Geedge & MESA Leak: Analyzing the Great Firewall's Largest Document Leakcore

Operational-intelligence value is enormous: leaked source/docs from GFW vendors reveal the *intent* and *implementation* of detection systems, not just their externally-observable behavior. Lantern protocol designers should treat this as a primary threat-model input. Raw materials (~600 GB): - BitTorrent: https://enlacehacktivista.org/geedge.torrent - Direct HTTPS: https://files.enlacehacktivista.org/geedge/ Inventory (selected): - mirror/repo.tar (500 GB) — RPM packaging server snapshot - geedge_docs.tar.zst (15 GB) — Geedge internal documents - geedge_jira.tar.zst (3 GB) — Jira ticket export - mesalab_docs.tar.zst (35 GB) — MESA Lab internal documents - mesalab_git.tar.zst (64 GB) — MESA Lab git repositories Safety: GFW Report explicitly recommends analyzing only in an isolated VM without internet access. Files may contain malware- laden content; downloading them in an unscoped environment exposes the analyst to surveillance and risk. Curated discussion + index: https://github.com/net4people/bbs/issues/519 Lantern handling: this corpus does NOT host the raw materials and does NOT operate a network-reachable MCP over them. If a team member pulls them locally for analysis, they should run a personal/local MCP (or just grep) inside an isolated VM. Findings extracted from the raw material that inform protocol design belong in circumvention-corpus-private (visibility: internal) with redistribution_terms requiring re-derivation from public evidence before any external citation — see the README visibility model. Independent analyses already published (each entered separately as a corpus paper): InterSecLab "The Internet Coup", Amnesty's "Shadows of Control" (Pakistan), Justice for Myanmar's "Silk Road of Surveillance". InterSecLab spent nine months indexing/translating the corpus, so their report is the most thorough external read.