Unileaks will accept restricted or censored material of political, ethical, diplomatic or historical significance which is in some way connected to higher education, an agency or government body working in partnership with an institution, e.g., a University.'
2. Our anonymous electronic drop box
Unileaks has an electronic drop box if you wish to provide original
material to our journalists.
Unileaks accepts a range of material, but we do not solicit it. If you are going to send in material it should be done as securely as possible.
Please review TOR which helps assist in improving online security:
2.1 Its easy to submit
Our drop box is easy to use but as yet provides no encryption
so if you’re not using a secure network we can’t be assured it’s not
going to be intercepted. We advise you to use the TOR Network
Details are below
There is currently no working dropbox, neither plaintext nor encrypted
Submitting documents to our journalists is protected by law in better democracies.
We never keep logs of who uses the drop box or where they are coming from.
You might also want to use the secure TOR network ([http:www.torproject.org/about/overview.html.en Tor] is a secure anonymous distributed network that provides maximum security.
Despite having no encryption whatsoever (apart from the Google Analytics
tracking web bug!) UniLeaks.org have already had some mainstream media
articles published e.g. in the UK Guardian / Observer on Sunday 12th
This mainstream media publicity has lead to website load infrastructure problems, typical of those experienced by WikiLeaks.org (not confirmed with Unileaks)
Update 6th December
Unileaks.org are improving their anonymity and security precautions.
They have stopped offering their advertised unencrypted electronic "dropbox"
Unileaks has had to suspend the use of it's drop box while we develop new security measures.
Although it has been claimed they used Google Analytics this was only built into the content management system running the site. Unileaks no longer use this system.
Unileaks.org have published a PGP Public encryption key.
You may post only to our post office box in Australia. We are working on networking alternatives around the world and are currently in contact with a similar organisation to make use of their network.
In Australia: PO Box 150, Brunswick East, VIC, 3057, AUSTRALIA.
To: "UL" or any name likely to evade postal censorship in your country.
Social Networking publicity
Blog / RSS
Financial Donation methods
Probably PayPal (link not active)
Currently accepting submissions of whistleblower leaks ?
Leak Submission Encryption
No - Encrypted system soon to be implemented.
Digital Certificate fingerprints published on their website:
No - but coming shortly
Qualsys SSLLabs SSL Server Test rating:
PGP Public Encryption Key
N.B. this currently gives a 404 Not Found error
Also via public PGP keyservsers e.g.
email: Unileaks <firstname.lastname@example.org>
PGP ID: 93E482BD
Type: RSA 3072
Cipher: AES 256
PGP fingerprint: 7C5F 67B5 5C06 36C4 D094 F622 30C0 B1CC 93E4 82BD
TOR Hidden Service
UniLeaks.org do point people towards the TOR project website, but do **not** offer a TOR Hidden Service
Hushmail Secure Form
Leak Submission Anonymity
TOR users blocked from access
3rd Party or persistent tracking cookies
Uses Google Analytics so Google and the US Government etc. have access
to the IP addresses and web browser details of
visitors to the UniLeaks.org website, including anyone using their
Submission Form dropbox file uploader.
CAPTCHA graphics generated from another website e.g. Google Re-Captcha
Mixed mode non-SSL graphics or style sheets
Embedded video clips or graphics etc. from another website e.g. YouTube
They are giving Twitter the IP address and web browser details of visitors to their home page, because thay have deep linked directly to Twitter logos and graphics on servers in the USA, rather than serving local copies of them from their own website.
Since it more likely than not that whistleblower sources will have visited this home page, before getting through to the submissions pages, perhaps even before they have decided to trust Unuilieaks.org th
Flash file uploader class
Communications / Acknowledgement back to the whistleblower via the website
Acknowledgement of receipt of information
e.g. file upload success indicator - has the leak message or upload actually been received successfully ?
Leak analysis work flow status reporting
e.g. Has anyone actually looked at what the whistleblower has submitted ?
Private message box
e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.
Domain Name Resilience
Domain Name Registrar
Active Registrar, Inc
Portland , Oregon, USA
Multiple Internet Service Providers, in different legal jurisdictions ?
Domain Name Server(s) & jurisdiction(s)
(only 1 Name Server, running on the IP address as the web server !)
axxs.org is hosted by Hetzner Online AG in Germany(DE) but is controlled by
Web Server hosting jurisdiction(s)
www.unileaks.org [220.127.116.11] is hosted by Hetzner Online AG in Germany(DE)
Alternate Domain Name aliases
Actual Physical Mirrors of the website:
Content available via BitTorrent etc P2P etc.