AJTransparency

From LeakDirectory

Jump to: navigation, search

Contents

General Notes

Al Jazeera offices and journalists have been targets of physical violence and intimidation by various governments, but this satellite TV news channel based in Qatar, has a wide international audience, especially in the Middle East.

It would be astonishing if their internet communications are not being snooped on by several intelligence agencies.

Given the risks which they run, it is sad to see that the Al Jazeera Transparency Unit website is not protecting the anonymity of their whistleblower sources as well as they could.

Launched in January 2011, the Al Jazeera Transparency Unit (AJTU) aims to mobilize its audience - both in the Arab world and further afield - to submit all forms of content (documents, photos, audio & video clips, as well as “story tips”) for editorial review and, if merited, online broadcast and transmission on our English and Arabic-language broadcasts.

We believe that this initiative will allow Al Jazeera's supporters to shine light on notable and newsworthy government and corporate activities which might otherwise go unreported.

From human rights to poverty to official corruption, AJTU will fairly evaluate and pursue all leads and content submitted, without geographical, political, cultural, or religious bias.

All submitted content is subjected to a rigorous vetting and authentication process that encompasses respect for individual privacy, contextualization, and fierce adherence to our tradecraft commitment of "journalism of depth."

They have, so far, published one major scoop on the website Introducing The Palestine Papers

Al Jazeera has obtained more than 1,600 internal documents - minutes, e-mails, memos and more - from a decade of negotiations between the Israeli government and the Palestinian Authority.

N.B. These documents were obtained before the AJTU web form was set up.

Contact Details

website: http://www.ajtransparency.com/ , but no direct contact details published for the AJTU

Contact Web Form

None

Postal Address:

None

Social Networking publicity

The Al Jazeera and its individual journalists, have multiple Social Media networking accounts, but none specifically for the Al Jazeera Transparency Unit

Twitter

https://twitter.com/#!/AJEnglish

FaceBook

https://www.facebook.com/aljazeera

Blog

Multiple blogs:

http://blogs.aljazeera.net/

http://english.aljazeera.net/Services/Rss/

Financial Donation methods

None

Currently accepting submissions of whistleblower leaks ?

Yes

https://upload.ajtransparency.com/submit.aspx


Practical Advice on preserving Whistleblower Anonymity

AJTU do suggest using both PGP encryption and TOR, in addition to their SSL encrypted web form.

N.B. The use of an Adobe / Macromedia Flash file upload plugin destroys the anonymity of TOR for all but the most technically advanced users.

This Flash plugin communicates with the web server

     upload.ajtransparency.com [192.221.111.105] hosted by Level 3 based in the USA

over arbitrary non web traffic port numbers, even if your web browser is successfully using TOR to hide your IP address from the rest of the AJTU web pages.

The AJTU website deep links to graphics pulled from Twitter's web servers, thereby logging every visit to the AJTU web site on Twitter Inc's web server logs. AJTU could easily avoid this by using a copy of those graphics stored locally on the AJTU web server itself.

It is likely that this Communications Traffic Data is available to the United States of America and Middle Eastern government intelligence agencies and could therefore lead to the betrayal of Al Jazeera Transparency Unit whistleblower sources.

Leak Submission Encryption

Digital Certificate fingerprints published on their website:

No

Qualsys SSLLabs SSL Server Test rating:

https://www.ssllabs.com/ssldb/analyze.html?d=upload.ajtransparency.com

Overall rating: D [48]

Certificate: 100

Protocol Support: 55

Key Exchange: 40

Cipher Strength: 50

The AJTU web form is potentially vulnerable to real time decryption through Man-in-the-Middle and cipher strength downgrade attacks, because it is configured to allow the deprecated SSL 2.0 protocol and includes weak 40 bit and 56 bit cipher suites.

If you are planning to use this SSL /TLS encrypted web form, make sure that you first disable the deprecated SSL 2.0 protocol in your web browser.

PGP Public Encryption Key

http://www.ajtransparency.com/files/publickey.asc

http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xE34A82BC081AAEFF

Al Jazeera Transparency (transparency.aljazeera.net) <transparency@aljazeera.net>

PGP ID: 0x081AAEFF

Created: 31/12/2010

Expires: Never

Type: DH/DSS 2048/1024

Cipher: AES 256 bit

PGP Fingerprint: FF4B BF63 21FD AA9E B273 D90A E34A 82BC 081A AEFF

TOR Hidden Service

None

I2P eepsite

None

TOR Hidden Service

I2P eepsite

PrivacyBox.de

Hushmail Secure Form

Leak Submission Anonymity

TOR users blocked from access

No

3rd Party or persistent tracking cookies or graphics

Yes

The AJTU website deep links to graphics pulled from Twitter's web servers, thereby logging every visit to the AJTU web site on Twitter Inc's web server logs. AJTU could easily avoid this by using a copy of those graphics stored locally on the AJTU web server itself.

CAPTCHA graphics generated from another website e.g. Google Re-Captcha

No

Mixed mode non-SSL graphics or style sheets

No

Embedded video clips etc. from another website e.g. YouTube

No

Flash file uploader class

Yes

The Flash uploader plugin communicates with the web server

     upload.ajtransparency.com [192.221.111.105] hosted by Level 3 based in the USA

over arbitrary non web traffic port numbers, even if your web browser is successfully using TOR to hide your IP address from the rest of the AJTU web pages.

All that they are really using Flash for is to provide an animated graphical progress bar during file uploads.

The Wall Street Journal did exactly the same thing when they launched several months after Al Jazeera, but they have replaced this with a more anonymous javascript only progress bar.


Restrictive legal Terms & Conditions

Yes

Mainstream media groups have lots of lawyers, so some of the "small print" Terms and Conditions regarding Copyright and promises to comply with local Law Enforcement requests are often directly contradictory to Whistleblower Anonymity protection. e.g.

https://upload.ajtransparency.com/TOU_AJTU.pdf

Communications / Acknowledgement back to the whistleblower via the website

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

No

Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

No

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.

No

Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:

Domain Name Registrar

 Registrar: NETWORK SOLUTIONS, LLC.
  Whois Server: whois.networksolutions.com
  Referral URL: http://www.networksolutions.com

Network Solutions is the main .COM domain name registrar, based in Herndeon, Virginia, USA

Multiple Domain Name Service providers, in different legal jurisdictions ?

No

a.ns.itmdb.net [205.128.74.51]

b.ns.itmdb.net [206.33.63.51]

d.ns.itmdb.net [4.23.35.51]

itmb.net is part of of Network Solutions, based in Herndon, Virginia, USA

Alternate Domain Name aliases

The following alternate domains are currently available:


ajtransparency.com [207.123.46.125]

www.ajtransparency.com.c.itmdb.net [8.12.202.125]

www.ajtransparency.com {8.12.202.125]

transparency.aljazeera.net [207.123.46.125]

hosted by Level 3 in the United States of America

Actual Physical Mirrors of the website:

None but if the whistleblower story is actually published by Al Jazeera, then there will be multiple copies of the story broadcast on satellite and digital and available online, although their internet websites are regularly censored or banned by various repressive governments.

Content available via BitTorrent etc P2P etc.

None

Personal tools