Update: This is a living document. Given below is an older version of this document. Click link for latest version.
2025-04-13
DISCLAIMER
This document is written quickly and contains opinions I may change quickly, as I get new info.
This document contains politically sensitive info that I might take down in future.
This document describes how to setup distributed whistleblowing processes to reduce personal risk for everyone involved in the process. Typically whistleblowing (such as with wikileaks or snowden leaks) incurs significant personal risk. Reducing personal risk may ensure whistleblowing is highly likely to happen when an org doesn’t have complete trust of all its members, forcing them to pay a secrecy tax (in Assange’s words) relative to orgs that do have complete trust of their members and/or higher levels of transparency with the broader public.
I am especially interested in enabling whistleblowing on orgs and labs working on intelligence (such as superintelligent AI, BCIs, human genetic engg, human connectome research, etc) and national/international intelligence agencies that may work with them.
Potential problems
Low-attention regime. Intelligence-grade security. Documents circulated by people with technical skills and willing to run servers and maintain opsec as part-time job.
Whistleblower sends documents to an operator (let’s called one of them Bob) via SecureDrop or via hard disk dead drop. Ideally thousands of such operators exist.
If any person thinks the documents are not spam, they can attach a proof-of-work hash and resend it to others in the network.
IMO hard disk dead drops and airgapped computers is better than using Tor + tails + PGP, as of 2025
PROBLEM: convince thousands of people to become SecureDrop operators
PROBLEM: good infra, protocols, incentives to coordinate hard disk dead drops don’t exist, especially if trying to use multiple hops to reach destination
PROBLEM: need standard protocol for proof-of-work hashes. These could be static strings attached to documents, or generated at request-response time.
Bob does redaction and hosts documents on a clearnet webserver for the public. Bob also posts a link to this webserver on a hard-to-censor social media platform such as 4chan or rumble.
(Or optionally, Bob performs another hop as follows: Bob sends redacted docs via securedrop or hard disk dead drops to all other operators, and one of them publishes the documents publicly as torrents instead of Bob himself.)
PROBLEM: need public guidelines on redaction, so anyone can do it (i.e. become Bob). This ideally ensures there are thousands of potential operators right from the start.
PROBLEM: need guidelines for what the hard-to-censor social media platforms in each country are.
High-attention regime 1. Low security. Documents circulated by people with technical skills but not much free time.
Mirror a searchable version of docs to thousands of servers immediately
It is important that automated mirroring happens before any humans read the content on Bob’s server.
PROBLEM: need open source web crawler to crawl entire internet including any leaked docs/videos, and torrent links containing leaked docs/videos.
OR: PROBLEM: need a standard protocol to only crawl websites and torrents that claim to have leaked docs on them (maybe they include a special flag in their readme/robots.txt, and proof-of-work hash to prove not spam.)
PROBLEM: need open source plaintext extraction and embedding generation so that along with the raw html crawls (WARC), the plaintext and embeddings are also circulated in the same torrent. need standardised format (WARC-parquet?) that keeps some metadata just like WARC keeps metadata.
High-attention regime 2. No security. Documents circulated by anyone.
A popular media house publishes it to increase public attention
Popular media house will do document verification. I’m assuming they won’t face any significant challenge with this. May require metadata of the documents (how to get this??) or contacting the org whose docs got leaked.
High-attention hard-to-censor social media to discuss the document in general public
PROBLEM: need open source crawling and mirroring crawls of all social media
I think actually doing distributed social media is too hard. Complexity of app ensures software developers who write the app are politically co-optible. What’s easier to do is have distributed crawling and mirroring of a centralised site, so people in future can still view the consensus reached by users of the social media. If it ever gets taken down, someone can get a new server running (does not have to have content of old one).
Which social media are high attention and hard-to-censor varies by country.
Summary of potential solutions
persuade thousands of people to become SecureDrop operators (most important)
coordination for hard disk dead drops, including multi-hop hard disk dead drops
proof-of-work hashes to prevent spam on the operators
redaction guidelines
open source web crawling
flags and proof-of-work to only crawl some websites
crawl and mirror leaked docs. crawl and mirror social media discussions.
open source plaintext extraction, embedding generation
standardise format to share extracted plaintext and embeddings
guidelines for latest hard-to-censor high-attention social media
to publish torrent link, maybe raw docs, and social media discussions
guidelines must be country-wise and include legal considerations. always use a social media of a country different from the country where leak happened.
IMPORTANT: Need feedback from people who have actually worked with whistleblowers, to validate all hypotheses listed above.
IMPORTANT: Need to decide whether whisteblowing of important orgs (such as companies/labs researching intelligence, and national/intl intelligence agencies) is actually what I want to work on.
Crux: Does this lead to longterm human flourishing or not?
Would orgs developing intelligence (superintelligent AI, human genetic engg, BCIs etc) necessarily be trustworthy if there existed lots of public information about both their capabilities and their values?
Leaked info about values means public can decide if the org represents their true values. i.e. control via democracy instead of via market alone.
Leaked info about capabilities means public can coordinate under a different leader to shut down existing org and setup a different org.
This requires complete global surveillance (public information) and inter-govt coordination if the open sourced capabilities include ASI model weights, bioweapons or nanotech weapons (or generally, any offense-beats-defence weaponry deployable by small groups).
Seems difficult to find a solution that can leak info about values of an org without also leaking info about capabilities of the org. Above proposed solutions will obviously leak both.
More narrowed crux: Lots of lesswrong crowd defers to yudkowsky’s mental priors against open source ASI and open source bioweapons and complete surveillance (public info). Will have to write separate post on surveillance equilibria.
