Skip to content or view mobile version

Home | Mobile | Editorial | Mission | Privacy | About | Contact | Help | Security | Support

A network of individuals, independent and alternative media activists and organisations, offering grassroots, non-corporate, non-commercial coverage of important social and political issues.

Police dirty tactics and indymedias dirty laundry

watching in horror | 23.01.2011 19:00 | Analysis | Indymedia | Other Press

The shit hit the fan when Schnews published it's story on how a shadowy police unit has spent years planting false stories and sowing discontent among activist groups using the comments sections of campaign blogs and IMC UK. It instantly became impossible for indymedia admins to continue to claim that they did not have any access to IP logs on the IMC UK site. Airing indymedias dirty laundry could not have come at a worse time with all the distrust generated by the recent outing of a number of deep infiltration undercover cops within activist circles.

To make matters worse the shit storm is helping to entrench existing ill-feeling and mistrust between indymedia collectives around the country and the sysadmin who run the MIR site that provides the centralised hosting for many of the regions. Reading through the public mailing lists of the IMC UK admins it is clear that there has been a stalemate on this and other issues for some time.

According to posts on the Sheffield and Birmingham MIR subsites, the indymedia network will split (or 'fork' as they prefer to refer to it), with the old guard continuing with the MIR site but no longer allowed to refer to it as IMC UK. Meanwhile a new site will be launched to aggregates content from all the IMC regions and a number of other alt media sites. This will satisfy the demands for visibility from non MIR indymedia sites in the UK and finally implement an agreement apparently made at network level four years ago. However it seems that the agreement is that the new site will not carry the indymedia name which maybe a good thing with the feelings of betrayal that name now represents.

But is it accurate to attach feelings of betrayal only to those who administer the MIR site? It is clear that admins have been hiding their use of IP logging tools since MIR was introduced in 2003. Many of the people now running the independent regional sites will have been IMC UK admins before their collectives grew frustrated and ditched MIR in favor of autonomy with their own websites. They must all have known and engaged in a conspiracy of silence to hid the truth from their users.

How can any of them be trusted now? That's the fundamental issue here, the massive betrayal of trust and abuse of power used to hide this information all this time. The use and presence of these anti-abuse features within the content management system is no big deal, all publishing sites need something like this in order to protect the site from spam and other abuse. If they'd been honest and not repeatedly issued misleading statements about there being no IP logs then all would have been fine.

There have been proposals to publish as a IMC UK feature the article now posted on the Birmingham site but the proposal is being blocked by IMC London who are insisting that the article must clarify that the IP logging referred to is not a feature of the London site or any of the sites which operate independently of the centralised MIR hosting. Some of the MIR admins seemed unhappy with MIR taking one for the team so would not accept Londons amendments. As a result, Birmingham IMC has grown impatient with waiting for consensus and published the article unamended.

With silence from IMC UK, users have tried to post on the issue, including posting the Schnews article itself. Their attempts have been frustrated as admins instantly hide their posts. The continued censorships has the admins fighting it out on their lists, agonizing over continuing the pretense or officially coming clean.

The question for us is what do we do about it? There is little point of trying to discuss it on the indymedia site as history shows that murmurings of discontent are hidden as being in breech of publishing guidelines. Instead we must raise this at the next meetings of our various groups, regardless of how irrelevant it might seem to our current campaigns or priorities. Indymedia has been the trusted 'voice' of all of us for a long time but we have to reassess our assumptions and reliance in the light of the news that those who run the site have been lying to us.

watching in horror

Additions

Background info

23.01.2011 21:07

UK Indymedia to Fork on 1st May 2011
Sheffield IMC | 14-12-2010 13:23
 http://www.indymedia.org.uk/en/regions/sheffield/2010/12/470678.html

Advocating Domestic Extremism - Cops on Indymedia - An Exposé
Birmingham IMC | 22.01.2011 16:02
 http://www.indymedia.org.uk/en/regions/birmingham/2011/01/472560.html

Gateway 303: Police Disinformation on UK Indymedia
Sheffield Indymedia | 22-01-2011 22:35
 http://www.indymedia.org.uk/en/regions/sheffield/2011/01/472575.html

Links


Comments

Hide the following 80 comments

IMC UK network to split?

