How to leak a secret and not get caught

Marcos el Ruptor ruptor at cryptolib.com
Sat Jan 13 12:31:02 EST 2007


It won't work.

1) Fakes: The number of fakes will be so overwhelming that no one will trust 
the real documents. Just take a look at the number of fake movie torrents 
out there or the amount of bs on wikipedia! Only designs, figures and source 
code cannot be faked because anyone can check if the design works or 
doesn't, if the figures add up or not, and if the source makes sense and 
compiles to the right executable or not. But names, dates, policies, 
regulations, etc. all can and will be faked to reduce public trust to that 
web site to zero. And even those documents that cannot be faked can be 
easily altered and resubmitted to the network by thousands claiming all the 
other fakes to be fakes. Only the authors can ultimately proove the 
document's authenticity. To everyone else, verification and removal of fakes 
inherently takes much more time than submitting them. Even new legitimately 
looking fakes can be easily created to produce the necessary public 
reaction: people love scandals, so why not give them scandals? The site will 
be flooded with fakes that serve those who have a greater need and more 
resources to create and submit those fakes.

2) Monitoring: No government employee or anyone in his right mind would risk 
visiting www.wikileaks.org without authorisation or downloading their client 
software from anywhere else and then expect not to get investigated, 
interrogated and ultimately caught just for being the only person with 
access to that information or possibly even the only person in that city or 
in that small country who did that [shortly before the document appeared 
online... just to be assimilated into the pile of fakes]. One would have to 
be really stupid to think that their government doesn't monitor all the 
internet traffic in their own country, marking everyone visiting that site 
as a potential traitor, rebel or criminal.

The idea is interesting for the difficulty of its secure implementation, but 
in reality they'll just help out all those governments in catching their 
traitors and in creating the scandals that suit them. Any such system is 
doomed to fail in general, but a few interesting documents might still leak 
out.

Ruptor

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list