When it comes to meta data and plain text extraction it’s worth noting that meta data can both be used to verify documents and to expose whistleblowers. If a journalist can verify authenticity of emails because they have access to the meta data that’s useful.
The Session messenger is probably better than country-specific social media.
The US does have the first amendment. That currently means that all the relevant information about AI labs is legal to share. It’s possible to have a legal regime where sharing model weights of AI gets legally restricted but for the sake of AI safety I don’t think we want Open AI researchers to leak model weights of powerful models.
The main information that’s currently forbidden from being shared legally in the US is child pornography, but whistleblowing is not about intentionally sharing child pornography. When it comes to child pornography, the right thought isn’t “How can we host it through a jurisdiction where it’s legal”, but to try to avoid sharing it.
While sharing all the bitcoin blocks involves sharing child pornography, nobody went after bitcoin minors for child pornography. People who develop cryptography who don’t intend to share child pornography generally has not been prosecuted.
Torrents are not a good technology for censorship-resistant hosting. Technology like veilid, where a data set that gets queried by a lot of people automatically gets distributed over more of the network is better because it prevents the people who hosts the torrents from being DDoSed.
If you just want to host plaintext, blockchain technology like ArDrive also exists. You need to pay ~12$ per GB but if you do so, you get permanent storage that’s nearly impossible to censor.
Makes sense! Will think about this.
I’m explicitly looking for social media for that step as common knowledge needs to be established for any political action following it (such as voting in a new leader). Messaging can’t replace the function of social media I think.
My proposed system doesn’t assume legality and can be used to leak AI model weights or anything invented by an ASI, such as bioweapon sequences and lab protocols to manufacture bioweapons. It can also be used to spread child porn and calls to violence.
I agree that US having first amendment makes this system easier to implement in the US but generally the idea is that law can change based on incentives, and this system works regardless of laws. For instance due to incentives intelligence agencies may classify certain types of information and/or place employees under security clearance. This system will allow leaking even such information. For example video recordings of which authority or employee said what.
Yes torrents can be DDoSed, thanks for reminding me! I knew this but recently forgot. In general I’m optimistic on proof-of-work captchas as a way to ensure anonymous users can share information without spamming each other. But yes, the details will have to be worked out.
I haven’t looked into ArDrive codebase in particular, but in general I’m not very optimistic on any blockchain tech whose software is too complex as the developers can then be co-opted politically. Therefore I don’t see why censorship-resistance of ArDrive is higher than a forum like 4chan. ArDrive can also be used, no doubt, I just don’t want people to get the false impression that ArDrive is guaranteed to still be around 10 years from now, for example.
The US does not have laws that forbid people who don’t have a security clearance from publishing classified material. The UK is a country that has such laws but the first amendment prevents that.
I don’t think that chosing jurisdiction in the hope that they will protect you is a a good strategy. If you want to host leaks from the US in China, it’s possible that China’s offers to surpress that information as part of a deal.
4chan has a single point of failure. If the NSA would be motivated enough to burn some of their 0-days, taking it offline wouldn’t be hard.
Taking a decentralized system with an incentive structure like ArDrive down is significantly harder.
Attacking ArDrive is likely also politically more costly as it breaks other usages of it. The people with NFT that store data on ArDrive can pay lobbyists to defend it.
Just convincing the developers is not enough. You also need the patch they created to be accepted by the network, and it’s possible for the system to be forked if different network participants want different things.
Torrents are also bad for privacy everybody can see the IP addresses of all the other people who subscribe to a torrent.
For privacy onion routing is great. Tor uses that. Tor however doesn’t have a data storage layer.
Veiled and the network on which Session runs use onion routing as well and have a data storage layer.
In the case of Veiled you get the nice property that the more people want to download a certain piece of content the more notes in the network store the information.
As far as creating public knowledge goes, I do think that Discord, servers and Telegram chats serve currently as social media.
Update: I thought about this more and I think yeah it should be possible to just skip the torrent step. I have updated the post with this change.
Post on SecureDrop servers, circulate via manual or automated resending of messages. For people with technical skills and enough free time to run servers as a part-time job.
Post on a nginx clearnet server, circulate via automated web crawlers, For people with technical skills but not necessarily a lot of free time.
Post on high attention social media platforms, circulate via people using DMs and discovery of those social media platforms. For all people.
A key attack point here is the first person who posts this on clearnet. Hence I was hoping for it to circulated by automated bots before any human reads it on clearnet.
Thanks this is useful info for me. But also don’t think it matters as much? People in NSA, state dept etc will obviously find an excuse to arrest the person instead. Many historical examples of the same.
I will likely read more on this. I’m generally less informed on legal matters. Any historical examples you have would be useful.
I agree with the very specific example of US and China this might happen. The general idea is to share in a lot of different places. So share it in China and also lots of other countries.
I’m currently not very convinced but I’ll have to read more about ardrive in order to be confident. I currently guess 4chan’s owners and developers have more money and public attention, and hence more powerful humans need to be taken down in order to take down 4chan. Zero day might doxx users sure, I agree with this being possible.
Yes I’m aware of this.
One platonic ideal world is just have 8 billion people operate 8 billion securedrop servers and for any information that hits one server and checks out as not spam, user attached a PoW hash and sends copies to every other server. But convincing that many people to run SecureDrop is hard. Torrent is one level less private and secure than this. But yes I’ll think more on whether torrent is good enough or whether a custom solution has to be designed here.
I’ll try to read more on veiled. And also try their app out. Thanks!
Yes this is true as of 2025 for many countries. Which social media platforms are high attention and also hard to censor varies country-to-country.
For instance in India most people use phone login not email login hence WhatsApp plays a lot more of a social media role.