How do you know that Indymedia does not keep logs?
IMC-UK | 19.02.2009 00:00 | Indymedia Server Seizure | Analysis | Indymedia | Technology
Indymedia UK (IMC-UK) is a network of activists who provide an open publishing platform. We are part of the wider Indymedia Network that started in Seattle during the protests against the WTO in November 1999, and the UK site was one of the first to join the network in early 2000. In common with all Indymedia Centres (IMCs) around the world, as designated in the (draft) Principles of Unity, IMC-UK does not log IP addresses - as detailed on the security page. Moreover, following on from previous requests by governmental authorities for logs, IMC-UK and many other Indymedia sites (e.g. the global website, www.indymedia.org) do not retain any logs related to the website. These facts are documented on our open mailing lists and on the open IMC documentation site, docs.indymedia.org. (here for example).
In the rest of this article, we provide some advice on how to improve the measures you take when publishing on the website if you want to do so anonymously. We also outline some legal procedures that could potentially be used to attack Indymedia and the right to free expression, as well as describing some of the technical points in more detail.
What if you don't trust us?
Maybe the police have infiltrated us. Maybe there is some software security issue we're unaware of that means the police can track our users. Maybe the police/GCHQ/NSA/FBI/CIA are monitoring all the connections to our server. Maybe we're just a bunch of amoral snitches... Although we have previously had hassle from the FBI, the police, and even Russian oligarchs, that doesn't mean you have to trust us. And, ultimately, we don't actually mind if you don't trust us. We simply state what we do - believe us if you like, or don't. Your call.
Here are some things that you could do to improve your security when using the IMC-UK website:
- Only post stuff to Indymedia that won't get you in trouble.
- Use Tor - an application that allows you anonymise your IP address. Bear in mind that it is not 100% safe - see these Tor caveats.
- Don't post it on Indymedia, post it on wikipedia or blogspot or... well those two aren't that good, but wikileaks is pretty secure and better security than Indymedia in a number of ways.
- Set up your own open publishing platform: the more the merrier.
- Don't post anywhere on the internet.
Legal points relating to Indymedia UK
Indymedia provides a platform for anyone to publish their news: text, photos, video, whatever. Thus, as citizen journalists, we are entitled to some protection from seizure of our materials under the UK law regarding "excluded materials." This is not an absolute protection - and would depend on the circumstances and seriousness of any alleged crime.
The UK Indymedia publish server is located in the USA. Thus, to be able to gain access to this machine, the UK would have to get a Mutual Legal Assistance Treaty (MLAT) agreement with the USA (similar to the one that was received by the USA from the Italian authorities prior to the Ahimsa server seizure in 2004). This is not an easy undertaking and would require a strong justification for the request.
Additionally, Indymedia has many contacts and has been supported in the past by organisations like Liberty, the Electronic Frontier Foundation (EFF), the Association for Progressive Communications (APC), the National Union of Journalists (NUJ), Members of Parliament and many others.
Technical points about UK IMC
Hardware encryption
There are two physical servers that are owned by Indymedia UK. The first is the publish server (see below for more information about how the website software is designed), which is named Traven (after B. Traven, the author) and is located in Seattle, USA. The second was called Strummer (after Joe Strummer of The Clash) and is located in the UK. Both servers use Debian GNU/Linux and make use of disk encryption, which means that the data needs to be decrypted before it can be used. Disk encryption is carried out for the protection of all users: those viewing the website as well as the system administrators and Indymedia moderators. This is because, although we take measures (as outlined below) to ensure anonymity, we cannot be certain we have not overlooked something and so we wish to protect this information should it fall into the wrong hands.
The passphrases required for the disk encryption software are long (in the region of 30-40 characters, minimum) and not memorable - instead, they are only stored in an encrypted format by trusted administrators. If any of the servers are turned off for any reason (e.g. if there is a power cut), the passphrases need to be manually re-entered before the machine can become functional again. This is why there is sometimes a slight delay in reinstating services should a server become unreachable. Additionally, people who have physical access to the servers do not normally hold the passphrases - and, in some instances, the passphrases are kept in a different country to where the machine is located.
Software anonymisation
The UK Indymedia website uses a software called 'Mir'. This is designed around a central publish server from which static HTML content is then copied to mirrors. UK-IMC has employed up to 10 mirrors at any one time, although usually we use less than this number. The mirrors may be located anywhere around the world, and when you click on www.indymedia.org.uk you will be redirected to one of these mirrors at random. Mirrors, like the publish server, are set up to not log IP addresses - even though they only receive page views and do not contain any information about who posted an article.
Both the publish server and all the UK Indymedia mirror servers have Apache (the webserver software) set to not write any log files. But, since Apache requires an ErrorLog file before it will start, this is redirected to /dev/null/, thus:
ErrorLog /dev/null
This is important because otherwise errors (such as 404's - when a non-existent page is requested) are written to a file. Additionally, the way of controlling precisely what info is logged is via the LogLevel directive - and this cannot be set to not contain IP addresses.
