from the that's-not-good dept
Now, it's great that the Wall Street Journal has decided to get into the game, and one would hope that other newspapers will set up similar secure and protected dropboxes for information. But... there are some serious problems with the WSJ's implementation. First of all, the terms of service basically say that you shouldn't expect them to protect your anonymity at all:
"Except when we have a separately negotiated confidentiality agreementů we reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process, to operate our systems properly, to protect the property or rights of Dow Jones or any affiliated companies, and to safeguard the interests of others."In other words, if you leak to the WSJ and the government wants to know who you are, the WSJ is going to tell the government. Apparently, the WSJ doesn't think too highly of the concept of journalistic shields for sources.
Separately, researchers, including Jacob Appelbaum are pointing to numerous security flaws in Safehouse's implementation that could also reveal someone's identity, despite promises of anonymity.
Hopefully, the WSJ is willing to admit that it hadn't necessarily thought through all the implications, and will fix these problems quickly.