GlobaLeaks


GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives. It was developed by the Hermes Center for Transparency and Digital Human Rights, an Italian-based NGO supporting freedom of speech online.
The software empowers anyone, even non-technical people, to easily setup and maintain a whistleblowing platform.

History

The project concept was initiated by Fabio Pietrosanti and shared for the first time within the hacktivist community on 15 December 2010.
Relevant figures in the first development are Claudio Agosti, Arturo Filastò, Michele Orrù, Giovanni Pellerano, and Fabio Pietrosanti.
The first prototype was announced on 6 September 2011 on the Full disclosure mailing list.
Asked by an interviewer on how the GlobaLeaks project began, Filastò explained: "After the whole WikiLeaks Cablegate drama we decided to work on this."
The idea for GlobaLeaks "was born from the realization of a need for journalists to ensure the confidentiality of their sources despite an insecure network." It is designed to be used by journalists who do not have advanced computer skills but who need a secure platform to protect their sources. The software enables journalists and their sources to communicate securely, allowing "a continuous flow of data among individuals with complete security." It also enables journalists to verify sources by requesting various kinds of data and documents. Moreover, GlobaLeaks is more flexible than WikiLeaks, which is only in English, and is centralized, with a focus on "events of national and international resonance." GlobaLeaks, by contrast, "allows you to communicate in the language of users and is open to local issues with an impact on everyday life."
Filastò and his partners noted that most leaksites "had poor security," with the vulnerabilities of the Wall Street Journal's whistleblowing dropbox SafeHouse, for instance, being "exposed only hours after it went online." Filastò commented that: "We saw that there is a user base but the developers were doing it wrong. We said: 'we are security people, we can do this better'. So two years ago we came up with an advanced prototype: Globaleaks 0.1. It was an initial experiment but it went quite well. We then redid it from scratch and we're now at version 2.24.".
In 2011, Tor2web, Tor Hidden Service proxy designed by Aaron Swartz and Virgil Griffith, became part of the GlobaLeaks project as a component intended for extending platforms reachability to traditional HTTPS connections.
In 2012, the Hermes Center for Transparency and Digital Human Rights NGO was founded in Italy.

Reception

Brandon Stosh has described GlobaLeaks as "an open source project aimed at creating a worldwide, anonymous, censorship-resistant, distributed whistleblowing platform." GlobaLeaks seeks "to democratize the WikiLeaks model" and to become "the de-facto standard in technologically-powered whistleblowing" focused on the research of the best trade-off between security and usability. The Hermes Center NGO "aims to help with the release of information on a different scale than WikiLeaks can address." Pietrosanti said in December 2013, we identified the needed for a "solution or software that would enable any organization to engage in whistleblower solicitation, even at the local level." he added.
Andy Greenberg has quoted Pietrosanti in saying that Hermes's goal "is to expand the leaking movement from the current fifty or so WikiLeaks copycats to a network of hundreds or thousands of 'leak nodes' run by everyone from U.S. corporations that are legally mandated to run an internal whistleblowing outlet to radical activists that hope to pass their materials on to publishers while using Tor to remain completely anonymous." GlobaLeaks, wrote Greenberg, "aims to disperse the risk of handling sensitive material over an army of individuals rather than one vulnerable group of intermediaries. 'Some people may be like Assange, and say, OK, we'll publish and fight and whatever,' says Pietrosanti. 'But lots of people want to fight corruption without taking that much responsibility. If the risk profile of everyone who runs a leak node is reduced, there will be a lot more leak nodes. WikiLeaks taught us something. And it brought the word whistleblower back into the awareness of the public But GlobaLeaks is the next logical step." Filastò added.
In October 2013, Tessel Renzenbrink wrote in her article "Building an Infrastructure for Whistleblowing" that "there are very few protection mechanisms in place for whistleblowers," and that because of this, "whistleblowing featured as an important topic at OHM2013, the biggest outdoor hacker festival in Europe." At the festival, Renzenbrink spoke with people from "several organizations that have started initiatives to build a better whistleblowing infrastructure," including Filastò, who told her: "Globaleaks is a software designed to allow anybody to easily set up a whistleblower site". Filastò emphasized that "It is open source software so anybody can download it, install it and have a whistleblower site set up. we don't run a whistleblowing platform ourselves but we contribute to this ecosystem by enabling other people to run successful initiatives."