There are no other lines related to recording information (logging) anywhere in the Apache configurations employed by Indymedia UK. The directory on the UK publish server that would normally contain log files relating to Apache shows only the following:
traven:~# ls -l /var/log/apache2/ total 28 -rw-r--r-- 1 root root 24704 2009-02-10 01:39 jk-runtime-status -rw-r--r-- 1 root root 1 2009-02-10 01:39 jk-runtime-status.lock traven:~#
The two files shown here are related to the Mir software, which uses Java, and do not contain any information related to users. Indeed, this software was specifically designed for Indymedia, taking into account the provisions of the (draft) Principles Of Unity and the results of many discussions on the international imc-tech mailing list.
Conclusion
Indymedia takes your privacy seriously and works hard to ensure that the strictest security measures are in place. However, while we hope that everybody trusts our commitment to protect our users - and thus our technical and security procedures - we also understand that the measures we take may not be easily understandable by non-techs. In this article we have therefore tried to explain some of the measures we take and why we take them. We end with a reiteration of our commitment to the global Indymedia Principles of Unity - and particularly want to highlight Principle 4:
4. All IMC's, based upon the trust of their contributors and readers, shall utilize open web based publishing, allowing individuals, groups and organizations to express their views, anonymously if desired.
IMC-UK
Homepage:
http://www.indymedia.org.uk
Additions
Some security resources for those concerned
19.02.2009 15:26
http://tor.eff.org Torpark - A secure browser built on Firefox Deer Park, using the Tor network.
http://www.torrify.com Ultrasurf - Secure Internet surfi ng.
http://www.ultrareach.com Freegate - Encrypted Internet access.
http://www.download.com/3000-20-10415391.html Peacefi re - A censorship circumvention tool.
http://www.peacefi re.org/ Hacktivismo - An international group of hackers, human rights workers, lawyers and artists that evolved out of The Cult of the Dead Cow (cDc).
http://www.hacktivismo.com Tactical Technology Collective - A non-profi t foundation promoting the use of free and open source software for non-governmental organizations, and producers of the Security NGO-in-A-Box.
http://security.ngoinabox.org/ http://www.tacticaltech.org/ Reporters Without Borders, Handbook for Cyber-Dissidents and Bloggers
http://www.rsf.org/rubrique.php3?id_rubrique=542 Digital Security and Privacy for Human Rights Defenders by Dmitri Vitaliev
Published by Front Line - The International Foundation for the Protection of Human Rights Defenders
http://www.frontlinedefenders.org http://www.frontlinedefenders.org/manuals/en/esecman.html
but, really, get real
Comments
Hide the following 44 comments
The double edged sword of anonymity
19.02.2009 15:51
Indymedia seeks to provide security for the former, a way for people to publish first hand reports about the struggles they are involved in without getting their collars felt by the political police, powerful corporate interests or their employers. Sadly the later obtain equal cover and are free to hurl unsubstantiated accusations at whoever they please for whatever reason they might have.
Free reign for pretentious artists and danny boys to publish divisive claptrap on what was meant to be a platform for radically biased grassroots news coverage of important social and political issues - that is the price we all pay for anonymity.
n@
An official IMC UK statement?
19.02.2009 16:33
Which secret little grouping penned this classic, "some things that you could do to improve your security when using the IMC-UK website" then goes on to advise, don't post on Indymedia or don't post online at all? Useful.
And what exactly was this feature meant to express that hasn't already been said by indymedia in the security page, start page special, previous feature and newswire reports? Okay, we get it, indymedia servers don't save to disk any logs generated by the web server software. Yup, you've repeated that enough but some of us were hoping for something more.
Anything else still to say?
waiting
it's irrelevant whether Indymedia is "infiltrated" or not
19.02.2009 23:25
You should never rely on a single third party for your anonymity anyway. Even if I knew every Indymedia admin personally and trusted them all totally, I still wouldn't rely on them. Accidents happen, people change, one of them could get a keylogger physically placed on their machine.
If you want anonymity, use something like Tor (
g33k
Anonymous and paranoid?
20.02.2009 08:24
My IP is 123.456.789.001 ;)
Wotsit
Some strategies indymedia could impliment to improve security
20.02.2009 15:53
a) Full disclosure of all pertinent information.
b) Provision of well written how-to instructions on using Tor on any platform.
c) Laying on training and indymedia 'open days' at hacklabs and social centers.
2. Protect users from rouge admins manually logging IP information, either by completely disabling the facility for admins to view IP logs held in memory, or:
a) Introduce a public log of which admins switch on the IP log, when, why and for how long.
b) Make it so that it will log only the next X number of submissions rather then switch off automatically.
c) Obscure logged IP addresses using a non reversible hashing algorithm.
That final option would allow spammers to be identified and filtered without indymedia having to retain any information which could be used to track and identify a specific individuals computer.
3. Protect users from traffic analysis using one or all of the following methods:
a) Insert random delay between the submitting of a form and the actual act of publishing.
b) Introduce random error into the time shown on published articles.
c) Publish after a specific number of other secure connections have been made to the publish server.
d) Add an option to the publish field that allows users to specify time an article will be published.
