Support Indymedia UK!
06.02.2009 18:49 | Indymedia | Birmingham | Cambridge | Leeds Bradford | Liverpool | Manchester | Nottinghamshire | Oxford | Sheffield | South Coast | World
In the light of the recent server seizure Indymedia UK has been left with serious damage to its infrastructure. It is also resource-intensive to replace a server both financially and time-wise, and that means we are in urgent need of your support to sustain our effort.
Please consider donating to Indymedia UK!
Comments
Hide 2 hidden comments or hide all comments
An Idea..
07.02.2009 11:16
Centralised collectives are open to attack, it menas on server removed problems for the whole network, one act of MISINFORMATION problems for the collectives.
Why not go down the path of local servers, i run one from under the stairs in the home of a relative, it backs up all of my data, we run a blog at wordpress, underclassrising comes by a big web host, but is backed up by the local server, we are not paranoid but understand when you ask questions of the state you are going to get attention.
It makes no sense to us, why indymedia keeps up with the centralsied way of doing things, when smaller collectives more local are more easy to run, less prone to acts of MISSINFORMATION, there is no doubt since the removal of said server more MISSINFORMATION has been posted to Indy, why contine to act in a way that is a detriment not a positive?
I have now asked for a feature article on this http://projectsheffield.wordpress.com/2009/02/05/and-its-yet-more-disgusting-voyeurism/ it has direct implications for Indy along with the way indy refuse to understand that cells are a better means of action, collectivisation has and will always be proven to be a detriment, not a positive way forward.
http://underclassrising.net/
e-mail: http://underclassrising.net/
Homepage: http://underclassrising.net/
On the one hand
08.02.2009 00:42
@nnoyed
Not money - people
08.02.2009 13:54
indymedia needs you
job ad
08.02.2009 14:33
Please do not ask for a 'positive attitude' if you are also listing a technical skill.
Is it possible for you to make up a wish-list of volunteer roles?
Lazy
Jobs for the boys
08.02.2009 15:44
Some way to flag posts would be good to - they have it on the london site.
David
IP Logging
10.02.2009 14:14
Interested bystander
One more time....
10.02.2009 17:11
INDYMEDIA DOES NOT KEEP IP LOGS!!! NEVER!!!
So why the reference to IP logs in the mailing list? Well, while IP data is not stored, admins are able to view the IP address of incoming publish requests and do this sometimes to act against persistent spammers and disinformation trolls. That info is held temporarily in memory and wiped when overwritten by subsequent data or when the feature or the server itself is switched off.
I will be raked over the coals now for revealing this open secret but isn't indymedia all about transparency anyway? You can read all about it in the documentation for the MIR code base if you are vaguely interested.
So, from the horses mouth - "Indymedia has in the past attracted the attention of authorities, that have occasionally tried to request logs of whom is accessing the web site and have in one occasion seized without any explanation our server. We believe in the right to anonymous political speech and therefore we do not keep logs that could provide any such information." - https://publish.indymedia.org.uk/en/static/security.html
ben (ex admin and now filtered off of the transparent mailing lists)
indymedia does not keep IP logs!!
"I would have had more faith in the often repeated mantra ... "
11.02.2009 21:22
Unbeliever
@indymedia needs you
12.02.2009 19:16
The strap line on the top of this sites web pages asserts that Indymedia is a "network of individuals, independent and alternative media activists and organisations, offering grassroots, non-corporate, non-commercial coverage of important social and political issues." The line used on the UK site leaves out part of the messaging included on some other sites in the Indymedia network which assures readers that indymedia is a "democratic media outlet for the creation of radical, accurate, and passionate tellings of truth."
That passion for the truth appears to be missing from the IMC UK 'united kollectives' as anymore following the various threads covering this story can attest. Repeatedly over the last few days, comments containing vital information, warnings and advice regarding security for the sites users have been hidden by the sites admins in a totally unaccountable fashion.
When an article is hidden from the UK newswire, the act is meant to be reported to a publicly archived mailing list called imc-uk-moderation. If you visit the archive you can in theory see what has been hidden and why but recently at least one admin admitted he'd not been bothering to do this and it was also revealed that automatic filters set up by admins were responsible for over 800 hidden articles last year alone with no notification to the list.