23.01.2011 19:07

The 'fork' is true (although previously hidden from the newswire by an admin who said it was inaccurate to call it a split' LOL

Also on the list is this, written by people from one side of the impasse...

Dear indymedia uk volunteers, and media activists,

We are writing to inform you of an important decision which was made at
the uk network meeting held in Bradford on 11 December.

At the Bradford meeting it was agreed that the UK Indymedia project
would fork into two separate projects on or before 1st May 2011.

The UK indymedia network will be dissolved. Many issues and
disagreements over the past two years preceded this decision and it is
now hoped that all involved will be able to continue to work on activist
media projects without ongoing conflicts.

Our new collective will take over the running of the open newswire
currently at www.indymedia.org.uk
, with a new name that won't include "UK"
and on a new indymedia.org sub-domain, which has yet to be agreed. The
existing website in its entirety will transfer to the new url.

The other group will continue developing an aggregator site they are
working on.

The indymedia.org.uk domain will be used to host an archive of the uk
web site which will no longer be updated (from 1 May 2011). A banner
will point people to the new address of the uk site and to the
aggregator site.

Local Mir sites will still be able to be accessed through the current
urls, eg [local].indymedia.org.uk or
indymedia.org.uk/en/regions/[local], although these urls will be
redirected to the new site and url.

WHO ARE WE?

We are a group of long term Indymedia activists who have been helping
run and maintain the UK Indymedia site for many years; we include
activists from Wales, Scotland and England.

Indymedia UK covers global regional and local topics and includes parts
of the UK not covered by other IMC sites via the open newswire on the
front page of the existing site. We support this and want to continue
doing this.

We are strongly committed to open publishing. We are committed to
dealing with abusive uses of this model in ways that don't compromise
the principle of open publishing itself. We believe that the best
approach to dealing with controversial issues should be based on the use
of critical thinking, reason, evidence based research and source
checking.

We are committed to non-hierarchical, consensus based decision making.
We wish to go through the New IMC process in order that we can be
globally recognised as an autonomous collective, with our own
independent site.

We're serious about consensus. We believe that consensus can only work
within a network of activists who know one another, have shared
objectives, and trust one another. We aim to build a network of trust in
our collective.

When we fully gain our autonomy, we wish to roll out long developed
improvements to the UK Indymedia site.

When we have a name, we can name our list and submit our new IMC
application. Mayday.indymedia.org has been suggested as a way of
marking the date we go live, and as a way of escaping the difficulties
that are posed by the use of inaccurate geographical descriptors such as
‘United Kingdom’ or ‘Great Britain'. There is an urgent need to identify
and agree a name for the site, and we welcome suggestions and ideas as
to how best to proceed with this task. We will be using 'MayDay' as our
working name for the moment.

We are open and welcoming to new and existing indymedia activists who
are committed to working on and developing the existing site and who
share our aims and approach. If you would like to be involved, please
send a message introducing yourself to our organising list: To post
to this list, send your email to:

imc-mayday-collective at lists.indymedia.org

 http://lists.indymedia.org/imc-mayday-collective

We extend an invitation to media activists, volunteers and anyone who
wants to be involved in independent, DIY media to an
open meeting at 10AM on Saturday 29th of January 2011 at the Cowley
Club 12 London Road, Brighton BN1 4JA, to discuss the way forward
for the MayDay Collective.

