We're here to show how crypto can be used to do some good. We're putting crypto to work to solve one of the biggest conflicts in journalistic reporting: anonymous sources.
We need whistleblowers. Fighting corruption requires brave men and women standing up and saying, "this is not right." But whistleblowing is dangerous and requires a lot of trust. Today, a whistleblower has 3 options when talking to a journalist for how the journalist attributes their claims. They can choose the attribution:
- Sourced attribution—full accountability as to who is making the claim
- On background attribution—an anonymous source allows a journalist to provide a rough description of their credentials/position
- Anonymous attribution—completely unaccountable
Anonymity can help protect sources against retribution but without accountability or a reputation, anyone could claim anything. How do we know whistleblowers are for real while protecting their identity?
What it does
CryptoSource introduces a fourth option for attribution for whistleblowers and journalists. A whistleblower can use our platform to provide claims and evidence as a crypto sourced attribution story. A crypto sourced attribution provides a way for the audience to establish a level of subject matter credibility while hiding the identity of the leaker with zero knowledge required on the part of the journalist.
- A whistleblower registers their public key with CryptoSource
- A whistleblower establishes his/her credentials by encrypting and uploading several proof-of-credential statements with their private key. These claims may be something like:
I work on the safety and compliance team at Monsanto. Within the next week, Monsanto will release a now-secret safety and compliance document to the FDA
The document number will be 523-LN-372
The total length of the FDA compliance document will be exactly 233 pages.
The first word of the first five pages are [This, For, Once, However, total]
- A hash of the proof-of-credential statements is timestamped and store
- The whistleblower waits until the private information becomes public knowledge. For example: When the FDA receives and publishes document 523-LN-372 from Monsanto.
- The whistleblower can now upload the exact same proof-of-credential statement. This time CryptoSource will upload both the new hashed and unhashed version of the statement in order to validate that it is the same as the original statement. This timestamped original statement is now available to view publicly, demonstrating that the public key associated with these proofs had knowledge that was erstwhile secret to only individuals with specific credentials.
- After building up sufficient credibility, the whistleblower may now choose to upload arbitrary claim documents. These claims can be evaluated by journalists and quoted in a news article with a direct citation to a still-anonymous source. Readers of the article can then follow the citation and verify the quote and source credentials for themselves—as well as ensure that the source was not quoted out of context.
- After these claims mature, they become new credential statements and will either further validate or undermine the whistleblower's credibility.
- A whistleblower can further establish his/her credentials anonymously to a rigorous standard by authorizing credential validation through with Bloom. Bloom provides a hashed proof of a unique identity by validating that a user has provided several unique data points such as a valid phone number, email address, ID documents, and even a social security number—all without sharing any of these pieces of data with CryptoSource. These proof points ensure that each CryptoSource account represents exactly one natural person and prevents bots from participating.
How we built it
CryptoSource is a DApp with a React front end built on the Truffle sweet. We used Github to share files (of course). We started with building the smart contracts in solidity while working on the front end and then marring the two designs together. This lead to some friction, but nothing that wasn't able to be overcome and I think this lead to sturdy (enough for testing!) smart contracts and a pleasent to use frontend. Further we integrated with Bloom in order to gain the benefit of helping give more secret information, and limiting certain brute force attacks.
Challenges We ran into
Some issues with getting Truffle and Rinkeby to play nice made it impractical for us to get the smart contract running on a testnet for this hackathon, instead we're running it on ganache-cli. When using front end templates, although they help with the view they can also make it more difficult to do spot changes when necessary and can occasionally lead to jaring transitions.
User Experience will be essential to get right. The current state of the DApp presumes a basic level of knowledge of MetaMask and access to Ether. We believe a certain level of friction is a good thing—in that it will cut down on frivolous posting. However, we this tool is important and should eventually be made available to as wide an audience as possible.
Accomplishments that We're proud of
Although it may be shabby this is an MVP product. I'm excited that we managed to work together and talk and share ideas and work together cohesively. I think we're built a product that the world can really use.
What We learned
Since we came in with a wide range of skills and talents this team had a fantastic exchange of ideas and information. Some skills taught and picked up by various team members include smart contract integration, the truffle sweet of tools, react, front end UX design, ganachCLI local setup, web3 and smart contract logging.
What's next for CryptoSource
We plan to develop an embedded tool for online newspapers like NYT.com that allows reporters to directly quote sources and embed their original claims and veracity proofs directly into articles. Now journalists can actually cite anonymous sources.
We also believe there are applications in other fields:
- Pharmaceuticals can prove to the FDA that their trials were designed the way they disclosed without having to reveal their methods to competitors untila after the trial concludes
- "First to invent" proofs where an author or inventor can create a proof of authorship for trade secrets that could be validated in court without exposing those secrets. You can "publish" without publishing.
Although this version is 'feature complete' it still is quite rough around the edges and additional time on usability would go a long way to making people feel comfortable with it. On the more technical side of things, getting it onto the public testnets is of course, a necessity as is getting the front end on a real webserver. Further, deeper integration with Blooms ever improving API can help support even more low to zero proof identification paradigms. Some more advanced integrations would involve adding the ability to say whether a thing did or did not happen, such as by connecting to Augur. Further the platform currently does not have great curation tools, so people will need to dig, adding curation tools could help people find the best whistleblowers more easily.