FolhaLeaks

From LeakDirectory

Jump to: navigation, search

Contents

General Notes

http://folhaleaks.folha.com.br/informacao

Folhaleaks is a program designed to receive information that can generate reports of public interest, the following conditions:

Folha do a rigorous screening of information and documents received.

Folha does not publish information which has not been checked and confirmed by its team of reporters.

Folha is committed to maintaining the anonymity of sources who do not want to be identified.

FSP reserves the right to publish or not the information received.

Folha does not pay sources for information. Participation in the program is voluntary.

(translated from Brasilian Portuguese)

The web form uses the same stylesheet and layout as the main Folha de S.Paulo newspaper website, so it is full of third party graphics and video inserted by FaceBook and by various banner advertisers, all of which get access to the web browser and IP address details of the supposedly anonymous web form visitors.

Given the levels of political and police corruption in Brazil, this is not the way to protect anonymous whistleblower sources.

Contact Details

website:

http://folhaleaks.folha.com.br/

Press Enquiries

No

General Enquiries

  • email:
  • telephone:
  • mobile phone / SMS text message:
  • fax:

Postal Address:

Main Newspaper address:

Folha de S.Paulo

Alameda Barão de Limeira, 425, 6º andar

Campos Elíseos, São Paulo, SP

CEP 01202-900 - PABX 3224-3090

Social Media / Networks

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.

Twitter

Not specifically for Folhaleaks

FaceBook

Not specifically for Folhaleaks

Blog

No

Financial Donation methods

No

Currently accepting submissions of whistleblower leaks ?

Yes

Explicit promises about Anonymity, Privacy or Security

Folha is committed to maintaining the anonymity of sources who do not want to be identified.

Restrictive legal Terms & Conditions

No

Practical Advice on preserving Whistleblower Anonymity

No

Leak Submission Encryption

None

Digital Certificate fingerprints published on their website:

No

Qualsys SSLLabs SSL Server Test rating:

not applicable

PGP Public Encryption Key

No

TOR Hidden Service

No

I2P eepsite

No

PrivacyBox.de

No

Hushmail Secure Form

No

Leak Submission Anonymity

Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:

TOR users blocked from access

No

3rd Party or persistent tracking cookies or graphics

No

CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha

No

Mixed mode non-SSL graphics or style sheets

No (no SSL)

Embedded video clips or deep linked graphics etc. from another website e.g. YouTube

Yes

The web form uses the same stylesheet and layout as the main newspaper website, so it is full of third party graphics and video inserted by FaceBook and by various banner advertisers, all of which get access to the web browser and IP address details of the supposedly anonymous web form visitors.

Flash file uploader class

No

Communications / Acknowledgement back to the whistleblower via the website

The Public Contribution Form does ask for optional details such as: Home Address, Telephone Number, Mobile Phone Number, Email Address and Preferred Contact Details/Arrangements


Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

Yes

Your information was successfully sent and the documents were filed under the identification number:

[number]

In case of contact with the newspaper, please quote the above number for easy identification of the case.

If you enter an email address into the unencrypted web form, the above acknowledgment (in Portugeuse) is emailed to you from folhaleaks@grupofolha.com.br

Unfortunately the smtp.folhaonline.com.br mail server does not use the STARTTLS protocol (understood by Google Gmail, Hushmail etc.) to encrypt the email at least to the next SMTP mailserver.

The Government, Police, intelligence agencies and criminal gangs etc. in Brasil will have no difficulty in capturing the Communications Data that this email exchange creates and together with the unencrypted Acknowledgement number, they will have actual proof against any whistleblower who contacts Folha de S.Paulo through this method.

Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

No

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.

No

Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:

Domain Name Registrar

https://registro.br

Brazil

Multiple Internet Service Providers, in different legal jurisdictions ?

No

folhaleaks.folha.com.br [200.147.118.32] is from Brazil(BR) in region South and Central America</span>

Domain Name Server(s) & jurisdiction(s)

borges.uol.com.br

andromeda.folhasp.com.br

eliot.uol.com.br

lupus.folhasp.com.br

Legal jurisdiction: Brazil

Alternate Domain Name aliases

No

Actual Physical Mirrors of the website:

No

Content available via BitTorrent etc P2P etc.

No

Personal tools