All or any of the above would make it impossible to establish beyond reasonable doubt that any specific individual was responsible for any specific post based on the time they were known to connect to indymedia and the time an article appeared.
g33k2.0
Geeky suggestions are go
20.02.2009 16:27
That hashed IP logging could also work well, helping indymedia admins to identify persistent disinfo trolls while preventing anyone who might gain access to the admin interface from noting down information that could be useful to the police. If I understand it correctly it is the same as the way passwords are generally stored using a repeatable but non reversible algorithm to generate a 'finger print' of the users password without actually having to keep the password. This prevents hackers or dodgy admins from obtaining those passwords which the users might use for other purposes.
It would be pretty simple to implement I think. There are probably better algorithms which weight some parts of the IP address higher than others or discard some information to make trivial reversal impossible but even just adding up all the numbers would work. Take the IP address 203.129.78.32 then add all the numbers together and you get 442 which you store instead of the IP address. The same IP address will always produce 442. There will be other IP addresses occasionally produce the same result, for example 197.124.42.79, but it is relatively improbably. Anyone wanting to calculate the original IP address from the stored value 442 would be completely wasting their time but admins would be able to see that one person was responsible for a series of posts and therefore be better placed to spot deliberate misrepresentation and misdirection.
null
Log off Log on. which is it
20.02.2009 16:49
clueless
re: Some strategies indymedia could impliment to improve security
21.02.2009 01:29
> disabling the facility for admins to view IP logs held in memory, or:
>
> a) Introduce a public log of which admins switch on the IP log, when, why and for how long.
> b) Make it so that it will log only the next X number of submissions rather then switch off automatically.
Someone with admin rights on the server could always install some kind of hidden program that makes their own separate IP log that would be unknown to anyone else. Once someone has admin rights or physical access to the machine, you just can't totally protect against any damage they might do.
I think it is a red herring to focus on this too much. Hiding of IP addresses is better done by the end user, using Tor.
> c) Obscure logged IP addresses using a non reversible hashing algorithm.
>
> That final option would allow spammers to be identified and filtered without indymedia having
> to retain any information which could be used to track and identify a specific individuals computer.
Firstly, as above a rogue admin could just bypass this and record the IP addresses before the hashing happens.
Secondly, it would be trivial for someone to run the hashing algorithm on every possible IP address, build a database of hashes, and then use that to match any hash back to an IP address (or possibly multiple IP addresses, if there are collisions.
Or if the police get a list of the hashed IP addresses, they could just get a list (from the ISP) of all IP addresses connecting to Indymedia at that approximate time, and apply the hash to all of those to see which one matches.
g33k
We are told
21.02.2009 15:27
We are told "maybe the police have infiltrated us" but how would we know when comments containing accusations of this kind are hidden by admins (perhaps even the same admins the accusations refer to) and go unreported so no other admins may even be aware that the accusations have been made.
We are told of Indymedias' "commitment to the global Indymedia Principles of Unity" [
We are told that all IMC's consider "open exchange of and open access to information a prerequisite to the building of a more free and just society", while IMC UK continues to hide information that could be essential to its users remaining free, even going so far as to delete their own archived records.
We are told IMC UK is committed to "a direct, participatory democratic process that is transparent to its membership", but admins secretly hide comments they don't like with no way for the contributor to find out who did it or why.
We are told "we don't actually mind if you don't trust us". Well that doesn't really inspire much solidarity but may be the most honest statement in the whole article.
the membership?
more geek thoughts
21.02.2009 15:40
> program that makes their own separate IP log that would be unknown to anyone else.
You confuse those who have been given access to the admin interface of the indymedia cms with those who have root access. There are perhaps dozens with admin access but there are unlikely to be more than two or three sysadmins with root access. None of those with ordinary admin access could install any kind of hidden logging program but currently any of them could be manually recording IP addresses from the admin interface. Although I agree that ideally the end user should take steps to address this, it is not a red herring to reduce the risk inherent within the cms.
> if the police get a list of the hashed IP addresses, they could just get a list (from the ISP)
> of all IP addresses connecting to Indymedia at that approximate time, and apply the hash
> to all of those to see which one matches.
I don't think so, especially if indymedia implemented the delayed publishing idea. The hashing idea proposed was for non reversible hashes, a really simple algorithm which reduced IP addresses from the billions possible down to just hundreds so reversal would produce way to many collisions to provide any kind of proof. A list of the hashes and articles and comments would have significantly less evidential value than an ip log while still enabling indymedia admins to identify certain types of abuse and act against it.
I followed the link to the wikileeks security page provided in the indymedia article above and thought of an additional step that indymedia could take (perhaps they already are). It is clear that their publish server and html mirrors are on different servers so basically when you read something on indymedia you visit a different server than when you publish. This is potentially dangerous as it exposes those who publish to traffic analysis as they are separate from the far more frequent accesses by those who are simply reading from the site. Wikileeks automatically generates false secure connections with servers around the world to help hide genuine users from traffic analysis. Indymedia could do something similar, perhaps by simply directing some of non publishing connections at the publishing server instead of one of the mirrors. Even if just one in ten of the traffic that normally went to a mirror was instead directed at the publishing server then that would go a long way to obscure connections from people that were publishing a comment or an article. There would be no way for somebody watching the encrypted traffic to establish if the connection related to reading or contributing an article.
2.0 ?
Aliases and security
21.02.2009 16:31
Danny
re: more geek thoughts
21.02.2009 19:04
> > program that makes their own separate IP log that would be unknown to anyone else.
