GlobaLeaks – Open-Source Whistleblowing Framework

GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights.  It is an Open Whistleblowing Framework that can be used in many different usage scenarios that may require very different approaches to obtain both security and flexibility. 

Features

• Configurable contexts
• Configurable submission steps and custom fields
• Configurable recipients
• Support for anonymous submissions (via Tor) and confidential submissions (via Tor2web/HTTPS)
• Support for end-to-end encryption (soon by means of the PGP encryption standard)
• Support for temporary AES encryption of data that touches disk storage
• Configurable secure submission deliveries with PGP
• Mail templating system for all the different notifications mails sent by the system
• Support for common DB systems: SQLite, (soon MySQL and PostgreSQL)
• Rich configuration options

Software Security

The security and anonymity features built into GlobaLeaks:

• Threat Model – an overview of GlobaLeaks with regards to security considerations.
• Application Security Design and Details
• Operating System Security – protective features applied by GlobaLeaks.
• Encryption – protect of data in GlobaLeaks
• Penetration Tests – all PT and Security Audits performed against GlobaLeaks
• Security Awareness – Tips and privacy warnings in the user interface

Server sizing

GlobaLeaks is designed to run on GNU/Linux. Ubuntu Xenial 16.04 LTS is the officially supported platform.

Requirements:

• CPU: Dual core 2.0GHz
• RAM: 2GB (Does not impact the maximum filesize that a platform installation can handle in upload)
• STORAGE: 20GB Allocate more based on data retention policy and (expected) traffic.
• I/O: 10Mbit/s (shared)
• Email account

GlobaLeaks makes use of email to handle submission notification. To this aim you need an email account to be used to send submission related notifications to recipients. This email account needs to be available and the respective SMTP server must support SMTPS or SMTP/TLS in order to securely manage sending of email.

For security and resource availability, GlobaLeaks needs a dedicated server. Depending on the architecture you may need one or two servers allocated to GlobaLeaks. The two-server hosting architecture requires that you use different data-centres for each of them.

Download GlobaLeaks