Please reply to the list if want to attend the Meeting.
If you just want to comr to the screening, just turn up

++++++++++++++++++++++++
Saturday 10 AM MEETING
AGENDA (subject to change)

1 IMC Global application
2 Editorial Policy
3 Technical Issues, Equipment Purchase, New Server
4 Fund Raising, Outreach.

1.00 PM Lunch
2.30 PM Continuation and Further Discussion.
4.30 PM Close

++++++++++++++++++++++

6.00 PM Film Screening and discussion

++++++++++++++++++++++


From

The MayDay Collective

including chrisc, ftp, MrD, phunkee, mike-d, two_percent,
anarchobabe, genny, shiar, BenA, spacebunny

the end


IP logging on other indymedia sites

23.01.2011 19:11

Both London and Northern indymedia asked for amendments to the article to clarify the issue of IP logging on MIR.

One post on the IMC-UK-FEATURES mailing list archived at list.indymedia.org states:

"It's sad to see that Sheffield are not respecting the block in place.

The amendment that northern are asking for in order to lift our block is for something akin to the following to be added to the top of the article

"note to readers: the ability to capture personally identifiable IP data discussed in this article is a feature of the UK Indymedia site at www.indymedia.org.UK only. Regional collectives such as London, Bristol, Nottingham and Northern England do not have access to IP data from their users, and take active steps to ensure that their users anonymity is preserved."

Londoners- would you be happy with that statement being added?"

The London statement was posted on their own site

"Following the publication of this schnews article, Indymedia London
would like to make it clear that it does not log, monitor or filter
the IP addresses of those who visit or publish on this website. The
hyperactive code that indymedia london and others [1,2] run on does
not have these facilities built into it.

The story published by schnews relates to the website found at
indymedia.org.uk only.

The information published does not apply to any other Indymedia
website, inside or outside the UK. Indymedia websites live on
different servers and use different Content Management Systems, as
well has having different policies and abuse measures.

In fact indymedia london takes the issue of IP logging so seriously
that we do not allow people to embed content like Youtube videos on
the website, since that would make the IP addresses of viewers
available to youtube. Whilst this means Indymedia London may look a
little behind the times in terms of internet development when compared
to other websites, it's simply because we take your online security
seriously."

Sam


The Schnews article on IP addresses

23.01.2011 19:16

I have posted on this subject several times before, as have others. I should say I am not linked to any IM collective, I'm just a poster who happens to have experience running secure websites. I'll aim this at non-technical users but I'll answer technical queries. I'll split my reply into the introduction which I hope will be allowed to remain, and a second post which may be hidden which is a bit more personal.

When you post on any website you will use one of the TCP/IP protocols, normally HTTP or HTTPS. These are built on top of the IP, internet protocol. The connection is between two IP numbers, which can be dynamic or static but both of which reveal something about your identity both to the other computer and especially to the authorities.

Years ago someone accused the IM-UK of logging (automatically storing) IP addresses. They plainly don't or a helluva lot of us, me included, would already be in prison after their server was seized by the police. IM-UK released a statemnet then that denied logging, but which sensibly recommended disguising your IP address using Tor. This remains best advice, and it is your responsibility, otherwise it posting on any website is like phoning from your own phone.

Anyone highly technical, especially with admin/superuser rights, can see the IP addresses of incoming connections. There is no way to avoid that, and to protect a webserver it is a necessary and unavoidable evil. You either have to trust the security of that webserver and it's admins, or you should use Tor.

Various other IM collectives have claimed that they take great care not to log IP addresses, as do IM-UK. I assume these people are talking honestly and simply don't know what they are talking about technically. Someone, probably several people, will have set-up their servers and therefore will have the ability to see incoming IP addresses. These collectives may be confused between an IMCista assigned admin rights, meaning limited admin rights allowing document creation, moderation, etc, with full blown admin rights. However it is simply wrong for them to claim that no one can see your IP address on those servers even if they personally can't. Someone always can, unless you anonymise. Just because the machine doesn't log you doesn't mean the admins don't take a note on a scrap of paper. If anything, it is safer to post on a collective which admits using IP addresses because that is a sign of a well-protected server.

None of this is a security threat to you if you anonymise using Tor. Certain government employees will be forbidden from using Tor behind their firewalls, by their internal security, which is presumably why the Schnews story came to light, but you can.

