Higher Security Submission
This submission method uses Tor ("The Onion Router") which is a program for
protecting your anonymity online.
Instead of communicating directly with our web server, Tor routes communications
through a chain of four computers (including yours and ours) which only know
about their direct neighbours in the chain.
Tor is widely regarded as the most effective technology for providing anonymity.
Steps for higher security submission:
Save your survey responses onto your computer:
- Click on "Save Page As..." in the "File" menu.
- Select "Web page, complete" (rather than "Web Page, HTML Only"),
and save the file.
Make a note of the following steps (perhaps on paper, or in a program like
Notepad), and close all web browsers.
Connect to the internet (if you are not connected already), re-open your web
browser, and use it to download the Tor Browser Bundle from
Then close your browser again.
Open the Tor Browser Bundle, and wait for a window that says "Congratulations.
Your browser is configured to use Tor."
Open the website
in the Tor window for further instructions.
You may securely delete saved copies of the survey as follows:
Mac OS X:
- Locate the saved copy of the survey in Finder.
- Drag it into the trash bin.
- Click on "Securely Empty Trash" in the "Finder" menu.
- Open the saved copy of the survey in Notepad.
- Delete the contents of the file by selecting the whole document (eg: with
CTRL-A) and pressing Backspace.
- Open a big file (like a photo or a song) in another Notepad window.
- Copy the contents of the big file, by selecting the whole document
(eg: with CTRL-A) and copying it (eg: with CTRL-C).
- Go into the other Notepad window, where the survey was, and paste into
that window (eg: with CTRL-V).
- Close both Notepad windows, saving the changes to the file that previously
contained the survey.
- Rename the survey file to the name of the big file using Windows
Explorer. (You can do this by clicking on the name of the file, and it
will let you edit the file name.)
- Put the file in the Recycling Bin and empty it.
FreeBSD and Linux:
- Use the srm ("Secure Remove") command. For example, you might type
something like "srm /home/user/survey.html".
Help us by auditing the survey!
The privacy and anonymity of the survey respondents depends partially on
! You can help by auditing
the survey's distribution and
security infrastructure, by checking for signs of tampering. We have included
a list of items to audit... if you can help with any of these, that would be
If you find any security problems (either due to a check failing, or you find
some other problem), then please contact us using the contact details at the
bottom of this page.
- Easy: Check that the SHA1 fingerprint of the SSL certificate for
A8558E67 967C0FA6 5811D6A6 CD03ABF3 B8D7F5E9.
- Chrome: Visit the web page, and click on the padlock next
to the address bar. Click on "Certificate Information" and
look for the "SHA-1 fingerprint".
- Firefox: Visit the web page, and click on the icon next
to the address bar. Click on "More information", "View
Certificate", and look for the "SHA-1 fingerprint".
- Internet Explorer: Visit the web page, and click on the
padlock (whose location has moved over the various versions; check the top
right corner of the window, the bottom edge of the window, and next to
the address bar).
Then click on "Details" and look for the "Thumbprint".
- Safari: Visit the web page, and click on the padlock on the top
right corner of the window. Then click "Details" and look for
"SHA-1" near the bottom.
- Easy: The survey HTML file should only be distributed by the
official website. Other websites should only be hyperlinking to our website.
Please let us know if anybody is distributing the HTML file.
- Easy: We keep a list of all websites that link to the survey
If you know about a website that links to the survey that is missing from the list,
please let us know.
- Medium (Downloads required): Check that the IP address of
whistleblowingsurvey.org is one of:
You can use the Unix
host command or the ShowIP plugin for
- Hard (Reading HTML required):
Websites that link to the survey should link to us in
a special way. They should in fact contain two links: one for the survey
respondents to click on, and another hidden
<iframe> link. (The
second link silently downloads the survey to the person's computer, and stores
it in their computer's cache. This means that an eavesdropper does not know
whether or not they clicked on the link.) Please check that both links are
- Hard (Familiarity with Diff required): Check that the survey has
not been tampered with. Download the survey many different ways (with and
without Tor, at different computers, etc.) at different times, and check that
the survey is identical each time, or only has trivial changes. (The Unix
diff program is useful for this task.) The only differences that
should show up are:
- The questions might differ. There are different versions for
different languages, and also the question order is randomized between
one of three different versions.
- To thwart traffic analysis, a random amount of space is inserted
in a hidden
input tag called
- Hard (Familiarity with Diff required): Check that these auditing
instructions have not been tampered with. A copy of these instructions appears
in every survey, at the very end. You can view them in your web browser by
scrolling all of the way to the right.
Security Contact Details
You can email us about security-related matters at
If you wish, you may encrypt your emails with the following public key:
332E D46C BC02 FB6D A776 D8F5 5E92 A9A9 2C22 71E4
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP PUBLIC KEY BLOCK-----