According to documentation on site policy on the docs.indymedia.org site, moderation of comments is also meant to be reported to the list but there is a kind of "unwritten consensus on some types of comment which probably don't need notification". Such exclusions include "mindless abuse, e.g. one-liners with "Kill all the ***", or "Indymedia sucks" and "spam comments unrelated to the actual content of the article". However when you check the comments that are being hidden without notification (the vast majority by a long shot) many certainly don't fall into those categories.
The policy document goes on to give the following advice to admins, "It's important you don't give in to the temptation of hiding comments that you violently disagree with, but don't really breach the editorial guidelines. Before hiding a comment, it's a good idea to ask yourself 'is this really against the guidelines, or am I just angry at the author for saying something so stupid?' We don't have the right to censor comments simply because we disagree with them."
IMC UK claims the following among the principles in its mission statement: a focus on grassroots politics, actions and campaigns; to reject all systems of domination and discrimination; and to work on a non-hierarchical basis. However among the posts the current admins have been hiding were call outs to the users to get involved in re-domocrasising the project by attending what should be open meetings of the collectives. And how open are these meetings, if you can even find information on where and when they met? Another (hidden) post revealed that the London collective was closing ranks and making it's meeting even more private.
What is this dark secret that must be hidden at any costs? Apparently it is nothing more than the fact that the admin interface provides a feature that allows IP addresses of recent posts to captured for the purpose of creating filters against unwanted posters. Is it so important that this should be hidden even if it means sacrificing transparency and the trust of the site users? So important that it is worth the astonishingly extreme of purging information from indymedias public archives going back almost six years in a futile attempt at a coverup?
That such a facility exists is no surprise, it's pretty much essential to maintaining the integrity of publishing platform, especially one which operates without user registration. What is surprising is that an organisation proporting to care about user security would go to such lengths to keep their users in the dark, especially surprising from an organsation which aspires to openness and horizontality.
We need to trust indymedia, not to be infallible but at least to tell the truth. We can cope with security risks when we are aware of them but to be placated with half truths and be cut down from discussing the issues, that's just not on.
Quoting a hidden comment, "Lets defend indymedia, defend ourselves - against not just the intimidation and threats of the state against our infrastructure but also against those among us who are bring shame down on all of us. We urgently need to hold these people to account as our enemies are having a field day and the long it festers the longer it will take to heal the rifts."
Born on the streets of Seattle in 1999, the indymedia project is approaching it's tenth anniversary. It would seem that this year would be a good time to assess its strengths and weaknesses, before either reinvigorating the project or building something stronger and better in its ashes as we move into what premisses to be the most significant period of social struggle this planet has ever seen.
Man arrested in Indymedia animal extremism probe: http://www.indymedia.org.uk/en/2009/02/421703.html?c=all
Police bail sysadmin in animal rights extremism probe : http://www.indymedia.org.uk/en/2009/02/421827.html?c=all
Hosting Indymedia Servers is Illegal? : http://www.indymedia.org.uk/en/2009/02/421839.html?c=all
View all posts, visible or hidden : http://www.indymedia.org.uk/en/viewallposts.html
a call to arms
its true
12.02.2009 19:50
If a site if meant to be completely open and democratic, then comments should be left on and only removed if they do not conform with the editorial guidelines. Otherwise the whole thing is a sham.
mike
open publishing, open editing, and its perils
12.02.2009 21:07
Chris
Open and Democratic
12.02.2009 21:27
Being 'completely open and democratic' while having 'editorial guidelines' is a contradiction in terms unless those editorial guidelines are set and enforced by the entire community (which they aren't).
If you want to see what a real open and democratic discussion looks like go to Usenet where there aren't any moderators, but where you'll struggle to move because of adverts for cheap pills.
