Distributed Denial of Secrets — the nonprofit transparency collective that hosts an ever-growing public library of leaked and hacked datasets for journalists and researchers to investigate — has been a major source of news for organizations like the New York Times, the Washington Post, the Wall Street Journal, The Guardian, BBC News, Al Jazeera, the Associated Press, Reuters, and Fox News, among others.
It has published datasets that shed light on law enforcement fusion centers spying on Black Lives Matter activists, revealed Oath Keepers supporters among law enforcement and elected officials, and exposed thousands of videos from January 6 rioters, including many that were used as evidence in Donald Trump’s second impeachment inquiry. (Disclosure: I’m an adviser to DDoSecrets.)
But not everyone is a fan. DDoSecrets has powerful enemies and has found itself censored by some of the world’s biggest tech companies, including X (formerly Twitter) and Reddit. The governments of Russia and Indonesia are also censoring access to its website.
X Blocks DDoSecrets Links
Shortly before the 2020 election, Twitter prevented users from posting links to a New York Post article based on documents stolen from Hunter Biden’s laptop, citing a violation of the company’s hacked materials policy. After intense pressure from Republicans, Twitter reversed course two days later. This was widely covered in the media and even led to congressional hearings.
What’s less well known is that earlier in 2020, in the midst of the Black Lives Matter uprising, Twitter used the same hacked materials policy to not only permanently ban the @DDoSecrets account, but also prevent users from posting any links to ddosecrets.com. This was in response to the collective publishing the BlueLeaks dataset, a collection of 270GB of documents from over 200 law enforcement agencies. (German authorities also seized a DDoSecrets server after the release of BlueLeaks, bringing the collective’s data server temporarily offline.)
When Elon Musk bought Twitter, which he has since renamed X, he promised that he would restore “free speech” to the platform. But Musk’s company is still censoring DDoSecrets; links to the website have been blocked on the platform for over three years. Lorax Horne, an editor at DDoSecrets, told The Intercept that they are “not surprised” that Musk isn’t interested in ending the censorship. “We afflict the comfortable, and we include a lot of trans people,” they said. “Transparency is not comforting to the richest people in the world.”
If you try to post a DDoSecrets link to X, you’ll receive an error message stating, “We can’t complete this request because this link has been identified by Twitter or our partners as being potentially harmful.” The same thing happens if you try sending a DDoSecrets link in a direct message. X did not respond to a request for comment.
“There’s no doubt that ddosecrets.com being blocked on Twitter impacts our ability to connect with journalists,” Horne told The Intercept. “In the last week, I’ve had to explain to new reporters why they can’t post our link.”
Reddit Shadow-Bans DDoSecrets
X isn’t the only company that has been censoring DDoSecrets since it published BlueLeaks in 2020. The popular social news aggregator Reddit has been doing the same, only more subtly.
As an example, I posted a link to the DDoSecrets website in the r/journalism subreddit. I also posted two comments on that post, one that included a link to the DDoSecrets BlueLeaks page and another that didn’t. While logged in to my Reddit account, I can see my post in the subreddit, and I can view both comments.
However, when I view the r/journalism subreddit while logged in to a different Reddit account, or while not logged in at all, my post isn’t displayed. If I load the post link directly, I can see it, but the link to ddosecrets.com isn’t there, and the comment that included the link to BlueLeaks is hidden.
“People can link to news articles that use our documents but can’t link to the source,” Horne said when asked about Reddit’s censorship, which “impedes people finding verified links to our archive” and “inevitably will stop some people from finding us.”
In October 2020, while I was in the midst of reporting on BlueLeaks, I did a Reddit “ask me anything,” an open conversation for members of the r/privacy community to ask about my work. At the time, we had trouble getting the AMA started because of Reddit’s censorship of DDoSecrets. Eventually, we had to start the AMA over with a new post that did not include any DDoSecrets links in the description, and I had to refrain from posting links in the comments.
“Reddit’s sitewide policies strictly prohibit posting someone’s personal information,” a Reddit spokesperson told The Intercept. “Our dedicated internal Safety teams enforce these policies through a combination of automated tooling and human review. This includes blocking links to offsite domains that break our policies.”
Like X, Reddit is inconsistent in enforcing its policy. After receiving Reddit’s statement, I posted a link in the r/journalism subreddit to the WikiLeaks website. Unlike DDoSecrets, which distributes most datasets that contain people’s private information only to journalists and researchers who request access, WikiLeaks published everything for anyone to download. In 2016, for example, the group published a dataset that included private information, including addresses and cellphone numbers, for 20 million female voters in Turkey.
But Reddit doesn’t censor links to WikiLeaks like it does with DDoSecrets; if I view the r/journalism subreddit while not logged in to a Reddit account, my post with the link shows up.
Russia and Indonesia Bar Access
After Russia invaded Ukraine in February 2022, hackers, most claiming to be hacktivists, compromised dozens of Russian organizations, including government agencies, oil and gas companies, and financial institutions. They flooded DDoSecrets with terabytes of Russian data, which the collective published.
One of the hacked organizations was Roskomnadzor, the Russian government agency responsible for spying on and censoring the internet and other mass media in Russia. The most recent leak of data from this agency (DDoSecrets hosts three separate leaks) includes information about Russia censoring DDoSecrets itself.
“Colleagues, good morning! Please include links in the register of violators,” a Russian censor wrote in an August 2022 email buried in a collection of 335GB of data from the General Radio Frequency Center of Roskomnadzor. A scanned court document adding ddosecrets.com to Russia’s censorship list was attached to the email.
“It was only a matter of time,” Horne said of Russia blocking access to DDoSecrets. “Our partners like IStories, OCCRP, and Meduza have it worse and have been placed on the undesirable organizations list. We are lucky that we have no staff in Russia and haven’t had to move anyone out of the country.”
Roskomnadzor did not respond to a request for comment.
Indonesia has also blocked access to the DDoSecrets website since July 21, 2023, according to data collected by the Open Observatory of Network Interference, a project that monitors internet censorship by analyzing data from probes located around the world.
Indonesia’s Ministry of Communication and Informatics, the government agency responsible for internet censorship, did not respond to a request for comment.
On July 18, three days before the block went into effect, DDoSecrets published over half a million emails from the Jhonlin Group, a coal mining and palm oil conglomerate that has been criticized by Reporters Without Borders and Human Rights Watch for using police to jail journalists.