Article Lead Image

Leak site Cryptome accidentally leaks its own visitor IP addresses

It comes shortly after some of the site’s encryption keys were compromised.


Joseph Cox


Posted on Oct 9, 2015   Updated on May 27, 2021, 8:11 pm CDT

Cryptome, the Internet’s oldest document-exposure site, inadvertently leaked months worth of its own IP logs and other server information, potentially exposing details about its privacy-conscious users.

The data, which specifically came from the Cartome sub-directory on, according to Cryptome co-creator John Young, made their way into the wild when the site logs were included on a pair of USB sticks sent out to a supporter.

Twitter user Michael Best reported the problem a few days ago on his website. “Within those USBs were server logs that include user IPs (spanning several months), .htaccess files, and a pwd file,” he wrote. He discovered the files when he uploaded the contents of the sticks to the Internet Archive, Best told the Daily Dot in a Twitter message.

“Probably best to not expose visitors’ data further but then nothing can be fully deleted or hidden.”

“Scrolling down through the list, I found about a hundred awstats log files listed in a row,” he said, referring to Cryptome analytics data.

Launched in 1996 by Young and Deborah Natsios, Cryptome was born out of the cypherpunks mailing list, a space where some of the most influential players in cryptography emerged. It currently hosts tens of thousands of documents, news articles, and images, many of which pertain to cryptography, surveillance, and freedom of information. Documents made available through the site include lists of MI6 agents, details on nuclear technology, and much more. It is often referred to as the forefather of WikiLeaks.

Last month, Cryptome announced that someone had compromised some of its encryption keys.

Returning to the IP logs, Best contacted Young over email and Twitter about the problem. Eventually Cryptome said that Best had faked the data.

“When he accused me of faking the data is when I dumped it, since he didn’t acknowledge the problem and was making accusations against me,” Best said.

The data published by Best, which was reviewed by the Daily Dot, includes IP logs of visitors to certain pages of Cryptome during a few select months in 2009 and 2010. There are also files indicating what search terms people have used to land on the site.

When initially asked whether he had anything to add, Young told the Daily Dot in an email, “No.”

But shortly after, Young confirmed to Best in an email that the data was accurate.

“You were right about AWStats data. Not the stats for Cryptome itself but for the Cartome sub-directory, for four months, November 2009-February 2010,” Young wrote. “Included in a full site restoration by ISP NetSol after a full shutdown in June 2013.”

“The stats have been deleted from the Cryptome archive,” Young added. “Probably best to not expose visitors’ data further but then nothing can be fully deleted or hidden. Thanks for discovering and reporting in this.”

Best has also reportedly deleted the data from his site.

When asked whether that message was legitimate, Young told the Daily Dot in an email, “Yes.”

“Best is as dogged as Cryptome,” Young added in a later email. “We admire that and encourage him to get even more pugnacious, as if he needed it. Should be many more to offset the rising excess of suavely devious spying, advertising and oligarch ass-lickers hoboing the runaway online money train.”

Photo via Pink Sherbet Photography/Flickr (CC BY 2.0)

Share this article
*First Published: Oct 9, 2015, 8:01 pm CDT