Donate for the Cryptome archive of files from June 1996 to the present

13 May 2012

How to submit material to Cryptome anonymously


A asks:

How to submit material to Cryptome anonymously?

Cryptome:

To send material to Cryptome anonymously:

1. Consider that the odds are very high that Cryptome or any other disclosure initiative (anonymizer, leak site, paste, doc-drop, torrent) is a deception operation, witting or unwitting, and avoid their use.

2. Protect yourself and never trust any method proposed by a receiver of your material. Never believe assurances of privacy and security for it is customary to deceive about them, witting or unwitting, and inevitable failures are never fully admitted.

3. Presume there are no secure means to anonymously transmit online due to the basic design of the Internet to minutely track transmitted data despite illusory promises of anonymizing, cloaking and hiding services.

4. Presume undisclosed sysadmin surveillance throughout the online transmittal path.

5. Presume there are no fully secure means to encrypt digital material due to the unbridgeable gap between programming limitations of digital data and the engineering indequacies of analog devices to handle it.

6. Presume every program, device and system has a traceable embedded unique ID or electromagnetic performance signature.

7. If a host is used, run a series of test submssions of provocative but benign material to see what happens. Place "dye markers" in the material to trace its movement. Expect tampering, ruse, subterfuge, false assurance.

8. "Not traceable to you," repeated below, is the hardest part only you can do.

However, if you wish to take a risk with Cryptome (or any other), a few suggestions:

If material is digital:

1. Encrypt to our PGP public key on Cryptome.org with a one-time-use PK. Encrypt again with a different one-time-use PK. The encrypting device should not be yours nor traceable to you.

2. Wear surgical gloves and surgical mask for step 2 and 3. (Best is a bio-hazard suit.)

3. Burn data to disk from a one-time use device. The burning device should not be yours nor traceable to you.

4. Package in a container untouched by your bare body. Package in a second container. Packages should not be traceable to you.

5. Mail or ship to our postal address on Cryptome.org from a location distant from your usual location, from a separate country if possible by way of a forwarding service not traceable to you.

If hardcopy 1:

1. Wear surgical gloves and surgical mask for step 2 and 3. (Best is a bio-hazard suit.)

2. Make a copy at a location away from your usual location.

3. Package in a container untouched by your bare body. Package in a second container. Packages should not be traceable to you.

4. Mail or ship to our postal address on Cryptome.org from a location distant from your usual location, from a separate country if possible by way of a forwarding service not traceable to you.

If hardcopy 2:

1. Wear surgical gloves and surgical mask for step 2 - 4. (Best is a bio-hazard suit.)

2. Scan hardcopy to make images or PDFs. The scanning device should not be yours nor traceable to you.

3. Encrypt to our PGP public key on Cryptome.org with a one-time-use PK. Encrypt again with a different one-time-use PK. The encrypting device should not be yours nor traceable to you.

4. Burn data to disk from a one-time use device. The burning device should not be yours nor traceable to you.

5. Package in a container untouched by your bare body. Package in a second container. Packages should not be traceable to you.

6. Mail or ship to our postal address on Cryptome.org from a location distant from your usual location, from a separate country if possible by way of a forwarding service not traceable to you.

Best, be creative, imagine a means to triumph over the advice given here. Don't brag about it.