You can download Tor and other essential security utilities here, although it's recently out of date so please update it:
 http://sourceforge.net/projects/democrakey/

Danny


no ip logging taking place

23.01.2011 19:39

The repeated reference here to 'ip logging' is ridiculous. The London statement implies this is the case but this is only proof of the two-faced behaviour other collectives have come to expect from several individuals in the London IMC. As London IMCers well know (mainly because many of them founded IMC UK) no IP logging happens . What there is is a *filter* which you have to add IP addresses to manually. No IP addresses are stored . This is how the gateway 303 posts were identified, the IP address was passed to us and we filtered it . Thats it . The IP addresses of visitors and posters are not being recorded.

the moderator


Diiferences between site admins and sysadmins

23.01.2011 19:45

Sure, if you sysadmins are corrupt then they could do whatever they want with your connection data. However there are usually one a couple of people with root access administering a server. On the other hand, IMC UK has loads of website admins, volunteers tasked with keeping crap off the newswire etc. These admins are given passwords by their local collectives and at one point there were apparently well over 100 admins accounts set up (although it appears that admin work is actual left to less than a dozen people). Anyone with access to one of those account can log in and switch on the IP log within the MIR anti-abuse tools section and then they can sit there watching connection details for everyone who posts and article or comment via and IMC UK MIR site.

The fact that they conspired to hid this information all these year is absolutely incredible and irresponsible. Even now they are proposing changes to the way they refer to the use of the feature in order to make it sound less bad.

@Danny


You gotta love the left...

23.01.2011 19:56

Northern Indymedia: Excuse me. Are you the Judean People's Front?
London Indymedia: Fuck off! We're the People's Front of Judea...

Monty P


Continued lies from IMC UK moderators

23.01.2011 20:03

The moderator said, "no ip logging taking place", a continued misrepresentation of the facts.

Here is their weasel worded attempt at continuing to deceive site users - "What there is is a *filter* which you have to add IP addresses to manually. No IP addresses are stored . This is how the gateway 303 posts were identified, the IP address was passed to us and we filtered it . Thats it . The IP addresses of visitors and posters are not being recorded."

FACT - The IMC UK site has had IP logging feature since 2003 when the site switched to the MIR CMS. The feature is a documented feature of the open source software. You can look it up yourself. The feature is even referred to as a log and does exactly what you'd expect - retain and display the connection details (IP address and user agent) of all users posting comments or articles.

Sure, the log is not automatically written to disk but that doesn't stop admins writing stuff down on old fashioned pen and paper, or using copy and paste.

Sure, the log is not always on and must be activated manually, or manually disabled.

As long as admins continue to deny the existence of the feature we will know that we can not trust a word they say and must wonder why they are so adamant about maintaining the pretense.




stop lying!


"Sure, the log is not always on"

23.01.2011 20:10

Exactly, it's not been on this year, it was hardly ever on last year, it's ALMOST NEVER USED.

So someone with root on the server can *potentially* see all connections to a server, it's the same kind of thing as that.

It's a feature that has been used to track and deal with DISINFORMATION from the state and others, *not* activists -- you have a problem with this?

Are you one of these odd activists who is in favour of the police being able to abuse activists in an anon manner?

Is self defense wrong?

Fuck the cops, the state and the establishment they support: it's killing the planet.

no lies


Is that an official admission ?

23.01.2011 20:16

So one person (an admin?) apparently confesses the IP log feature exists. Great! The first step to redemption is honesty. Now can we have an official admission from IMC UK?

waiting


Weasle words

23.01.2011 20:22

So first there is no IP logging and now an admission that the feature exists but is on rarely used. Well that's ok then! NOT!

You expect us to be reassured by your claim that the feature is rarely used? Come on, how would you even know that? Is there a process in place to make its user transparent and accountable? No, clearly not, instead there is a conspiracy of silence.

It is not ok to lie or mislead indymedia users about something like this.

no change


I agree with Danny and the moderator...

