Open-Source Whistleblowing Framework: GlobaLeaks

ID N0WHERE:172570
Type n0where
Reporter N0where
Modified 2018-02-23T07:29:06


GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights . It is an Open Whistleblowing Framework that can be used in many different usage scenarios that may require very different approaches to obtain both security and flexibility.


  • Configurable submission contexts and questionnaires
  • Single and multiple recipients capabilities
  • Integrated Multi-Tenancy support
  • Support for anonymous submissions (via Tor ) and confidential submissions (via HTTPS)
  • Ingrated optimized HTTPS capability with support for Let’sEncrypt Certification Authority
  • Rich configuration options and defaults
  • Optimized UI with advanced User Experience (UX)
  • Accessible Rich Internet Application compliant to WAI-ARIA
  • Empbedded internationalization and localization support
  • Fully translated in more thant 30 languages
  • Support for Right-to-left (RTL) design
  • Integrated support for PGP and AES encryption
  • Ongoing development for clientside encryption
  • Configurable mail templating system for each notification
  • All-in-one solution including embedded webserver and SQLite database
  • Fully unit-tested and end2end tested on commit with test code coverage over 90%
  • Support for all common database systems: MySQL, PostgreSQL and MS SQL Server
  • Strong security with more than 7 independent audits
  • Including Whistleblower Identity Management features compliant with Italian Anticorruption Authority Specs ANAC)
  • Compliant with recent whistleblowing protection laws in the fields of whistleblowing protection like Italian 190/2012 and 231/2001 , French Sapin II and International ISO 37001

Software Security

The security and anonymity features built into GlobaLeaks:

Server sizing

GlobaLeaks is designed to run on GNU/Linux. Ubuntu Xenial 16.04 LTS is the officially supported platform.

Requirements :

  • CPU: Dual core 2.0GHz
  • RAM: 2GB (Does not impact the maximum filesize that a platform installation can handle in upload)
  • STORAGE: 20GB Allocate more based on data retention policy and (expected) traffic.
  • I/O: 10Mbit/s (shared)
  • Email account

GlobaLeaks makes use of email to handle submission notification. To this aim you need an email account to be used to send submission related notifications to recipients. This email account needs to be available and the respective SMTP server must support SMTPS or SMTP/TLS in order to securely manage sending of email.

For security and resource availability, GlobaLeaks needs a dedicated server. Depending on the architecture you may need one or two servers allocated to GlobaLeaks. The two-server hosting architecture requires that you use different data-centres for each of them.

Open-Source Whistleblowing Framework: GlobaLeaks Documentation

Open-Source Whistleblowing Framework: GlobaLeaks Download