The NoLeaks Notary service collects evidence of personal data processing on web-pages for court proceedings. The service based on open source software tool that takes digitally signed snapshots of web-pages. The project published on GitHub under GNU General Public License allowing technology experts to audit the source code and increase public awareness on the methods and the value of the inspections.
The service maintains the highest degree of provenance, integrity, accountability and independence of gathered evidence compliant to:
In notarization process the service applies strong cryptography, Time Stamping Authority and Public Key Infrastructure resources derived from GlobalSign - the European qualified trust service provider. The Notary builds the trust to electronic data accepted as evidence, since the integrity of the data and the identity of the signatory can be validated by the parties independently.
$ jarsigner -verify -verbose -certs snapshot.zip Signed by "EMAILADDRESSemail@example.com, CN=Olegs Kunicins, C=LV" Digest algorithm: SHA-256 Signature algorithm: SHA256withRSA, 2048-bit key Timestamped by "CN=Globalsign TSA for Advanced - G4, O=GlobalSign nv-sa, C=BE" Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withSHA256withRSA, 3072-bit key jar verified.
Courts should not refuse electronic evidence only because it is collected and/or submitted in an electronic form. Electronic data should be accepted as evidence unless the authenticity of such data is challenged by one of the parties.
NoLeaks Notary employs standard Google's Chromium in fullscreen mode that simulates three realistic browsing sessions: first visit, returning visit and incognito visit. Each session observed by the proxy which records traffic between the browser and Internet. In contrast to its predecessors that control the browser over high-level API, NoLeaks Notary inspects all traffic, including "invisible" (favicons and requests to Google services), providing consistent digital evidence. Each snapshot of the web-page includes:
The Metadata refers to electronic information about other electronic data, which may reveal the identification, origin or history of the digital evidence, as well as relevant dates and times. NoLeaks Notary gathers effective Chrome options, properties of the simulated device and system properties, including OS, network configuration and execution environment.
The service performs timestamping by using Network Time Protocol and domain name resolution by using DNS-over-HTTPS. These protocols prevent manipulation of data or misconfiguration on client side. Strict distinction of the remote parties considers two requests belong to the same party if:
Structured evidence allows data controllers, data protection officers and end users to understand better which information is transferred and stored during the visits without submitting the consent.
Cryptographic part of the service Signed ZIP published on Maven Repository under GNU General Public License as a standalone reusable library. The library extends standard ZipOutputStream by implementing SHA-256 signatures and trusted time stamps.
The NoLeaks welcomes all contributions in form of ideas, bug reports or coding, as well as any feedback and suggestions for improvements. Your attention is always welcome at firstname.lastname@example.org