Unbeliever
Getting the balance right
12.02.2009 22:04
There is a understanding between the users and those behind the scenes who make decisions to keep the site running as intended. Part of the understanding is that those people pulling the levers behind the scenes undertake to do so in a open and accountable way. Identifying then blocking the IP addresses of spammers and trolls who mess up the site for others is not an unreasonable thing to do but to remain open and accountable then information about what is being hidden and why should still be available.
It's obvious that some people have reacted in a bit of a knee jerk and embarrassing manor recently but it's perhaps understandable given the seizure of the server and the arrest of the sysadmin whose name was one the hosting contract. It would be good if everyone could just calm down a bit and come back to addressing all these real and important concerns with more of a level head and spirit of camaraderie rather than accusations and hostility.
my 2cents
Campaign for Truth & Justice, support for unrepressed independent medias
14.02.2009 10:22
I feel Indymedia has relevance and great task to stand up and allow alternative news information medium which the powers to be want to stifle and suppress from public consciousness and debates.
At this campaign we argue that it is not right, nor acceptable for people Unlawfully Imprisoned as a consequence of covert Judicial Corruption in the UK, to be blatantly denied Unlawfully redress provisioned for in law, (under Article 5 Section 5 ECHR and Article 13 of the same ECHR) by the same authorities which wants to enforce the same law to the letter on everyone else, with the exception of themselves, friends and corrupt colleagues within the establishment.
I for one is available to actively participate and contribute financially in my local area collectives, if as suggested by comment four and others, you make the process of joining and participating more easier to follow, with job ads, roles and skills as ‘even if it is an unpaid job, the job ad should specify the necessary abilities. So here I can committee publicly to £50.00 per calendar month from Campaign for Truth & Justice.
At this stage it is important that you do not begin to argue amongst yourselves, as that is what the real culprits want. Don’t blame yourselves, because the real matter of fact is that the corrupt establishment will always be looking to find a reason to justify anything it wants to do, legal or illegal. You must have your own definition of democracy and not the narrow scope version imposed by current undemocratic government authorities.
Ahmed Balogun
e-mail: info@ctjnet.co.uk
Homepage: http://www.ctjnet.co.uk
If I could donate I would, when I can I will, IMC isnt perfect sometimes things
14.02.2009 21:31
Green Syn
UK = United Kollektives?
15.02.2009 02:14
I apologize for offending, but it's been bothering me and now I've got it off my chest. I really hope my criticism is taken for what it is: constructive.
Dave In Iowa
UK = United Kollektives?
15.02.2009 02:20
I apologize for offending, but it's been bothering me and now I've got it off my chest. I really hope my criticism is taken for what it is: constructive.
Dave In Iowa
re: United Kollektives
15.02.2009 11:43
Also, maybe there is some cultural differences, because in the UK I don't think "collective" has any particular negative totalitarian-style communist connotations. The term is quite common for general alternative groups.
anon
Strengthen the Kollektives
15.02.2009 13:23
Indymedia needs people not money if it is to move forward and stay relevant.
people not pounds
getting involved is not easy
15.02.2009 22:00
interested
Bristle
16.02.2009 10:20
geeker
thanks for the info but
16.02.2009 15:27
whether they suffer the same issues as the imc uk network is another mater but the issue at hand is the uk network and the unhealthy state of the collectives which form it and the apparent unaccountable and non transparent way in which the imc uk admins are acting.
imc uk
RFC: Reinvent IP (reposting myself at the risk of blindness)
16.02.2009 19:57
No IMC will investigate another even when that compromises their own posters, and no one who has been betrayed by an admin from one collective can trust anyone from that collective to investigate impartially. That is a huge hole that has yet to be filled. Once an infiltrator is identified then what?
My main post is wider than that though so I've decided to repost it to a wider audience. Sorry, but.
If onion routing is currently compromised then what way forward? As an engineer I feel there are a myriad of anonymity solutions yet to be tried that are just crying out for implementation and yet currently my best advice is any public internet access, such as a cafe without webcams, submitted using gloves and a disguise. If you don't understand what I've been talking about then 'Turn Back Now', this post isn't aimed at you.
One solution could be to expand the number of onion routers exponentially. Let's face it, Tor etc are pretty unusable now and that would cure that problem.
