100Reporters

From LeakDirectory

Jump to: navigation, search

Contents

General Notes

https://100r.org/about/mission/

100Reporters is a revolutionary news organization, dedicated to forging new frontiers in responsible journalism. It joins 100 of the planet’s finest professional reporters with whistle-blowers and citizen journalists across the globe, to report on corruption in all its forms. The organization, spearheaded by veteran foreign correspondents of top-tier news outlets, aims to raise the caliber, impact and visibility of citizen-driven investigative journalism, as a means of promoting transparency and good government.


This website makes use of PrivacyBox.de to give it a secure dropbox and meassage acknowledgment system, using Tor and / or I2P.

They also now publish several PGP Public Encryption keys (their first one expired after only 3 months)


Contact Details

website: https://100r.org

Press Enquiries

No

General Enquiries

Unencrypted contact form: http://100r.org/contact/

Email contacts:

Executive Editor Diana Jean Schemo at djschemo@100r.org

Senior Editor Leslie Wayne at wayne@100r.org

Postal Address:

No

Social Media / Networks

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.

Twitter

https://twitter.com/#!/100Reporters

FaceBook

https://www.facebook.com/100Reporters

Blog

No

Financial Donation methods

Foundation grant

https://100r.org/about/our-founding/

100Reporters was co-founded earlier this year[2011] by Diana Jean Schemo and Philip Shenon, former correspondents for The New York Times, and made possible through a generous planning grant from the Ford Foundation.

Currently accepting submissions of whistleblower leaks ?

Yes

Explicit promises about Anonymity, Privacy or Security

No

Restrictive legal Terms & Conditions

No

Practical Advice on preserving Whistleblower Anonymity

Some advice on the Whistleblower Alley page:

https://100r.org/wa/

Leak Submission Encryption

Digital Certificate fingerprints published on their website:

Yes for PrivacyBox.de SSL web form

https://privacybox.de/cgi-bin/tram_msg.pl?sus=ohr SHA1 fingerprint: 20036CE77B82C5FBEA94D3009D2D97D1966064BB

No for the main https://100r.org website SHA1 fingerprint: d3 2c 85 fe db 3f 9c 9f 5c d4 d0 2a 5a ac ac 8c 42 de e3 fd


Qualsys SSLLabs SSL Server Test rating:

Main 100r.org website:

https://www.ssllabs.com/ssldb/analyze.html?d=100r.org

Overall rating: **C [52]**

Certificate: 100

Protocol Support: 55

Key Exchange 40

Cipher Strength: 60

Weak export cipher suites (40bit and 56bit), BEAST man-in-the-middle attack vulnerable

Certificate Authority: COMODO High-Assurance Secure Server CA

Serial Number: 6E:43:0F:F4:2B:2B:96:DF:CB:BC:A1:72:A2:DB:ED:D9

Expiry: (18/10/2014 23:59:59 GMT)


PrivacyBox.de web form:


https://www.ssllabs.com/ssldb/analyze.html?d=100r.org

Overall rating: **A [85]**

Certificate: 100

Protocol Support: 85

Key Exchange 80

Cipher Strength: 90

BEAST man-in-the-middle attack vulnerable

Certification Authority: Thawte Server CA

Serial Number: 4A:77:B2:B1:45:B2:04:07:2C:EE:D6:B2:C7:95:40:97

Expiry: 20/06/2012 00:59:59

PGP Public Encryption Key

URL to web page or downloadable .asc text file

Tips for 100 Reporters (2012 PGP Key) <tips@100r.org>

https://100r.org/ohr_pgp_key.asc

Link to a key Public PGP Keyserver e.g.

http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x0DCCBB65E190BB6E

PGP ID: 0xE190BB6E

Created: 25/01/2012

Expires: 01/01/2013

Type: RSA 2048/2048

Cipher: AES-256

PGP fingerprint: E63E BA46 6B08 CD51 E427 AF8B 0DCC BB65 E190 BB6E

See also

Diana Jean Schemo (PGP Key for 2012) <djschemo@100R.org>

http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x209BD6D07EA09ADB

and

Jonathan Hutcheson (2012 PGP Key) <jh@100r.org>

http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x6628FF27F17C20D6


TOR Hidden Service

Yes via PrivacyBox.de

http://c4wcxidkfhvmzhw6.onion/ohr.msg

I2P eepsite

Yes via PrivacyBox.de

http://privacybox.i2p/cgi-bin/tram_msg.pl?mobi=0&sus=ohr&lang=en

PrivacyBox.de

Yes

https://privacybox.de/ohr.msg

Hushmail Secure Form

No

Leak Submission Anonymity

Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:

TOR users blocked from access

No

3rd Party or persistent tracking cookies or graphics

Yes - FaceBook, Google, Wordpress etc. on the main website https://100r.org / http://100r.org

CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha

No

Mixed mode non-SSL graphics or style sheets

Yes for the main website, nNo for the PrivacyBox.deweb forms.

Embedded video clips or deep linked graphics etc. from another website e.g. YouTube

No

Flash file uploader class

No

Communications / Acknowledgement back to the whistleblower via the website

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

Yes via PrivacyBox.de


Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

No

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.

Yes via PrivacyBox.de

Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:

Domain Name Registrar

GoDaddy.com, Inc.

www.godaddy.com

United States of America

Multiple Internet Service Providers, in different legal jurisdictions ?

No

100r.org [216.70.70.100]

http://mediatemple.net

Domain Name Server(s) & jurisdiction(s)

ns2.mediatemple.net [70.32.65.137]

ns1.mediatemple.net [64.207.128.246]

United States of America

Alternate Domain Name aliases

No

Actual Physical Mirrors of the website:

No

Content available via BitTorrent etc P2P etc.

No

Hosting of Mirrors of other whistleblowing websites

No

Open Source software published

No

Personal tools