>
> You confuse those who have been given access to the admin interface of the indymedia
> cms with those who have root access. There are perhaps dozens with admin access but
> there are unlikely to be more than two or three sysadmins with root access. None of those
> with ordinary admin access could install any kind of hidden logging program but currently
> any of them could be manually recording IP addresses from the admin interface.
I do understand this, but maybe I should have explained it more clearly. The point still stands: you
shouldn't place your trust in those 3 sysadmins, since if any one of them are compromised,
so are you.
> Although I agree that ideally the end user should take steps to address this, it is not a red
> herring to reduce the risk inherent within the cms.
I sort of agree, it is an extra layer of security, but I still think people should be aware of the risks.
For all I know, Indymedia could have been set up by the state deliberately to monitor activists.
Now, I don't think that is true, but it is hypothetically possible, and someone new to the site
can't make an informed judgment either way about that.
Also, I wouldn't want the responsibility for my anonymity to rest on the shoulders of those
3 sysadmins. It is bad both for them and for me.
And eventually they could just make it a crime for the sysadmins to not log and reveal IP addresses.
So you need a way so that the sysadmins can have "plausible deniability" with regards to the logs.
With Tor, they have this.
>> if the police get a list of the hashed IP addresses, they could just get a list (from the ISP)
>> of all IP addresses connecting to Indymedia at that approximate time, and apply the hash
>> to all of those to see which one matches.
>
> I don't think so, especially if indymedia implemented the delayed publishing idea.
> The hashing idea proposed was for non reversible hashes, a really simple algorithm
> which reduced IP addresses from the billions possible down to just hundreds so
> reversal would produce way to many collisions to provide any kind of proof. A list
> of the hashes and articles and comments would have significantly less evidential
> value than an ip log while still enabling indymedia admins to identify certain types
> of abuse and act against it.
You can't have it both ways: if you hash the IP addresses down to too small a set then
they become useless for identifying spammers or other bad IP addresses, and you will
block genuine posters.
If you make hash collisions too infrequent, a pre-built dictionary of hashes is a trivial
attack, and is commonly used in practice. Especially since the number of IP addresses
is relatively small compared to, for example, the number of possible passwords.
I don't think there will be a happy medium unfortunately. I'm sure the number of IP addresses
connecting to Indymedia in any hour is relatively small. If you are going to get a few hash
collisions just within that hour, it will be useless for the intended purpose. And if not, the
hash database will easily give an attacker a single IP address, or at the very least a small
list of possible IP addresses.
Giving people the option of delayed publishing is an excellent idea though.
> I followed the link to the wikileeks security page provided in the indymedia article
> above and thought of an additional step that indymedia could take (perhaps they
> already are). It is clear that their publish server and html mirrors are on different
> servers so basically when you read something on indymedia you visit a different server
> than when you publish. This is potentially dangerous as it exposes those who publish
> to traffic analysis as they are separate from the far more frequent accesses by those
> who are simply reading from the site.
That sounds like a very good idea.
g33k
Aliases and security - very funny in this instance
21.02.2009 20:00
A repeated alias isn't necessarily bad for security and can aid comprehension and trust, many folk here do post regularly and openly under their real name simply because they are proud of what they do. Seemingly the software isn't up to permitting mainted 'logged on' identities that prevent that sort of id theft, I have asked that same question in the past. Some people have certainly used that as a smear tactic if you argue against them on one thread then your pseduonymn appears on an unrelated thread spouting disingenuous crap. The same people post multiple times on the one thread to create a false impression of consensus.
Oh, g33k, I can testify this isn't a site set up to monitor activists or I would have been arrested by the police long before I pissed off an admin. The only way to test the safety of a stepping stone though is to put some weight on it. There was a report in El Reg recntly about IP security flaws that should interest you.
Danny
hashed IP logging for enhanced security
21.02.2009 23:58
Actually logging of hashed IPs for security reasons is not a new idea and already implimented in at least one indymedia CMS, dadaIMC.
"The Blocked IPs module allows you to prevent posting by visitors using either IP addresses or (a bit more secure) MD5-encrypted IP addresses. To block an IP address, you must either know it in advance, temporarily capture IP addresses in the Apache log, or use the "Capture IPs" module preference (Admin->Site Prefs->Misc->Accounts) to log IPs to the dadaphp.log" -
The ability to admins to temporarily switch on logging is not unique to dadaIMC but may be implemented in different ways. On MIR, the codebase used by indymedia UK, the IP log is held in memory and not saved to disk.
Most CMS have some facility to identify and block abusive users and that includes most of the purpose built indymedia codebases currently in use.
The documentation for SF Active (which is one of the most popular indymedia CMS) contains the following:
"You can set sf-active that it logs the ip-numbers of people who publish. You must be aware that logging ip numbers of people who publish is potentially dangerous for activists. In other words, you shouldn't do it. We advice you only do it for a short time to find people who manage to get through the rules defined above... IP log lets you take a look at the file /www/htdocs/sf-active/sitename/local/cache/ip_log.txt to check the ips of the people who posted articles and comments." -
Since the facility to temporarily log IP addresses already exists (and is arguably essential to blocking spam) then implementing hashed storage of those IP address, such as the system used by dadaIMC, would seem to be a reasonable and sensible compromise.
coder
Homepage:
http://sfactive.indymedia.org/docs/en/03_use_instructions/02_admin/07_spam/index.html
Remove IP logging from MIR
22.02.2009 01:51
While it is true that sysadmins with root access could still harvest IP addresses, it is a lot harder for an infiltrator to obtain the level of trust required to be given root permissions than it is for them to become a volunteer moderator with the ability to spy on IP addresses within the CMS.