I feel the answer lies in encryption though. Activists have won the battle for the desktop for the forseeable future. There is no excuse not to have every computer drive made impregnable to outside surveillance. I feel this is also the future of anonymous posting.
I have been thinking about this for months now and still don't have a 'magic bullet'. I have considered whether setting up a safe ISP or hosting site is the answer but these will become 'single points of failure'. Myabe encrypted P2P distributed messaging is more resilient. My best solution so far which I have passed to decent coders for consideration is encrypted tunneling networks within the net, where each computer creates a pseudonymn for each individual communication and accepts a pseudonominous request for communication.
I really don't know if TCP/IP is up to the job. It is a set of protocols developed by business and the military which relies on ID. Most surveillance software relies on this. Some of you will understand the protocol in depth and will know it is perfectly possible to connect computers using any other protocol that you care to invent as long as both computers understand the same protocol. For example, if one IM webserver understood my own protocol then I could communicate with it over the Internet without any IP connection, ISPs permitting.
Just now every protocol I have read relies on some form of ID. A message is fragmented and reconstituted according to some unique identifier. There are good reasons for that. But, a communications system could operate without unique identifiers when there is human intervention. If I posted this message here in fragments then an experienced operator would be able to reassemble them in the correct order fairly easily, and the worst case would be the odd message fragment would have to be dropped and resent.
It should be easy for a smart young kid to develop a routable P2P anonymous internet messaging protocol ideally suited to sites like IM and wikileaks. We have a vast amount of well-motivated and technically able people who could contribute. Because so much of the infrastructure of the internet is expectant of IP ( thanks Cisco) then it may have to be a new protocol encapsulated within IP.
Basically the world needs a way of communicating without any machine address, any thoughts?
xMCSE
re: RFC: Reinvent IP (reposting myself at the risk of blindness
16.02.2009 20:58
By this I assume you mean Tor? ( http://torproject.org) How is it compromised at the moment?
I find it fairly usable. It can be slow at some times of the day, but it works.
The main bottleneck with Tor is with the small number of nodes that allow traffic out onto the regular internet, since that is the most common usage of Tor. People often forget that Tor can also host anonymous websites, called .onion sites.
> I feel the answer lies in encryption though.
That definitely has to be a part of it!
The solution is to use decentralised networks where traffic is encrypted and routed randomly through other peers. In effect, we are all mini-ISPs for each other. To compromise this network, an attacker has to either control a large proportion of the users, or block users from talking to each other i.e. no single point of failure.
Tor is a good example of this. Freenet is another ( http://freenetproject.org) and so is I2P ( http://www.i2p2.de/)
IMHO these kind of networks will become more important in the future.
g33k
Boring, irrelevant, techie stuff
17.02.2009 01:05
"By this I assume you mean Tor? ( http://torproject.org) How is it compromised at the moment? "-g33k
Tor is just the most well known onion router. Reports that Tor has compromised are easy to find, impossible to verify from my techie point of view. Same goes for the alternatives, impossible for me to verify but a lot of negative chat fom better qulaified folk than me. I was originally responding to this post:
http://www.indymedia.org.uk/en/2009/02/422017.html?c=on#c215837
which linked to this article:
http://cryptogon.com/?p=624
I dunno about the various claims of Tor being compromised. While I am an informed expert compared to the average user, I acknowledge I am an uninformed user compared to the average expert.
Decades ago I had Israeli military encryption explained to me in basic terms that I could understand 'step by step'. Maths isn't my strong point so I am not on 'home-ground' here. I know how to test software but I still don't know how to test encryption so when I hear of 12 year olds cracking 2048 bit encryption using a rubiks cube and two old Ataris then I just have to shrug and spout cliches like 'the proof of the pudding is in the eating'. Except that is more than a cliche, that does imply 'black box testing' methodology. I expect most encryption to work as advertised mainly due to the lack of any prosecutions based on broken encryption so far - if they can bust us they will bust us seems a certain rule, as does the fact they won't advertise their succcesses.