23.01.2011 20:22

There is a massive difference between logging IP addresses and filtering IP addresses. Just because they are stopping certain IP addresses from using the website, doesn't mean they have a list of everyone who has visited the site.

I also agree with Danny's point about taking responsibility for your own internet security. Just because IMC UK have always said they don't log IP addresses doesn't mean they don't. Additionally, your own internet provider is legally obliged to log your internet logs. I don't know all the IMC mods, I don't know all of the programs and cms that they use inside out. As B92 Radio said in the 90's, "trust no one, not even us." Got something sensitive to upload to ANY website? Use Tor (properly) and other security steps. Otherwise you don't know who's logging what.

Fabbri


I thought everyone knew Indymedia could block by IP address?

23.01.2011 20:27

I have no connection with Indymedia other than as a reader, but I thought it was common knowledge that Indymedia admins could see the IP addresses of people posting so they could block trolls, cops and other disruptive people.

I would be more worried if they didn't have such a facility - Indymedia has enough crap on it as it is. I have always assumed for many years that this was the case.

As anyone who knows a little bit of technical information can tell you - it is impossible to run a webserver that doesn't store the IP addresses of people connecting at least for a short while - that is the whole way the internet works!

And you should never trust a third party for security anyway. How do we know there isn't another Mark Kennedy involved with running Indymedia? Use a decentralised web proxy like Tor if you want to be anonymous.

anon


Sublimely ridiculous accidental suicide

23.01.2011 20:50

@@Danny

You could've chosen an easier name to reply to. If you are saying IM UK allowed too many admins, and that MIR which was designed for IM has built in logging, then I can't disagree because I don't know. I've never noticed or even been suspicious of any admin here, even though there are many who vehemently disagree with me and would have good cause to abuse their permissions. Please pay attention to the next thing I write though.


@Fabbri
You write that you agree with me, so have a look at the hidden comments because I don't agree with you. You agree Tor is necessary, yet some collectives, including the one I associate you with, don't permit Tor. You support IM UK here, but on the collective I associate you with there is currently a far worse smearing article against IM UK than even this one. Now you can say you are nothing to do with that collective, and others here will know with more certainty than I can prove online, or you can claim those posts are 'open-publishing', nothing to do with that collectives admins.

@everyone else
I have a great deal of respect for Schnews, but their article is shit this time, and it has been made worse by people hijacking it or jumping to the wrong conclusions. The Schnews expose of gsi IP addresses wouldn't exist without the security that IM UK volunteers provide, and which have never been abused to the best of my knowledge. I can't say the same about every collective. My own local collective I distrust totally. I see no reason to trust the other collectives that disallow Tor anonymised posts, and I don't think they have a place on IM UK. You can make your own choice but you need to understand the technicalities to a basic degree to do so. If you have any technical questions to another outsider, however simple, feel free.

This Schnews article and the response to it so far is the equivalent of putting your foot in your mouth and then shooting your foot. I expect this was an accident built upon a misunderstanding, but a cop couldn't have planned it better.

Danny


Conspiracy of silence

23.01.2011 20:54

Seems that some IMC admin went rouge and tried to leak the 303 gateway story despite there being no consensus to publish the story which would cast significant doubt on the claims by IMC UK that no IP logs were available to them. Back in June 2010 somebody using the pseudo 'indyleaks' posted the story on many indymedia sites around the world but indymedia collectives conspired together to ensure the articles were hidden. Despite the story being of vital importance in terms of security and protecting activists from disinformation campaigns by the state, indymedia admins choose to sit on the story rather than expose their lies about IP logs.

See the google cache for one such posting  http://webcache.googleusercontent.com/search?q=cache:NbRNbFWWVtcJ:www.indymediascotland.org/node/22489+IndyLeaks+303&cd=1&hl=en&ct=clnk&client=ubuntu

Reference to many other attempts at publication can also be found but are all hidden by admin.

indymedia can't be trusted


transparent and accountable?

23.01.2011 20:56

If it's on all admins can see it's on. Also all admins can see who else is online. In addition all admins are expected to leave a note in admin saying if they put it on to make sure that it it transparent to all and the admins are accountable.

