Comment by ckastner

8 years ago

From The Intercept's "how to pass on tips" page [1]:

> We’ve taken steps to make sure that people can leak to us as safely as possible. Our newsroom is staffed by reporters who have extensive experience working with whistleblowers, as well as some of the world’s foremost internet security specialists. Our pioneering use of the SecureDrop platform enables you to communicate with our reporters and send documents to us anonymously.

I think it's shocking that nobody at The Intercept was aware of the yellow dots, or other metadata (eg printer-specific output artifacts) that might facilitate the revelation of the anonymous source. This is so careless of them that I'm led to believe that they don't have a formal scrubbing step at all.

Of course, I might be biased a bit here because I dislike Greenwald so much for how he handled the Snowden leaks. The risks Snowden took and the sacrifices he made are incomparable, but "it took Greenwald several more months and help from experts before he could learn relatively basic tools like PGP encryption."

[1] https://theintercept.com/leak/

[2] https://www.dailydot.com/layer8/edward-snowden-gpg-for-journ...

Edit: I think it's shocking because assisting whistleblowers and protecting their anonymity seems central to The Intercept (which I believe is commendable), so they, of all people, should know better -- if not best.

Despite my criticisms of other comments of yours, this is an extremely cogent point. The Intercept should, nay, must have policies, procedures, and checks in place to prevent foul-ups of this nature. And must also produce a post-mortem on this incident.

Screw-ups happen. Repeated screw-ups show a systemic failure.

> other metadata (eg printer-specific output artifacts)

This is actually a really good point. I've been rolling my eyes a bit at people smugly pretending they knew what DocuColor was last week, or equating it with things like EXIF data that are far more widely known.

But you don't have to know about DocuColor specifically to avoid this issue, you just have to suspect that printer outputs are a threat vector for something identifiable.