uploading safely in a hostile environment

the point of Tor is it protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Thus if you are uploading from say N.Korea, Syria, USA etc it is difficult for the authorities to see that you have uploaded to Demotix

It's useful, but it's not a complete solution.

Unless you're sending data that you've already encrypted over Tor, it will still be easily read by anyone interfering with your ISP (as governments will be in some/all of the countries you've given as examples) and anyone snooping on the exit node's traffic.

Thus will be more-or-less traceable to you.

Chirs Tom: Interesting discussion! How relevant is this to members in Europe? And should it be installed as a matter of course, or simply for special occasion? Thanks Lawrence

Tor is OK, but as Tom said, the information really needs encrypting first.

One very simple idea, which was also mentioned on that Frontline video, and one I have needed to use in the past, is that of dropping images into the draft folder of your email account - and then arranging for your editor/agency/trusted friend to open your account (having previously given password).

Tor would technically be illegal here in Thailand, as are all other proxies. Internet companies are obliged to pass on information if they suspect that a customer is using a proxy.

Best

Matt

There is a solution. As mentioned recently Demotix seems to be intending to have no anonymous reporters other than were there is a real danger to they safety. For these few anonymous reporters it has they could use Tor and an encryption system.

Thus the reporter in a dangerous place could up load encrypted images, captions, keywords etc via tor to a special portal on Demotix only for the anonymous reporters.

Whilst tor might be illegal in a particular country (presumably as would the cryptography) It is only likely to be used in which the journalism is also illegal in the fist place hence the need for obfuscation.

The point is to remember you need an anonymous place to upload from without putting the people at that point in danger. .

hi Matthew, I.ve used the draft folder technique, but in a completely different context. however, I do not know how that would keep someone anonymous given that the file still has to travel physically to a server out of the country. best Lawrence

Hi Lawrence,

not sure I follow you...the example I gave of using the draft box of an email account means that the file never physically gets 'sent'. It's only the email account that gets opened at the other end (in another country) to access the draft box and any files it contains - that's the simplicity of it. The email account only acts as a file storage facility.

Best regards

Matt

Hi Matthew, maybe I didn't explain myself properly. As I said I use this system but for different reasons. What I mean is that, although you (we) do not click the send button the file on the hard disk still has to be copied to the server where the email server is. Thus if you use gmail for example, or whoever, and you're in Country A and the server of gmail in in country M, the file has to travel via the digital pipes from your HD in country A to the Server in country M. As I said, although we do not send the file, the file is still to be copied from the HD and sent to where the email provider has their server. So my question is: can this file that is being copied to the email server (albeit as a draft) be intercepted en route from country A to country M? The question still applies within the country, even if the email server is within the country. best Lawrence

Hi Lawrence, yes I am sure it could be intercepted - although most wouldn't use their own laptop or home internet service to do this - something like an internet cafe or other reasonably anonymous place would be a better idea. Best, Matt.

VPN?

I constantly use a VPN, and in some situations also run through a proxy. There have been times I've also used another journalist to publish my story so there is no trace back to me that does not take multiple government cooperation to trace the original connection. Most civilized countries usually want a criminal action to be proved in order to facilitate an internet trace through their country. Simply wanting to know who uploaded the offending news won't do it.

There are lots of ways to get the news to the publisher if one form of transmission is thwarted. High level encryption (that is above 64bit) is a red flag when the internet is being heavily monitored, and many countries simply do not allow that high of encryption to be transmitted. Their reasoning is no one with legitimate communication needs would need to encrypt anything that high, unless they were a threat to the government.

VPN Virtual Private Network It is basically a like a scrambled telephone line. Used globally by many businesses. However as Steve says high levels of encryption is a red flag in many places.

Of course there are satellite phones.... but in some parts of the world it is easier to get guns than sat phones! (and the phones, with the relevant accounts and bandwidth, are not cheap/.

In days past people used to smuggle out film... I can see the same happening with memory cards.

The same thing has been happening with memory cards for quite a few years now. A micro SD card is quite easy to hide, and impossible to find by those looking at a security check point, or immigration entry point.

With adapter cards they fit in everything, up to compact flash size. When I visit Myanmar I use them exclusively, and have been for a few years now. I have brought cards out for people from other countries, and mailed them once in Thailand, before the Burma government started to loosen up some. It's not a big issue unless they identify you as a journalist, then they get very annoying, with entry refusal, deportation, and all that stuff.