As I said it's almost never used. When it is used it is used in self defense.

no lies


Girls/Guys....

23.01.2011 21:19

Aren't we now just doing what the police/government/state want? Splitting? Argueing amongst ourselves, splitting off into smaller weaker groups? Not being able to mobilize because of small differences? WE NEED TO FEKIN WORK TOGETHER!!!

Facepalm!


Devils in the detail

23.01.2011 21:22

So some insiders are filling in the details. Apparently when an admin is logged on they can see who else is logged on and conversely it follows that they could also see if nobody else was logged on. Where is this info presented? Can it be seen from the first page seen after logging in and does it remain visible as moderators navigate the admin interface?

And where can you see whether the logging feature is switched on? Is that information available to all users from the moment they log in or only if they go to some sub menus where the toggle for the feature is available? If it's in a sub menu then it follows that its status would not be obvious to anyone unless they navigated to that part of the interface which obviously few people would do if the use of the logging feature is as rare as suggested.

If admins are meant to leave a note of to other admins about using the logging feature but they can see if anyone else is logged in, it follows that a malicious admin would make use of the log and switch it off when somebody else was seen to login.

I strongly propose that the feature should be removed from the content management system used by indymedia UK or that IMC UK abandon the CMS as soon as possible. It is too risky to allow volunteer admins to have access to this information.

Sam


Devils in the detail

23.01.2011 21:23

So some insiders are filling in the details. Apparently when an admin is logged on they can see who else is logged on and conversely it follows that they could also see if nobody else was logged on. Where is this info presented? Can it be seen from the first page seen after logging in and does it remain visible as moderators navigate the admin interface?

And where can you see whether the logging feature is switched on? Is that information available to all users from the moment they log in or only if they go to some sub menus where the toggle for the feature is available? If it's in a sub menu then it follows that its status would not be obvious to anyone unless they navigated to that part of the interface which obviously few people would do if the use of the logging feature is as rare as suggested.

If admins are meant to leave a note of to other admins about using the logging feature but they can see if anyone else is logged in, it follows that a malicious admin would make use of the log and switch it off when somebody else was seen to login.

I strongly propose that the feature should be removed from the content management system used by indymedia UK or that IMC UK abandon the CMS as soon as possible. It is too risky to allow volunteer admins to have access to this information.

Sam


Conspiracy of silence - Bullshit

23.01.2011 21:30

"Back in June 2010 somebody using the pseudo 'indyleaks' posted the story on many indymedia sites around the world but indymedia collectives conspired together to ensure the articles were hidden. Despite the story being of vital importance in terms of security and protecting activists from disinformation campaigns by the state, indymedia admins choose to sit on the story rather than expose their lies about IP logs."

Doh! Back in February 2009 an IMCista ( you can tell by the formatting) published this:

How do you know that Indymedia does not keep logs?
 http://www.indymedia.org.uk/en/2009/02/422330.html

If you read the comments too then you'll see me ripping into them for the misleading title. Thing is, that was best advice then and it remains best advice. This wasn't a major news story then, and for you to misinterpret the Schnews article now as being a major news story is either down to two things

1) You just haven't been paying attention and don't know your arse from your elbow on security
or
2) You are deliberately shit-stirring without any excuse.

So are you an idiot or are you malicious?

Danny


A summary for those not paying attention

23.01.2011 22:22

The schNEWS piece was base on the 303 Gateway article written collaboratively by indymedia admins and proposed as a feature over six months ago. The proposal to publish it was blocked by London and Northern IMC after they failed to get agreement on amendments which would clarify that the confession about IP logging related solely to the IMC UK sites hosted on MIR.

