HonestAppalachia

From LeakDirectory

Jump to: navigation, search

Contents

General Notes

https://www.honestappalachia.org/about-us/

Honest Appalachia is designed to help whistleblowers anonymously leak documents to journalists and the public. The website hopes to serve a vital need in Appalachia, by inspiring whistleblowers to make critical information available to an informed citizenry.

In addition, Honest Appalachia hopes to serve as a replicable model for similar projects elsewhere in the United States and around the world. We are willing to offer our assistance to those working on similar projects. We believe that our model can change the way government and industry operate. We believe our model will help in the perennial effort to keep our politicians, our government agencies and our corporations honest.

Honest Appalachia was developed by a group of freelance journalists, transparency activists and computer programmers from Appalachia and beyond. It seeks to adhere to a strict journalistic ethic, maintaining objectivity and nonpartisanship in its activities.

https://docs.honestappalachia.org/overview.html

Honest Appalachia is focused on serving the Appalachia region of the United States of America, so currently our threat model, subsequent design, and recommendations are all based on the surveillance capabilities of US government and law enforcement, and the legal rights of US citizens. Consider Contribute if you want to support other parts of the world.

Much of this documentation refers to evading law enforcement or government surveillance. While whistleblowing is legally protected in the United States, its legal status is loosely and inconsistently defined, primarily at the state level. Therefore we assume the worst, and act to protect whistleblowers even if they could be threatened by unjust uses of the legal system. In a truly just and democratic society, whistleblowers would not need to fear their government and this site would not be necessary in the first place.

1 A user visits the Honest Appalachia upload page, using Tor to anonymize their traffic. All of the pages at the honestappalachia.org domain force access through HTTPS.

2 The upload page confirms that they are using a Tor exit node to communicate, and redirects them to the real upload site, a Tor hidden service.

3 The user is presented with a simple web form allowing them to upload a file and optionally include comments about it.

4 The file and comments are uploaded using HTTP with the Tor hidden service protocol, which is end-to-end encrypted. The user receives a confirmation page and is done.

5 The hidden service encrypts the uploaded file with a GPG public key, then uploads it to Amazon S3 for storage, where is further encrypted with AES-256. The original and encrypted files are securely deleted from the hidden service.

6 An activist for Honest Appalachia downloads the encrypted file from Amazon S3 and uses their private key to decrypt it. They review the upload files, carefully removing any information, like file metadata, that could identify the original source.

7 The cleaned file is distributed to journalists for analysis and publication.


Contact Details

website: https://www.honestappalachia.org/

Press Enquiries

No

General Enquiries

  • email: honestappalachia@gmail.com
  • telephone:
  • mobile phone / SMS text message:
  • fax:

For those who wish to discuss our submission protocol or other sensitive information: honestappalachia@riseup.net

Postal Address:

Also for Postal Document submissions:

Honest Appalachia

P.O. Box 11776

Charleston, WV 25339

United States of America

Social Media / Networks

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.

Twitter

Yes

https://twitter.com/#!/happalachia

FaceBook

Yes

https://www.facebook.com/honestappalachia

Blog

Yes

https://blog.honestappalachia.org/

Entries RSS: https://blog.honestappalachia.org/feed/

Comments RSS: https://blog.honestappalachia.org/comments/feed/

Financial Donation methods

Yes

The project is funded by a grant from the Sunlight Foundation, a government transparency watchdog based in Washington D.C, as well as by private donations.

http://sunlightfoundation.com/

https://www.honestappalachia.org/donate/

You can use your Paypal account or a credit/debit card. Donations are handled by Aurora Lights, an organization offering us infrastructural support.

http://auroralights.org/


Currently accepting submissions of whistleblower leaks ?

Yes

Explicit promises about Anonymity, Privacy or Security

Yes, with sensible caveats

Restrictive legal Terms & Conditions

No

Practical Advice on preserving Whistleblower Anonymity

Yes

https://docs.honestappalachia.org/genindex.html

https://docs.honestappalachia.org/online-submission.html

Leak Submission Encryption

Digital Certificate fingerprints published on their website:

No

Qualsys SSLLabs SSL Server Test rating:

https://www.ssllabs.com/ssldb/analyze.html?d=www.honestappalachia.org

Overall rating: **A [85]**

Certificate: 100

Protocol Support: 85

Key Exchange 80

Cipher Strength: 90


PGP Public Encryption Key

URL to web page or downloadable .asc text file

https://docs.honestappalachia.org/_static/honestappalachia@riseup.net(0xDC3784C2).pub.asc


Link to a key Public PGP Keyserver e.g.

http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=vindex&search=honestappalachia&fingerprint=on

PGP ID: 0xDC3784C2

Created: 10/01/2012

Expires: 09/01/2013

Type: RSA 4096/4096

Cipher: AES-256

PGP fingerprint: 0911 FB4A 07F2 ED6A 924C 37DE 2844 2311 DC37 84C2

TOR Hidden Service

Yes

The online submission system is only accessible via their Tor Hidden Service:

http://honestappalachia.org/upload

via Tor will redirect the Tor Hidden Service

See the online documentation and anonymity advice, for how to install the Tor Browser Bundle

https://docs.honestappalachia.org/online-submission.html

I2P eepsite

No

PrivacyBox.de

No

Hushmail Secure Form

No

Leak Submission Anonymity

Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:

TOR users blocked from access

No

3rd Party or persistent tracking cookies or graphics

No

CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha

No

Mixed mode non-SSL graphics or style sheets

No

Embedded video clips or deep linked graphics etc. from another website e.g. YouTube

No

Flash file uploader class

No

Communications / Acknowledgement back to the whistleblower via the website

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

No

Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

No

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.

No

Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:

Domain Name Registrar

1API GmbH

http://1api.net/aboutus.php

Germany

Multiple Internet Service Providers, in different legal jurisdictions ?

No

honestappalachia.org [174.133.20.162]

ThePlanet.com Internet Services, Inc. Houston, Texas, USA

Domain Name Server(s) & jurisdiction(s)

USA

ns1.webfaction.com [50.56.93.59] ns2.webfaction.com [178.79.142.142] ns4.webfaction.com [173.230.141.144]

Alternate Domain Name aliases

No

Actual Physical Mirrors of the website:

No

Content available via BitTorrent etc P2P etc.

No

Hosting of Mirrors of other whistleblowing websites

No

Open Source software published

Yes

We host all of our code on Github. At the moment there are 3 main repositories:

   honestappalachia

https://github.com/handsomeransoms/honestappalachia

This is the Django website that powers www.honestappalachia.org.

   haps-hidserv

https://github.com/handsomeransoms/haps-hidserv

Our secure upload site.

   haps-docs.

https://github.com/handsomeransoms/haps-docs

This documentation! It is written in ReStructuredText and compiled with Sphinx. There are instructions for contributing documentation in the README.

Personal tools