Remove the feature - remove the opportunity. It may make some of the amateur spammers a little harder to filter but it is a small price to pay.
interested bystander
how does hashing IP addresses make it any more secure?
22.02.2009 01:52
> IP addresses or (a bit more secure) MD5-encrypted IP addresses
Sorry, but I still don't understand how MD5 hashing of IP addresses makes it any more
secure. It seems to me like what they call "security theatre" where the facade of
security is there but it has no real substance.
I assume that dadaIMC use a "salt" when MD5 hashing the IP address?
This would make dictionary attacks against *all* entries in the IP address log more difficult. But generally an attacker would only be interested in *one* of the hashed IP addresses - the one that posted a specific news item or comment.
And what would you use as the salt? It would have to be the same each time you get the same IP address, otherwise the hashes wouldn't match.
And if you store the salt somewhere so you can compare the hashed IP address to a raw IP address, an attacker can just use that salt to hash every single IP address to find which one it is. If they have a list from the ISP of all IP addresses connecting to the Indymedia server within that day, it makes the job even quicker.
I'm not an encryption expert, so maybe I am overlooking something. If so, please enlighten me!
I think going down this route is a red herring. It may give some protection against an opportunist but it won't protect against a determined attacked (e.g. the state). It is essentially security by obscurity:
Tor will be a good solution from the point of view of the user. But what if spammers post a load of stories via Tor? Then the IP address filter will be useless.
You would need the ability to set up user accounts in Indymedia. Then if you only access them over Tor, Indymedia never knows your true identity, but you can build up a reputation with your "pseudonymous" identity.
Alternatively, Indymedia could allow user to upload their public PGP-keys and allow users to PGP-sign their posts (sent over Tor). Then they will know if a message is from a user that has posted good information in the past, or if it is from a spammer.
g33k
re: hashed logs on toast
22.02.2009 14:07
The Oscailt CMS used by Indymedia Ireland amongst others has probably the most impressive suite of tools for handling publishing abuse. Yet even with its array of powerful tools the manual for Oscailt describes IP logging and filtering as the biggest gun available to administrator.
"Normally IMC codebases don't collect or rely upon IP addresses at all for privacy and security reasons - and neither does oscailt! Oscailt manages to do this by providing a real-time IP monitor facility which only collects the IP addresses of the last few publishers to the site. Most of the time, this feature should be disabled and when it is disabled, it purges all IP addresses from the system. When you encounter an abusive user, you can discreetly enable this feature and use the monitor to view the IP addresses of only the people who publish to the site. When the abuser next publishes, you can simply click on his IP address and select the length of ban that you want to give him. " [
It sounds very much like the IP monitoring currently available to IMC UK admins in the MIR codebase.
A UK admin who uses the nick gdm made a proposal yesterday on the imc-uk-moderation list [
XFCE
SHAC posts to be filtered?
22.02.2009 18:44
> [
> an automatic filter to block posts from the SHAC campaign.
That is the dumbest idea I have ever heard.
Nothing from the SHAC campaign itself ever breaks the Indymedia guidelines. This is getting as bad as the state for guilt by association. Any posts that are not allowed would either be from SHAC supporters without the knowledge of anyone else, or from opponents of SHAC.
The main reason this is a stupid idea though, is that it makes it trivial for anyone to get any campaign they don't like filtered. Just make posts that break Indymedia's guidelines pretending to be from that campaign.
This would open the floodgates for an arms race of malicious spoof posts.
Are they suggesting any post with the word SHAC in it be filtered? If so, people could just not use the word SHAC, or write it in some other way like S*H*A*C.
This is a total non-starter, I can't believe anyone even suggested it.
If posts that get Indymedia into trouble are a problem, why not make all posts moderated so an admin has to explicitly push them live?
I'm not sure this is necessary though. The police wouldn't raid any other blog if someone posted personal or illegal information there, and the blog owners took it down in a reasonable time. Indymedia only gets the hassle because of political reasons.
anon
@anon
23.02.2009 13:13
The issues of security inherent with us entrusting our anonymity to a small pool of unknown admins mirror the issues of democracy when we entrust our freedom of expression to a small pool of unknown moderators.
There have been some great ideas here for how some of the security issues can be addressed. In the light of the ongoing censorship regarding IP monitoring, does anyone have similar constructive suggests on how the moderation process could also be improved? Perhaps something more like slashdot where the whole community gets help moderate?
Chris
IMCistas should be ashamed
23.02.2009 13:52
Chris
Very much not the Indy I knew
23.02.2009 14:38
Going back six years to hide the evidence of something that was already in the public domain and held in various caches was a mistake, it was childish and petulant. I'm sure that Indy UK logs IP's from time to time, they certainly have extensive blocking in place for trolls, Nazis, 911 nutters etc and rightly so but that's not the problem. The issue is the policy of hiding all dissenting opinion and then pretending it never took place, the clasification of all said opinion as 'disinformation' and the constant repetition of 'all moderation questions sould be sent to the moderation lists'. We know the moderation lists are only open to some and we know that most of the questions listed there about moderation issues are routingly ignored so it is not surprising that contributors feel the need to ask their questions in the newswire, they know it's the only way their words will be seen and maybe replied to.
