How Sees the Future of Whistleblowing?

4 minute read

Posted by: Politech

July 2, 2015

This article represent the author’s personal views.

One of the attractive qualities of Tor hidden services is the relatively non-capitalistic nature of its domain name system and end-to-end encryption. If you want to set up a secure website on the surface web, you have to buy a domain name and an SSL certificate. Tor hidden service addresses, however, are themselves cryptographic keys which are generated on the user’s own machine. No need to consult any companies and certainly no need to hand over any money.

But that’s not to say Onionland is a pure space untainted by capitalism. Venture in and you’ll find all kinds of money-making enterprises, some more savory than others. I’m not just talking about the famous darknet markets like the first instance of Silk Road and before the exit scam – Evolution. Other examples are Facebook’s Tor-presence, and more recently advertising companies dedicated to serving ads on hidden services.

Introducing Slur

Most striking of all is Slur whose tagline is “you’re going to hate it.” At least it’s honest. Describing itself as an “anonymous marketplace for the selling of secret information,” Slur allows users to upload secret information of any kind and sell it to the highest bidder. The framework uses public key cryptography to ensure that only the auction’s winner is able to decrypt the information and, in case of a dispute, recruits arbitrators to verify that sellers actually deliver the information they advertise. This requires the arbitrators also to be given the decryption keys.

This consumer-security is achieved with libbitcoin, a set of C++ Bitcoin libraries notable for implementing multisig, which Bitcoin Magazine explains in detail here. In short, when a customer pays, the money is first escrowed to a trusted party but the seller can see that they have paid; when the customer receives the goods, they give confirmation by signing the transaction with their private key. The seller also signs the transaction to confirm that they have received the payment. Libbitcoin uses elliptic curve cryptography for this.

Slur justifies itself as follows: “It’s estimated that 5% of the general population are psychopaths. Introducing financial incentive in an anonymous framework will produce a greater yield of leaked information than from say the ideology that drove patriots like Edward Snowden.” Regardless of whether its motivations are lofty or sinister, it is questionable at best whether making sensitive information – public interest or not – available only to the highest bidder will increase government and corporate transparency.

A force for good?

With proclamations like “We see disruptive technology as a counterbalance in a class war” makes a convincing case that the developers really see the Slur framework as a levelling force in a world of inequality. However there is a danger that this platform will divert important information like what Edward Snowden disclosed away from the world at large and into the sole hands of Bitcoin millionaires.

Although Slur is not operational at the moment, consider the following: the US government has seized the assets of a number of dark market admins who amassed fortunes in bitcoins. If a cache like Manning’s or Snowden’s appeared on the Slur marketplace, who will have the most buying power and incentive to leverage that power? Where Wikileaks democratizes information by making it available to everyone, Slur provides a way to capitalize on it, making it available only to the rich. While there is a chance a good-hearted person may buy public interest information and release it to the world, it seems more feasible that Slur would simply provide powerful factions with a way to suppress unfavorable leaks by winning the auction themselves.

A better choice for disgruntled employees of powerful organizations might be one of the many decentralized PasteBin clones similar to DoxBin which was taken down as part of Operation Onymous. This way, you can ensure the information actually gets out. Another option could be many of the SecureDrop sites run by news organizations. Admittedly, these may not appeal to the “psychopaths” who want to profit from their leaks at whom Slur is aiming itself.

The Current State of Slur

And despite the big talk, Slur has yet to be released. The developers behind Slur, the u99 group, have a page dedicated to updates about Slur. It is currently empty. u99’s Github for Slur contains only a license and a text file containing the word “Slur”.

For the time being, the “psychopaths” Slur hopes to appeal to may be better served by Darkleaks, an almost identical but much more mature project by the creators of  Darkwallet. Already operational, Darkleaks can be downloaded and compiled from Github, allowing users to access their Tor-based market for information through a dedicated client. The verification system is slightly different – Darkleaks divides the uploaded information into segments and makes publicly available one randomly selected piece in advance to prove the information is what it claims to be.

Updated: 2015-07-02