With all the conspiracy theories surrounding some high-profile deaths in recent years, how can you, theoretical whistleblower with highly sensitive documents, be assured that your information gets leaked if you're murdered in some government conspiracy? A new dark web service says it's got your back.
'Dead Man Zero' [deep web link] claims to offer potential whistleblowers a bit more peace of mind by providing a system that will automatically publish and distribute their secrets should they die, get jailed, or get injured.
“So what if something happens to you?” the site reads. “Especially if you're trying to do something good like blow the whistle on something evil or wrong in society or government. There should be consequences if you are hurt, jailed, or even killed for trying to render a genuine and risky service to our free society."
"Now you have some protection. If 'something happens' to you, then your disclosures can be made public regardless,” the site promises.
This is all accompanied by the obligatory image of 24's terrorist-fighting protagonist Jack Bauer, as you can see here:
Screenshot: Dead Man Zero
It claims to work in a very simple way. First, you upload your files, encrypted with a password, to a cloud storage service. Then you include this link, along with the password and an optional description of your material. The site will then add its own layer of encryption, too. You are then given your own unique URL to log in from, accessible only using the Tor browser.
If you don't log back into it once a day, week or month (those are the options), your documents and respective password will be published on the site, and sent to a list of email addresses that you provide in advance; most likely journalists you trust to do the story justice, or your lawyer. The site can also be accessed via a smart phone, assuming you can browse hidden services on it.
“If events overtake you, you can still overtake your adversaries,” the site reads. For a user to upload their archive, they are required to pay 0.30 Bitcoin (around £70 or $120 at today's rate), and according to a counter on the site, 399 sets of documents have been uploaded, and 17 will be released if their owner doesn't log in within the next 24 hours.
The creators have written that the site is in response to the series of NSA scandals over the years, and also point to a (since changed) article headlined “Obama orders fed workers: spy on each other,” alluding to the current administration's war on whistleblowers and leakers.
I reached out to those behind Dead Man Zero via the contact form on the site, but didn't receive a reply.
It's probably advisable to view Dead Man Zero and the service it offers with a healthy dose of scepticism
There are a few things potential Snowdens should be aware of though. Firstly, what's to say the people running the site are going to do as they promise?
Anyone who is going to leak highly sensitive documents from the upper echelons of government or private contractors probably already has experience in operational security, and would likely rather put faith in their own practices than a third party's.
Indeed, Snowden was said to have his own 'dead man' system in place to release his documents—though security expert Bruce Schneier chimed in that it wasn't actually the best of ideas, considering someone might be tempted to kill Snowden, or stop him logging in, to purposely unleash the trove.
Then there's the idea of uploading your material to the cloud first, which will no doubt worry those who are particularly security conscious. Even though Spideroak (one of the recommended services) deploys a supposed zero-knowledge method of keeping your data safe, those with a penchant for privacy are unlikely to store their secrets in the cloud.
Dead Man Zero counters that if they were to host your documents themselves, their own servers—potentially housing sensitive documents from all over the world—could be targeted.
Finally, if would-be leakers simply forget to sign in when they say they will, well, they've just leaked a bunch of stuff they may not have wanted to.
In sum, it's probably advisable to view Dead Man Zero and the service it offers with a healthy dose of scepticism.
In their FAQ section, the site creators address the question of whether they'll still be going in a year, or five or ten years. How do we know that?
“You really don't,” they write. “But 'we might know some folks' who have successfully run high-duty, highly secure (PCI-DDS at minimum) servers non-stop since 1993. That's 20 years. Chances are 'pretty good' you'll get the service you need.”
Just don't forget to log in when you say you will.