If Indy UK is going to survive it needs to be honest about its mistakes, open up debate on important issues that concern the readers & contributors and most of all not adopt the 'It's my ball and I'm taking it home' response to issues it feels uncomfortable with.
If Indy UK is going to survive in a world that has Web 2.0 and the rest it needs to embrace those who are its life blood, the readers and contributors, a policy of 'do it our way or go away' will not work.
Solidarity and Love
Mike
Former Indy contributor
One set of rules for them and another for us
23.02.2009 15:07
Can I smell mutiny brewing
Lucy
My suggested solution
23.02.2009 15:49
That way there is no talk of cover ups or secret cliques running the site just open accountable discussions and with luck a lot more new peeps to help with the running of Indymedia UK.
Ian
e-mail:
ianandsue@protimius.net
For IMCister
23.02.2009 17:16
How hard is that for you to understand ?
ordinary imc user
Who on earth penned "What if you don't trust us?"
23.02.2009 20:00
The advice outlined above should be a standard. After the fact isn't much use to anybody.
I do not condone an idiot posting the home address of a Judge. That's his job and entiled to the same privacy we all demand. Very stupid!
The internet is NOT anonymous PERIOD! A specific server may not capture and log but that is pretty much a non issue (except ofcourse it's much easier if they do) as Law Enforcement can gather logs from ISP's, Hosting Farms etc easily. All backbone routers in the UK are mirrored (by the Home Office) capturing all connections (and data on a whim).
"The UK Indymedia publish server is located in the USA. Thus, to be able to gain access to this machine, the UK would have to get a Mutual Legal Assistance Treaty (MLAT) agreement with the USA (similar to the one that was received by the USA from the Italian authorities prior to the Ahimsa server seizure in 2004). This is not an easy undertaking and would require a strong justification for the request."
Seriously? LOL!
Good Luck :)
LOL
PS:?
23.02.2009 20:05
Secure Connection Failed
publish.indymedia.org.uk uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
Or you can add an exception…
LOL
Indymedia should use accounts for filtering, not IP addresses
23.02.2009 22:44
To be honest, I'm not that bothered about secret IP logging, but I don't think it is a very good way to detect abuse. Many people have dynamic IP addresses anyway. It won't help for people who use Tor, since different people could share the same IP address. People who want to post things against Indymedia guidelines could just use a public computer to bypass any filtering by IP address.
Better would be to have "accounts", so people can be trusted based on their posting history.
People could still post anonymously without an account, but those posts would be less reliable, and there could be an option for people to ignore those posts.
Even people with accounts could be anonymous, if they always use Tor to log in to their account.
See how
anon
@anon - agree
23.02.2009 23:28
Danny
Indymedia, direction and web 2.0
24.02.2009 10:42
Compelling users to register is just not an option and such a proposal would never reach consensus.
Even proposals to introduce optional registration have so far fallen flat (although such schemes are used by other indymedia sites including the new London site). Having optional registration and leaving the facility for unregistered 'anonymous' posting makes the idea of filtering by registration pretty pointless as filtered users would just post without logging in. However, optional registration does go a very long way in reducing the opportunities for people to pretend to be another person and so reduce a lot of the malicious disinformation which indymedia uk is currently prone to.
Perhaps the biggest and simplest step which indymedia could make immediately without needing any significant coding changes would be to pre moderate all comments. This would effectively end the use of comments as a discussion forum and only posts which updated, amended or corrected a news article would be shown. The would instantly eliminate the divisive slagging matches and negativity which put loads of people off from bothering to post or read reports on imc uk. It would also help to reduce to some degree the danger of stupid people posting stupid ill conceived stuff like judges home addresses.
Some people would argue that pre-moderation of comments represents a fundamental change to indymedias policy of open publish but I don't think that is the case. In fact many indymedia sites pre-moderate ALL posts including articles.
Open publishing is a fairly vague concept but I think it can be summed up as a media platform which doesn't have a narrow and closed pool of writers and editors but rather is open to all contributions. Open publishing p isn't the same thing as providing a free speech anything goes platform. It doesn't mean that there are no parameters on the content and indymedia sets those parameters in it's mission statement and editorial guidelines. Those parameters define the niche the site caters to and protects it from spamming or illegal content which would otherwise threaten the site and those who administer it.
Open publishing is about giving everyone the same opportunity to tell their story but it doesn't preclude posts being checked for suitability before they appear on the site!
Indymedia is meant to be about giving people the chance to write about their activities, their experiences, their concerns, to share the background and raise the issues which would otherwise be ignored, misrepresented or glossed over in the mainstream media. It sets out to be a non corporate news site for our grassroots struggles with the aim of strengthening our campaigns and movements. Sadly, the comments section of the site is increasingly being used and abused as a place to spread disinformation, dismiss peoples efforts, discredit, divide and discourage involvement. Meanwhile there are less and less people bothering to write first hand reports or upload video or photos and more and more people reposting something that caught their eye in the mainstream media or on the blog of some political analyst etc.