Anyway G33k, ta for the response but back to my main problem. You have a building-full / world-full of computers. You need to send messages between them without identifying the sender. The veracity of the messages is less important than the anonymity of the user. To complicate matters there may be a black box inbetween that only permits IP communication.
So do you
a) design a new TCP/IP OSI protocol that circumvents the addressing/id issues?
or
b) design a new protocol that is outside the OSI model why still being able to 'pass through the gates'?
or
c) Use the existing infrastructure in a more intelligent way ? (please elaborate a little since I have no idea on this)
Like I said I've been thinking about this before this current case came to light. I have a good knowledge of protocols, less so encryption, but any solution I come up with seems eventually vunerable because of the protocols. It is a classic Sword vs Shield dilemma. If I do x as an activist then I would do y as a state administrator. This is genuine fundamentals here but the eventual root cause of technical failure of any communications system seems to be the unique identifier in-built into every protocol. Network architects use UI's because their main aim is usability, functionality, but if your main aim is security then is it really necessary? What other ways can fragmented messages be reconstructed, even at the risk of losing messages requiring them to be reposted?
Or put the problem in different language. When i was a kid I designed an alternative internet protocol but I still used a UI, in retrospect UIs were mainly for ease of programming. My problem was just to communicate succesfully, not to communicate safely. After some police attention I am now focussed on the safety aspect, and I now question why two computers have to identify each other to communicate when an admistrator is present. IP is by design unreliable, UDP is reliable. Yet we all rely on basic IP all the time. My wee idea is that less technically reliable protocols could be just as reliable with far less (zero) identifiable information.
This isn't about reliable file transfer, it is about untraceable human to human communications. I want to assume that there are coders and designers I don't know of who are already pursuing this aim. The unrelated computer movements that brought us safe P2P sharing and safe encryption are so dazzingly successful that I, blinded, expect the solution to safe political posting to come from a hybrid of those two techs.
Maybe not but I am convinced there is an unbeatable solution staring us in the face. That is a horrible technical itch to me. It really pisses me off that I can't tell my friends a perfectly safe way to post anywhere. Safety has to be possible in theory if not in current implementations. That is not intuitive, but then it isn't intuitive that I could lock a drive beyond the reach of the law.
My best guess is that the Plausable Deniability aspect of TrueCrypt is transferable to email through imaging. I honestly don't understand enough about that to know if it is also transferable to messaging.
xMCSE
My support to IMC-UK
19.02.2009 04:52
My solidarity with all the activists of Indymedia UK.
Latuff
e-mail: latuff@uninet.com.br
Homepage: http://tales-of-iraq-war.blogspot.com/
A couple of ideas full of holes for you to pick apart
24.02.2009 13:15
Well I'm like a rabbit in the headlights when it comes to all the techie stuff, but I follow you so far.
Just an idea I had, which wouldn't mean much for anonymity, but might mean something for plausible deniability: would it be possible to develop a system whereby even if the outgoing packets from a machine were intercepted, they wouldn't mean anything to the interceptor? And I don't just mean encrypted and stuff. Like, what if to submit a message to IMC you used a form that didn't use the typical input method of keyboard characters, but used an interface whereby it loaded common words and had a mouse click-based word composer?
Sorry, that's a mess, I'll give an example.
The form uses one of those new-fangled (javascript?) input fields that has a drop-down menu with predicted words that updates when you input one letter or number at a time. So you type 'tr' for 'trace', then click down a couple of times to select it. But the provided word list is randomised so that even if somebody cottoned on to the fact that you were posting a message to IMC, it wouldn't mean much because as well as being encrypted they wouldn't know which word 'tr' stood for, nor which word the down clicks had selected, because 'trace', 'track', 'true', etc, were switched all the time. And for the extra-paranoid, they could use a mouse-based character/word composer so keyloggers etc. wouldn't work.
And I'm getting even more out of my depth here, but what if the message-posting server was different from the publishing server? Would submitting a message to a non-publishing server (which posts the message for you on the publishing server) circumvent any possibility that you could be held liable for published comments? Probably not I'm guessing...?
TTD
Hide 2 hidden comments or hide all comments