Update: This is a living document. Given below is an older version of this document. Click link for latest version.

2025-04-13

DISCLAIMER

• This document is written quickly and contains opinions I may change quickly, as I get new info.
• This document contains politically sensitive info that I might take down in future.

This document describes how to setup distributed whistleblowing processes to reduce personal risk for everyone involved in the process. Typically whistleblowing (such as with wikileaks or snowden leaks) incurs significant personal risk. Reducing personal risk may ensure whistleblowing is highly likely to happen when an org doesn't have complete trust of all its members, forcing them to pay a secrecy tax (in Assange's words) relative to orgs that do have complete trust of their members and/or higher levels of transparency with the broader public.

I am especially interested in enabling whistleblowing on orgs and labs working on intelligence (such as superintelligent AI, BCIs, human genetic engg, human connectome research, etc) and national/international intelligence agencies that may work with them.

Potential problems

• Low-attention regime. Intelligence-grade security. Documents circulated by people with technical skills and willing to run servers and maintain opsec as part-time job.
  • Whistleblower sends documents to an operator (let's called one of them Bob) via SecureDrop or via hard disk dead drop. Ideally thousands of such operators exist.
    • If any person thinks the documents are not spam, they can attach a proof-of-work hash and resend it to others in the network.
    • IMO hard disk dead drops and airgapped computers is better than using Tor + tails + PGP, as of 2025
    • PROBLEM: convince thousands of people to become SecureDrop operators
    • PROBLEM: good infra, protocols, incentives to coordinate hard disk dead drops don't exist, especially if trying to use multiple hops to reach destination
    • PROBLEM: need standard protocol for proof-of-work hashes. These could be static strings attached to documents, or generated at request-response time.
  • Bob does redaction and hosts documents on a clearnet webserver for the public. Bob also posts a link to this webserver on a hard-to-censor social media platform such as 4chan or rumble.
    • (Or optionally, Bob performs another hop as follows: Bob sends redacted docs via securedrop or hard disk dead drops to all other operators, and one of them publishes the documents publicly as torrents instead of Bob himself.)
    • PROBLEM: need public guidelines on redaction, so anyone can do it (i.e. become Bob). This ideally ensures there are thousands of potential operators right from the start.
    • PROBLEM: need guidelines for what the hard-to-censor social media platforms in each country are.
• High-attention regime 1. Low security. Documents circulated by people with technical skills but not much free time.
  • Mirror a searchable version of docs to thousands of servers immediately
    • It is important that automated mirroring happens before any humans read the content on Bob's server.
    • PROBLEM: need open source web crawler to crawl entire internet including any leaked docs/videos, and torrent links containing leaked docs/videos.
    • OR: PROBLEM: need a standard protocol to only crawl websites and torrents that claim to have leaked docs on them (maybe they include a special flag in their readme/robots.txt, and proof-of-work hash to prove not spam.)
    • PROBLEM: need open source plaintext extraction and embedding generation so that along with the raw html crawls (WARC), the plaintext and embeddings are also circulated in the same torrent. need standardised format (WARC-parquet?) that keeps some metadata just like WARC keeps metadata.
• High-attention regime 2. No security. Documents circulated by anyone.
  • A popular media house publishes it to increase public attention
    • Popular media house will do document verification. I'm assuming they won't face any significant challenge with this. May require metadata of the documents (how to get this??) or contacting the org whose docs got leaked.
  • High-attention hard-to-censor social media to discuss the document in general public
    • PROBLEM: need open source crawling and mirroring crawls of all social media
    • I think actually doing distributed social media is too hard. Complexity of app ensures software developers who write the app are politically co-optible. What's easier to do is have distributed crawling and mirroring of a centralised site, so people in future can still view the consensus reached by users of the social media. If it ever gets taken down, someone can get a new server running (does not have to have content of old one).
    • Which social media are high attention and hard-to-censor varies by country.

Summary of potential solutions

• persuade thousands of people to become SecureDrop operators (most important)
• coordination for hard disk dead drops, including multi-hop hard disk dead drops
• proof-of-work hashes to prevent spam on the operators
• redaction guidelines
• open source web crawling
  • flags and proof-of-work to only crawl some websites
  • crawl and mirror leaked docs. crawl and mirror social media discussions.
• open source plaintext extraction, embedding generation
  • standardise format to share extracted plaintext and embeddings
• guidelines for latest hard-to-censor high-attention social media
  • to publish torrent link, maybe raw docs, and social media discussions
  • guidelines must be country-wise and include legal considerations. always use a social media of a country different from the country where leak happened.

IMPORTANT: Need feedback from people who have actually worked with whistleblowers, to validate all hypotheses listed above.

IMPORTANT: Need to decide whether whisteblowing of important orgs (such as companies/labs researching intelligence, and national/intl intelligence agencies) is actually what I want to work on.

Crux: Does this lead to longterm human flourishing or not?

• Would orgs developing intelligence (superintelligent AI, human genetic engg, BCIs etc) necessarily be trustworthy if there existed lots of public information about both their capabilities and their values?
  • Leaked info about values means public can decide if the org represents their true values. i.e. control via democracy instead of via market alone.
  • Leaked info about capabilities means public can coordinate under a different leader to shut down existing org and setup a different org.
    • This requires complete global surveillance (public information) and inter-govt coordination if the open sourced capabilities include ASI model weights, bioweapons or nanotech weapons (or generally, any offense-beats-defence weaponry deployable by small groups).
    • Seems difficult to find a solution that can leak info about values of an org without also leaking info about capabilities of the org. Above proposed solutions will obviously leak both.
    • More narrowed crux: Lots of lesswrong crowd defers to yudkowsky's mental priors against open source ASI and open source bioweapons and complete surveillance (public info). Will have to write separate post on surveillance equilibria.