Operation

A GlobaLeaks site utilizes Tor Hidden Services in order to guarantee the anonymity of the source.
Once the submission is performed on a GlobaLeaks platform, the data is encrypted using PGP and the system automatically notifies registered recipients. GlobaLeaks platforms do not store anything permanently and the submitted information and files are deleted as soon as possible with a strict data retention policy.
The process is generally improved by suggesting the sources to use the Tails anonymous operating system while connecting to GlobaLeaks.
JavaScript is required from the user agent to access GlobaLeaks.

Implementations

By 2019, GlobaLeaks has been internationalized in 20+ languages and implemented by several thousands projects and initiatives all over the world. The vast range of adopters include independent media, activists, media agencies, corporations, and more.
Describing the early deployments, Wired reporter John Borland, GlobaLeaks had been "deployed around Europe, by independent journalism and activist groups in Serbia, investigative journalism organizations in Hungary and Italy, and an anti-Mafia group in Italy." Borland noted that "A GlobaLeaks-powered whistleblowing site in Iceland, called Ljost, today released new documents on that country's 2008 financial collapse." Pietrosanti told Borland that GlobaLeaks was "currently talking with organizations in a number of other countries, including several media groups that want to replicate the successful Dutch model." Borland added that "activists are also examining topic-specific leaks sites for issues such as human rights, wildlife crimes, surveillance, food safety in the United States, and censorship."
The largest implementation of GlobaLeaks occurred in 2014 by PubLeaks in the Netherlands, "a foundation that counts 42 of the country's biggest media organizations among its members. There, each organization pays €500 per year, and in return receives a special laptop designed to access the leak system." Borland noted that "When accessing Publeaks from the web, whistleblowers can choose to send information to three of these media organizations. All participating organizations agree to honor embargo periods, enabling information to be examined without immediate publication pressure. The group has already had several high-profile leaks, including one that led to the resignation of a prominent parliamentarian."
Other major organizations supporting the setup of GlobaLeaks based whistleblowing platforms are Free Press Unlimited and Associated Whistleblowing Press.
FPU, a Netherland-based organization, created AfriLeaks and MéxicoLeaks. AfriLeaks was GlobaLeaks' first project outside the western world run by an alliance of 15+ African news organisations that are committed to speaking truth to power. "Whistleblowing is an important instrument that should be used carefully, so future training is now being planned and will continue to take place regularly." said Pellerano to the Guardian.
As for MéxicoLeaks, it is an active independent whistleblowing platform aimed at revealing information for the public interest in Mexico which was awarded the 2016 FRIDA award.
AWP, a Belgium-based organization, created Ljost, Filtrala, EcuadorTransparente and PeruLeaks. AWP co-founder Pedro Noel describes AWP as "a nonprofit organization which struggles for freedom of expression and against human rights violations by means of whistleblowing."
One of the most successful GlobaLeaks projects is WildLeaks, the world's first whistleblower initiative dedicated to Wildlife and Forest Crime funded and managed by the Elephant Action League which reported and investigated various crimes. One of the investigations was highlighted in the award-winning Netflix documentary "".
GlobaLeaks also partnered with major anticorruption and human rights NGOs like Transparency International Allerta Anticorruzione, OCCRP and Amnesty International Amlea.
In 2017, Xnet, an activist project which has been working on and for networked democracy and digital rights since 2008, launched in the Barcelona City Hall the first public Anti-Corruption Complaint Box using anonymity protection technology like Tor and GlobaLeaks. With this pioneering project, the Barcelona City Hall is the first municipal government to invite citizens to use tools which enable them to send information in a way that is secure, that guarantees privacy and gives citizens the option to be totally anonymous.
In 2018 the Italian Anti-Corruption Authority, an administrative watchdog, launched their national online whistleblowing platform using GlobaLeaks and onion services, giving whistleblowers who come forward a secure way to report illegal activity while protecting their identities.

Funding

In 2011, GlobaLeaks 0.1 received funding from USAID Serbia.
In 2012, GlobaLeaks 2.0 had been funded with $108,400 by the Open Technology Fund under the Freedom2Connect program.
In 2013, the project was able to survive with few donations and a lot of volunteer work done by its core members.
In 2014, Hermes Center has been awarded €200,000 by the Hivos Foundation for Project Deployments of Whistleblowing Initiatives in the Global South.
In July 2014, GlobaLeaks project has been funded with ~$234,000 by the Open Technology Fund in order to develop a new Roadmap from Q3/2014 up to Q1/2016 for which all progress reports are publicly available.
In September 2014, Transparency International Italy started up its AntiCorruption Advocacy and Legal Advice Centre with a contribution of €6,000 from an EU grant.