It's encouraging that journalists are still making an effort to both protect sources and continue to do investigative journalism, despite the recent attempts by the DOJ to chill free speech. It's also encouraging that they built this project upon Tor, rather than attempting to roll-their-own solution. It took me a second to realize that this was the New Yorker and not the New York Times! Nice headline, btw
posted by antonymous at 11:02 AM on May 15, 2013 [2 favorites]


Can someone more familiar with the New Yorker's history post links some of their past investigative articles that relied on anonymous tip offs? I'd love to read a few of them.

Joshua Rothman goes to great pains to remind us that, yes, The New Yorker does do investigative journalism, but I'm not sure that any of those examples relied on anonymous tips.
posted by Kabanos at 11:19 AM on May 15, 2013 [1 favorite]


Excellent; as JHarris says, maybe the press is waking up at last.

> The New Yorker is maybe the very last place I'd expect to see this kind of thing pop up.

Don't know much about the magazine and its history, do you?
posted by languagehat at 1:06 PM on May 15, 2013


Can someone more familiar with the New Yorker's history post links some of their past investigative articles that relied on anonymous tip offs? I'd love to read a few of them.

Well,there's pretty much all of Seymour Hersh, who as Wikipedia notes 'In a response to an article in The New Yorker in which Hersh alleged that the U.S. government was planning a strike on Iran, U.S. Defense Department spokesman Brian Whitman said, "This reporter has a solid and well-earned reputation for making dramatic assertions based on thinly sourced, unverifiable anonymous sources."'

Don't get me wrong, I love his insider gossip, it just shouldn't be taken as literally true.
posted by PandaMomentum at 2:37 PM on May 15, 2013


Would be cool if it were an elaborate honeypot by NYorker to catch DOJ hackers.

Given that Kevin Poulsen is involved, it's probably the other way around: an FBI-accessible honeypot to ensnare leakers.
posted by indubitable at 6:05 PM on May 15, 2013


I enjoy seeing the strict rules of the New Yorker style guide bending under the sheer weight of acronyms. CDs have become mundane enough to slide under the radar; Tor's an acronym but it appears to have escaped the dreadful pincers of the editors. But IP, PGP, or VPN without periods? That will not stand.

Also, "scare quotes" are a "lot of fun".
posted by 23 at 6:34 PM on May 15, 2013 [1 favorite]


> The New Yorker is maybe the very last place I'd expect to see this kind of thing pop up.

Don't know much about the magazine and its history, do you?


No doubt.
This was asked earlier, but I'll ask it again, what are some notable New Yorker pieces (excepting Mr. Hersh's) that have relied on anonymous sources? Don't get me wrong, I have a deep and abiding love for the magazine, and I think guarding their sources is all around positive, I just don't think of it as first and foremost a magazine of investigative reporting.
posted by From Bklyn at 3:46 AM on May 16, 2013


what are some notable New Yorker pieces (excepting Mr. Hersh's) that have relied on anonymous sources?

At a guess, pieces by Jane Mayer. Her Talk of the Town story, "The C.I.A.'s Travel Agent," includes this line: "A former Jeppesen employee, who asked not to be identified, said recently that he had been startled to learn, during an internal corporate meeting, about the company’s involvement with the rendition flights." This was what happened next.
posted by MonkeyToes at 4:34 AM on May 16, 2013 [3 favorites]


I appreciate the transparency in this system. Other similar systems (yeah, I'm really looking at you, Wikileaks) merely promise that they have great security, but don't actually tell you how their great system operates; which leads me to trust those systems not at all.

That being said, I hope that onion node (http://tnysbtbxsf356hiy.onion) actually uses TLS (https) for submission of content (exit nodes will read your traffic, so encryption is your friend here).
posted by el io at 3:47 PM on May 16, 2013 [1 favorite]


I just checked, el io, and it doesn't (the submit form goes over plain HTTP). However

exit nodes will read your traffic

this is not true, because it's a hidden service; there's no exit node. Or, if you prefer, the exit node is always on the same machine as the service.

Traffic might still be observable on the SOCKS connection between your browser and the first Tor node, but I think most Tor packages work by running a small, client-only Tor node on the same machine as the browser. So exposure there, while possible, would require someone to be running a somewhat odd non-default configuration. (Though to be honest it's the configuration I used just now, out of laziness and not wanting to bother installing Tor software on my own machine… hm…)

Avoiding HTTPS might actually be beneficial here, if it keeps your machine from leaking or caching information from OCSP queries etc..
posted by hattifattener at 7:17 PM on May 16, 2013 [1 favorite]


hattifattener: good point. i'm a bit embarrassed i hadn't thought that through.
posted by el io at 10:54 PM on May 16, 2013


« Older THUD! (only slightly bouncy)   |   Meet the new boss, same as....? Newer »


This thread has been archived and is closed to new comments