Since the launch of indymedia the internet and the political climate has changed a lot. Broadband in every home, internet on mobile phones, blogs, CiF, Youtube, flickr, myspace, facebook etc etc. all have completely changed the ecology of the net but indymedia has been painfully slow to adapt. A victim of its own success perhaps as the open publishing concept at the core of indymedia has become increasingly irrelevant as now anyone can set up a blog or post on youtube. Clunky old indymedia can't compete many campaigns don't bother with the site at all, preferring instead to use myspace and their own wordpress site. It's a vicious cycle that leaves less and less original content in the news wire.
I'm losing hope that IMC UK can be turned around but I go through phases and the current one is definitely a negative swing. I know I'm not alone in feeling this way and its good to see fresh things emerging with London indymedias move away from the constraints of the national infrastructure and processes. I don't totally dismiss the idea that IMC UK could also step up the challenges it faces but this site is like a runaway train with the driver dead but still grasping the controls in his cold rigid hands. There's an momentum resisting any change no mater the best intentions off all involved and it is really hard to see how that could happen without a significant influx of new ideas, skills and energy to wrestle away the dead hands at the wheel.
brief comment become rant
re: Indymedia, direction and web 2.0
25.02.2009 00:09
People could have several Indymedia accounts, and save one for contentious issues where they can be very careful to always use Tor and never reveal personal information. Indymedia could include an optional random delay before a comment is put on the website, to avoid traffic analysis attacks.
All Indymedia would need to store is the fact that a particular account made certain posts. No IP addresses would be stored (although we should never reply on this, and use Tor for safety).
I think anonymous one-off posts should always be allowed, but under times of heavy spam attack these would become effectively useless, since the genuine posts and comments would be hard to find amongst the spam.
If someone were to heavily spam Indymedia through Tor, and blocking was only done by IP address, there are a limited number of Tor exit nodes, thus making anonymous posting impossible.
Maybe Indymedia should use some off-the-shelf system, maybe modified slightly, instead of developing its own from scratch?
anon
Damned if you do, damned if you don't.
25.02.2009 22:39
the need for indymedia not to store ip addresses in order to protect their sources
the need for contributors to not rely soley on indymedia in order protect their identity
the inherent danger that open publishing will be used to spread divisive disinformation
the questionable value of open comments on an open publishing news site
the need for indymedia to be able to deal with spammers/disruptive users
the difficult balancing act between moderation, utility and maintaining the open publish ethos
the risk that power corrupts admins, leading to unaccountable censorship
the value of ip monitoring and filtering as a tool against spammers/disruptive users
the risk of infiltrators becoming admins and logging ip information etc by stealth
the legal risks to those who provide infrastructure or are seen as 'responsible' for the site
the influence that fear of prosecution can have on indymedia admins, leading to political filtering
the conflict between security and policies relating to open/transparency/accountability etc
the unavoidable technocratic hierarchies and other power structures that divide user from admin
the potential for knee jerk defensiveness towards criticism or complaint about those with power
the difficulties in agreeing and implementing any positive changes
n
Security of servers, users and admins is the responsibilty of everyone
26.02.2009 11:48
It pisses me off no end that people only see it as Indymedia's responsibility to protect the sacred freedom. Whilst I wouldn't accuse anyone posting to this thread of this, there are too many occasions when people "piss in the public pool". If people keep doing this it makes it harder to justify keeping it running, and everyone will be the poorer in that event. If you want to post controversial or illegal stuff, first consider whether it is so important that you must do so. Consider that doing so, may affect the those people who operate servers on behalf of Indymedia and the availability of the servers themselves. Is your post really that important that you can put all of that at risk? Note that of course others may post stuff that provides an opportunity for the police to investigate, but at least take responsibility for your own actions.
The inherent nature of the Internet means that the server needs to know the clients IP address, so irrespective of the fact that logging is disabled, IPs will always be available to someone with time and skills, which is why the advice to use Tor is a good one and arguments over logging are disingenuous.
someone
Some good points there...
26.02.2009 19:16
Well, that they don't log is good; though there are various issues regarding the addresses being held in memory. I think there needs to be some transparency as to how it works and a public log of who used it when and for what. That will give some assurances about its use & potential misuse.
There are also however as the hidden comments indicate other issues that conflict with the desire for total hiding of IP details.
If there were more volunteers on 'shit shovelling detail', I guess managing disruptive trolls & spammers would require less technical interventions?
"the need for contributors to not rely solely on indymedia in order protect their identity"
Again, I think this could be eased by IMUK being a bit more open about their anti-anti-social abuse measures, and making sure users KNOW that they cannot rely on IM for anonymity. It may be obvious to us, but some people are still green on such matters.
"the inherent danger that open publishing will be used to spread divisive disinformation"
I think some kind of more pro-active policy of editing/hiding posts that make personal attacks based on no evidence whatsoever is needed- the way things run as it is flies in teh face of journalistic ethics. IS this a question of lack of human resources or just a fundamental ignorance of how damaging such disinfo campaigns are, to IM itself?
