From LeakDirectory

Jump to: navigation, search


General Notes

Unileaks will accept restricted or censored material of political, ethical, diplomatic or historical significance which is in some way connected to higher education, an agency or government body working in partnership with an institution, e.g., a University.'

2. Our anonymous electronic drop box

Unileaks has an electronic drop box if you wish to provide original material to our journalists.

Unileaks accepts a range of material, but we do not solicit it. If you are going to send in material it should be done as securely as possible.

Please review TOR which helps assist in improving online security:


2.1 Its easy to submit

Our drop box is easy to use but as yet provides no encryption so if you’re not using a secure network we can’t be assured it’s not going to be intercepted. We advise you to use the TOR Network

Details are below

There is currently no working dropbox, neither plaintext nor encrypted

Submitting documents to our journalists is protected by law in better democracies.

We never keep logs of who uses the drop box or where they are coming from.

You might also want to use the secure TOR network ([http:www.torproject.org/about/overview.html.en Tor] is a secure anonymous distributed network that provides maximum security.

Despite having no encryption whatsoever (apart from the Google Analytics tracking web bug!) UniLeaks.org have already had some mainstream media articles published e.g. in the UK Guardian / Observer on Sunday 12th June 2011

Nottingham University films students suspected of extremism]

This mainstream media publicity has lead to website load infrastructure problems, typical of those experienced by WikiLeaks.org (not confirmed with Unileaks)

Update 6th December

Unileaks.org are improving their anonymity and security precautions.

They have stopped offering their advertised unencrypted electronic "dropbox"

Unileaks has had to suspend the use of it's drop box while we develop new security measures.

Although it has been claimed they used Google Analytics this was only built into the content management system running the site. Unileaks no longer use this system.

Unileaks.org have published a PGP Public encryption key.

Contact Details

website http://unileaks.org

email: info@unileaks.org


Postal Address:

You may post only to our post office box in Australia. We are working on networking alternatives around the world and are currently in contact with a similar organisation to make use of their network.

In Australia: PO Box 150, Brunswick East, VIC, 3057, AUSTRALIA.

To: "UL" or any name likely to evade postal censorship in your country.

Social Networking publicity





Blog / RSS


Financial Donation methods

Probably PayPal (link not active)

Currently accepting submissions of whistleblower leaks ?


Leak Submission Encryption

No - Encrypted system soon to be implemented.

Digital Certificate fingerprints published on their website:

No - but coming shortly

Qualsys SSLLabs SSL Server Test rating:

Not Applicable

PGP Public Encryption Key



N.B. this currently gives a 404 Not Found error

Also via public PGP keyservsers e.g.


email: Unileaks <media@unileaks.org>

PGP ID: 93E482BD

Created: 28/11/2011

Expires: 28/10/2012

Type: RSA 3072

Cipher: AES 256

PGP fingerprint: 7C5F 67B5 5C06 36C4 D094 F622 30C0 B1CC 93E4 82BD

TOR Hidden Service

UniLeaks.org do point people towards the TOR project website, but do **not** offer a TOR Hidden Service

I2P eepsite




Hushmail Secure Form


Leak Submission Anonymity

TOR users blocked from access


3rd Party or persistent tracking cookies


Uses Google Analytics so Google and the US Government etc. have access to the IP addresses and web browser details of visitors to the UniLeaks.org website, including anyone using their Submission Form dropbox file uploader.


CAPTCHA graphics generated from another website e.g. Google Re-Captcha


Mixed mode non-SSL graphics or style sheets


Embedded video clips or graphics etc. from another website e.g. YouTube


They are giving Twitter the IP address and web browser details of visitors to their home page, because thay have deep linked directly to Twitter logos and graphics on servers in the USA, rather than serving local copies of them from their own website.

Since it more likely than not that whistleblower sources will have visited this home page, before getting through to the submissions pages, perhaps even before they have decided to trust Unuilieaks.org th

Flash file uploader class


Communications / Acknowledgement back to the whistleblower via the website


Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?


Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.


Domain Name Resilience

Domain Name Registrar

Active Registrar, Inc

Portland , Oregon, USA

Multiple Internet Service Providers, in different legal jurisdictions ?


Domain Name Server(s) & jurisdiction(s)

axxs.org []

(only 1 Name Server, running on the IP address as the web server !)

axxs.org is hosted by Hetzner Online AG in Germany(DE) but is controlled by


Web Server hosting jurisdiction(s)

www.unileaks.org [] is hosted by Hetzner Online AG in Germany(DE)

Alternate Domain Name aliases


Actual Physical Mirrors of the website:


Content available via BitTorrent etc P2P etc.


Personal tools