Regionality may determine the future of whistle-blowing websites more than anything else. Governments and corporations in the West are, for the most part, now wise to the risks that lackluster cybersecurity allows, and though their systems are by no means impenetrable, significant resources are being invested in both the public and the private sector to better protect records, user data and infrastructure. The same is not true for most developing countries, and we can expect that as these populations come online in the next decade, some will experience their own version of the WikiLeaks phenomenon: sources with access to newly digitized records and the incentive to leak sensitive materials to cause a political impact. The ensuing storms may be limited to a particular country or region, but they will nonetheless be disruptive and significant for the environments they touch. They may even catalyze a physical revolution or riot. We should also expect the deployment of similar tactics from government authorities to combat such sites (even if the organizations and their servers are based elsewhere): filtering, direct attacks, financial blockades and legal prosecution.

Eventually, though, the technology used by these platforms will be so sophisticated that they will be effectively unblockable. When WikiLeaks lost its principal website URL, WikiLeaks.org, due to a series of distributed denial-of-service (DDoS) attacks and the pullout of its Internet service provider (which hosted the site) in 2010, its supporters immediately set up more than a thousand “mirror” sites (copies of the original site hosted at remote locations), with URLs like WikiLeaks.fi (in Finland), WikiLeaks.ca (in Canada) and WikiLeaks.info. (In a DDoS attack, a large number of compromised computer systems attack a single target, overloading the system with information requests and causing it to shut down, denying service to legitimate users.) Because WikiLeaks was designed as a distributed system—meaning its operations were distributed across many different computers, instead of concentrated in one centralized hub—shutting down the platform was much more difficult than it seemed to most laymen. Future whistle-blowing websites will surely move beyond mirror sites (copies of existing sites) and use new methods to replicate and obfuscate their operations to shield themselves from authorities. One way to accomplish this would be to create a storage system where fragments of files are copied and distributed in such a way that if one file directory is shut down, the files can be reassembled from those fragments. These platforms will develop new ways to ensure anonymous submission for potential leakers; WikiLeaks constantly updated its submission methods, warning users to avoid earlier cryptographic routes—among them SSL, or secure sockets layer, and hidden Tor service, using the highly encrypted Tor network—once they had determined that those were insufficiently secure.

And what of the individuals leading this charge? The Assanges of the world will still exist in the future, but their support bases will remain small. The more welcomed whistle-blowers of the future will be the ones who follow the example of people like Alexei Navalny, a Russian blogger and anticorruption activist, who enjoys much sympathy from many in the West. Disillusioned with Russia’s liberal opposition parties, Navalny, a real-estate lawyer, started his own blog dedicated to exposing corruption in major Russian companies, initially supplying the disclosures himself by taking small stakes in the businesses and invoking shareholder rights to force them to share information. He later crowd-sourced his approach, instructing supporters to try to do the same, with some success. Eventually, his blog grew into a full-blown secret-spilling platform, where visitors were encouraged to donate toward its operating costs via PayPal. Navalny’s profile grew as his collection of scoops swelled, most notably with a set of leaked documents that revealed the misuse of $4 billion at the state-owned oil pipeline company Transneft in 2010. By late 2011, Navalny’s public stature placed him at the center of preelection protests, and his nickname for Vladimir Putin’s United Russia party, the Party of Crooks and Thieves, had gone viral, adopted widely throughout the country.

Navalny’s approach, at least in the beginning of his new activism, was distinctive in that for all his zeal he had not turned the focus of his whistle-blowing operation toward Putin himself. His targets had largely been commercial, although given that the Russian public and private sector are not always easily distinguished, the information implicated some government officials as well. Moreover, despite the harassment he experienced—he had been arrested, imprisoned, spied on and investigated for embezzlement—he remained free for years. His critics may have called him a liar, a hypocrite or a CIA stooge, but Navalny remained in Russia (unlike so many other high-profile Kremlin opponents) and his blog was not censored.

Some think Navalny did not constitute much of a threat to the Kremlin; his name recognition among Russians remained quite low, though his supporters argue that such figures merely reflect low Internet penetration across the country and the success of state media censorship (Navalny was banned from appearing on state-run television). But a more interesting theory is that, for a time at least, Navalny found a way to toe the line as an anticorruption activist, knowing what to leak—and from whom—and what areas to avoid. Unlike prominent Putin critics, like the jailed billionaire Mikhail Khodorkovsky and the self-exiled oligarch Boris Berezovsky, Navalny seems to have found a way to challenge the Kremlin, while fighting corruption, without veering into overly sensitive areas that might place him in grave danger. (Short of a badly doctored photograph that appeared in a pro-Kremlin newspaper showing Navalny laughing with Berezovsky, there is little to suggest he has any ties to those critics.) His presence seemed to be tolerated by the Russian government until July 2012, when it deployed all available tools to discredit him, formally charging him with embezzlement in a case concerning a state-owned timber business in the Kirov region, where he had formerly worked as an advisor to the governor. The charges, carrying a maximum sentence of ten years in prison, reflected how much of a threat the resilient antigovernment protest movement had become. The world will continue to watch the trajectories of figures like Navalny to see whether his approach provides some measure of insulation from attack for digital activists.

There is also the frightening possibility that sites will emerge created by people who share the design and scale of these whistle-blower platforms but not their motivations. Rather than functioning as a clearinghouse for whistle-blowers, such platforms would serve as hosts to all manner of pilfered digital content—leaked active military operations, hacked bank accounts, stolen passwords and home addresses—without any particular agenda beyond anarchy. Operators of these sites would not be ideologues or political activists; they would be agents of chaos. Today, hackers and information criminals publish their ill-gotten gains fairly indiscriminately—the 150,000 Sony customer records released by the hacker group LulzSec in 2011 were simply made downloadable as a file through a peer-to-peer file-sharing service—but in the future, if a centralized platform emerged that offered them WikiLeaks-level security and publicity, it would present a real problem. Redaction, verification and other precautionary measures taken by WikiLeaks and its media partners would surely not be performed on these unregulated sites (indeed, Assange told us he redacted only to reduce the international pressure that was financially strangling him and said he would have preferred no redactions), and lack of judgment around sensitive materials might well get people killed. Information criminals would almost certainly traffic in bulk leaks in order to cause maximum disruption. To some extent, leaking selectively reflects purpose while releasing material in bulk is effectively thumbing one’s nose at the entire system of secure information.