FolhaLeaks
From LeakDirectory
General Notes
http://folhaleaks.folha.com.br/informacao
Folhaleaks is a program designed to receive information that can generate reports of public interest, the following conditions:
Folha do a rigorous screening of information and documents received.
Folha does not publish information which has not been checked and confirmed by its team of reporters.
Folha is committed to maintaining the anonymity of sources who do not want to be identified.
FSP reserves the right to publish or not the information received.
Folha does not pay sources for information. Participation in the program is voluntary.
(translated from Brasilian Portuguese)
The web form uses the same stylesheet and layout as the main Folha de S.Paulo newspaper website, so it is full of third party graphics and video inserted by FaceBook and by various banner advertisers, all of which get access to the web browser and IP address details of the supposedly anonymous web form visitors.
Given the levels of political and police corruption in Brazil, this is not the way to protect anonymous whistleblower sources.
Contact Details
website:
http://folhaleaks.folha.com.br/
Press Enquiries
No
General Enquiries
- email:
- telephone:
- mobile phone / SMS text message:
- fax:
Postal Address:
Main Newspaper address:
Folha de S.Paulo
Alameda Barão de Limeira, 425, 6º andar
Campos Elíseos, São Paulo, SP
CEP 01202-900 - PABX 3224-3090
Social Media / Networks
Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.
Not specifically for Folhaleaks
Not specifically for Folhaleaks
Blog
No
Financial Donation methods
No
Currently accepting submissions of whistleblower leaks ?
Yes
Explicit promises about Anonymity, Privacy or Security
Folha is committed to maintaining the anonymity of sources who do not want to be identified.
Restrictive legal Terms & Conditions
No
Practical Advice on preserving Whistleblower Anonymity
No
Leak Submission Encryption
None
Digital Certificate fingerprints published on their website:
No
Qualsys SSLLabs SSL Server Test rating:
not applicable
PGP Public Encryption Key
No
TOR Hidden Service
No
I2P eepsite
No
PrivacyBox.de
No
Hushmail Secure Form
No
Leak Submission Anonymity
Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:
TOR users blocked from access
No
3rd Party or persistent tracking cookies or graphics
No
CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha
No
Mixed mode non-SSL graphics or style sheets
No (no SSL)
Embedded video clips or deep linked graphics etc. from another website e.g. YouTube
Yes
The web form uses the same stylesheet and layout as the main newspaper website, so it is full of third party graphics and video inserted by FaceBook and by various banner advertisers, all of which get access to the web browser and IP address details of the supposedly anonymous web form visitors.
Flash file uploader class
No
Communications / Acknowledgement back to the whistleblower via the website
The Public Contribution Form does ask for optional details such as: Home Address, Telephone Number, Mobile Phone Number, Email Address and Preferred Contact Details/Arrangements
Acknowledgement of receipt of information
e.g. file upload success indicator - has the leak message or upload actually been received successfully ?
Yes
Your information was successfully sent and the documents were filed under the identification number:
[number]
In case of contact with the newspaper, please quote the above number for easy identification of the case.
If you enter an email address into the unencrypted web form, the above acknowledgment (in Portugeuse) is emailed to you from folhaleaks@grupofolha.com.br
Unfortunately the smtp.folhaonline.com.br mail server does not use the STARTTLS protocol (understood by Google Gmail, Hushmail etc.) to encrypt the email at least to the next SMTP mailserver.
The Government, Police, intelligence agencies and criminal gangs etc. in Brasil will have no difficulty in capturing the Communications Data that this email exchange creates and together with the unencrypted Acknowledgement number, they will have actual proof against any whistleblower who contacts Folha de S.Paulo through this method.
Leak analysis work flow status reporting
e.g. Has anyone actually looked at what the whistleblower has submitted ?
No
Private message box
e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.
No
Domain Name Resilience
The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:
Domain Name Registrar
Brazil
Multiple Internet Service Providers, in different legal jurisdictions ?
No
folhaleaks.folha.com.br [200.147.118.32] is from Brazil(BR) in region South and Central America</span>
Domain Name Server(s) & jurisdiction(s)
borges.uol.com.br
andromeda.folhasp.com.br
eliot.uol.com.br
lupus.folhasp.com.br
Legal jurisdiction: Brazil
Alternate Domain Name aliases
No
Actual Physical Mirrors of the website:
No
Content available via BitTorrent etc P2P etc.
No