"the questionable value of open comments on an open publishing news site"
I kind of reluctantly agree wit this. Ideally there should be enough people to be able to implement site policy in the comments, but it seems that the trolls, loons and spammers perhaps overrun the available resources?
"the need for indymedia to be able to deal with spammers/disruptive users"
See above.
"the difficult balancing act between moderation, utility and maintaining the open publish ethos"
No comment
"the risk that power corrupts admins, leading to unaccountable censorship"
Well, the answer to that one is simple: become the admins. It's very easy to carp from the sidelines.
"the value of ip monitoring and filtering as a tool against spammers/disruptive users"
See above
"the risk of infiltrators becoming admins and logging ip information etc by stealth"
See above. But don't jump to conclusions. let's hear about how it works and when it has been used first?
"the legal risks to those who provide infrastructure or are seen as 'responsible' for the site"
I think perhaps circumventing UK jurisdiction may be a way forward?
"the influence that fear of prosecution can have on Indymedia admins, leading to political filtering"
Which is ironic considering how much in the way of defamation is allowed to be posted on here on regular basis... This place could have been sued into the dirt by various individuals with legitimate gripes ten times over in the last 2 years.
"the conflict between security and policies relating to open/transparency/accountability etc"
See above
"the unavoidable technocratic hierarchies and other power structures that divide user from admin"
If they are unavoidable, then there cannot be changed... ;-D
"the potential for knee jerk defensiveness towards criticism or complaint about those with power
the difficulties in agreeing and implementing any positive changes "
It's called human nature, no?
Tragedy
a Boy named Sue
27.02.2009 15:35
No, it couldn't. I personally could have, and am happy to be. I find it suspicious that while legal letters have been issued against others more vunerable than me, and veiled threats like this are stated, the only legal action against me has been anonymous Crimestoppers reports deliberately aimed at my family.
Danny
Defamation 101
27.02.2009 16:25
If the litigant wished to prosecute the author, which in this case wold be harder to achieve, it would be a matter for the litigant's disgression and not a mechanial statutory matter that could be invoked by the accused.
If the litigants wished, they could even sue Indymedia's ISP.
The case precedents are easy enough to find via Google.
Perry Mason
No such law
27.02.2009 17:03
Danny
Black Blog
27.02.2009 17:19
The trouble is that laws are warped by the judiciary to suit. That is why US activists have been imprisoned harshly for publishing black bloc rules, and why republican US professors remain unprosecuted for doing exactly the same thing.
If any of my posts ever get Indymedia into trouble then I am happy to step forward and identify myself. I'd just prefer if I was warned about that in advance if possible rather than having to endure 'trial by anonymous witnesses'. I think one of the strengths of IM is that there are a great number of willing 'arrestables' here, and while I may not be someone you would wish to associate with or whatever, I still have no issue with having my name on any contract to save the real IMCistas from malicious prosecution.
Danny
Well
27.02.2009 17:20
There are reasons for the distinctions of terminology, but I'm sure your BiL will be able to explain them to you.
Perry Mason
De fame academy
27.02.2009 17:31
Similarly, it isn't vandalism unless it can be proven to diminish the value of property. Since the street art of Banksy sells for more than the value of the property he 'defaces' then I can't see how he could be prosecuted.
Danny
YAWN!
27.02.2009 17:45
You were saying?
Perry Mason
A policeman can't arrest if you if he hasn't got his hat on you know!
27.02.2009 17:49
Perry Mason
@perry - As I said (3c)
27.02.2009 18:03
(3) A person shall not be considered the author, editor or publisher of a statement if he is only involved—
(a) in printing, producing, distributing or selling printed material containing the statement;
(b) in processing, making copies of, distributing, exhibiting or selling a film or sound recording (as defined in Part I of the [1988 c. 48.] Copyright, Designs and Patents Act 1988) containing the statement;
(c) in processing, making copies of, distributing or selling any electronic medium in or on which the statement is recorded, or in operating or providing any equipment, system or service by means of which the statement is retrieved, copied, distributed or made available in electronic form;
(d) as the broadcaster of a live programme containing the statement in circumstances in which he has no effective control over the maker of the statement;
(e) as the operator of or provider of access to a communications system by means of which the statement is transmitted, or made available, by a person over whom he has no effective control.
Danny
Do keep up!
27.02.2009 18:07
Perry Mason
Competition law
27.02.2009 18:28
No, you didn't, you 'blew your position into the air'. You claimed IM was responsible for what I post here even if they remove them. They clearly aren't from the law that you posted. You did trump me by posting a law I've never seen before ( I lived abroad at that time) so kudos for that, thanks for educating me, let me return that favour.
Obviously from that law and others Indymedia might be responsible if they didn't correct any of my mistakes published here when corrected, but they aren't the author to be prosecuted, I am. They may perhaps be prosecutable if they knowingly do so given this site unusually allows anonymous posts but read the text again and realise I have never hidden my idendity from lawyers or the law, just from malicious fuckwits who I've never met.
I don't run from that. If I have posted anything defamatory here then I will step forward and take the heat when the heat is applied. I hope others do so too to avoid similar situations. I hope we can all agree that whoever had posted the contentious comments should have admitted it. Hopefully other people will in future as black bloc tactics are moral and widely applicable.
Danny