We designed the AdLeaks system to work with partners who embed AdLeaks ads or AdLeaks bugs into their web pages. Our ads contain code that encrypts an empty message with the AdLeaks public key and sends the ciphertext back to AdLeaks. This happens on all users' web browsers. A whistleblower's browser substitutes the ciphertext with encrypted parts of a disclosure. The protocol ensures that an adversary who can eavesdrop on the network communication cannot distinguish between the transmissions of regular browsers and those of whistleblowers' browsers. AdLeaks ads are authenticated so that a whistleblower's browser can tell them apart from other code. Consequently, whistleblowers never have to navigate to any particular site to communicate with AdLeaks once our ads are sufficiently widespread.
When popular websites begin to support AdLeaks this produces increasing amounts of cover traffic. Nodes in the AdLeaks network reduce the resulting traffic by means of an aggregation process so that a small number of trusted nodes can recover whistleblowers' submissions efficiently. Since neither transmissions nor the network structure of AdLeaks bear information on who a whistleblower is, the AdLeaks submission system is immune to passive adversaries who have a complete view of the network.