The draft article stated, "what has never been openly stated before is that the CMS system we use has a number of anti-abuse measures which include the ability to monitor for particular IP addresses and log their behaviour." The draft goes on to say, "site admins believed that they would never be able to gain the trust of posters, if the range of anti-abuse measures were made public. As is often the case, once a body has failed to be completely open about something, it becomes 'the elephant in the room' and so a situation was created where the new and current admins were actively blocked from bringing these measures into the open. The stalemate continued until now, with site admins proposing a new approach of coming clean about the measures that are in place, and others in the collective blocking this."

Prophetically, that stalemate over coming clean about the IP logging meant that no consensus was possible on publishing the article. There was no way that the information about the governments disinfo campaign could be published without revealing that indymedia had been lying about IP logs. Apparently some suggested it could be published via a different alt media outlet while leaving out the info about indymedia but the story would have been weak without the evidence gathered by indymedia admins.

The impasse remained but then the draft article was leaked by a disgruntled admin using the name 'indyleaks'. The posts were repeatedly hidden from the indymedia sites it was posted to and a filter set up on IMC UK to automatically hide it whenever posted.

There remains no consensus about publishing the article which includes a frank admission that indymedia has misled its user since 2003. However the lack of consensus is now a moot point since SchNEWS has ran the story and Birmingham IMC has published the 303 gateway article as a feature on it's own site.

 https://publish.indymedia.org.uk/en/2011/01/472622.html

Both the story about the government running a disinfo campaign via indymedia, and the story that indymedia UK has been hiding the truth about IP logging for all these years, that is big news for activists at a time when trust is already in short supply.

As the article says "continuing to gloss over the reality in a misleading way was detrimental to Indymedia UK, and that there was no small likelihood that at some stage we could be outed." Now that the truth is out, lets hope indymedia can recover from the damage to its credibility and move on to become more open and honest with its users.

Fisher


I agree with Danny

23.01.2011 22:24

I've seen indymedia mods reassuring people that IPs aren't logged.

Yet they do filter IPs to stop commenting.
The question is "How do they know which IPs to filter?"
-- They only way they know that is to have the IP logged OR to display the IP on screen.

An IP on screen is about the same as an IP logged.
In security terms, it is hugely flawed for some obvious reasons:
1) Trustworthness of Admins and moderators
2) Electronic evesdropping... Van Ecking, or a device in the monitor, cable or computer to record or transmit the information displayed on screen.
3) Software eavesdropping... Bit of hidden software to pickup all html displayed in the web browser, thus seeing/transmitting the contents of what the admin is looking at.
4) Physical eavesdropping... hidden high-def video camera watching the screen.
5) And thats with little imagination..........

Clearly, above this, what is most worrying is the cocksure assurances of how the IPs are safe, the "white" lies, and the censoring of comments which rightful question the authority of said moderators and admins (police state anyone?)

Outrageous


I agree with Danny, misleading users is outrageous

23.01.2011 22:46

i think indymedia should issue an official apology as soon as possible and that the current admins should all step down as they have shown that they can't be trusted.

as a movement we have allowed indymedia too much power and a hierarchy has clearly formed. we need to make sure that indymedia admins don't let power go to their heads ever again and make sure they are really accountable to the struggles they claim to support.

i'm tempted to say the whole thing should be shut down but then what would we do?

pissed off user


This is exactly what we were trying to avoid

23.01.2011 22:59

Ok, so we told some white lies and dug ourselves a bit of a hole while trying to maintain the lie. Yes, site moderators have had access to IP logs since we switched to MIR in 2003 but we were telling the truth when we said that logs are not written to disk. The feature is hidden away in the admin interface and it is possible that many of the occasional volunteer moderators didn't even know it existed since we avoided talking about it on our mailing lists. There was never really a policy about the use of the logging facility or the filters, people just acted in good will to use the tools to protect the site from spam and persistent abusers of the publish guidelines. An unspoken agreement was that we'd leave a note if we switched the log on but you'd often find it was on with no note posted and no indication of how long it had been logging. But the truth is that we didn't use it much and that when we did it was for the good of the site, not some power trip as some people seem to suggest.
Frankly you should all know that you should hide behind a proxy if posting something dodgy so personally I'm not feeling we did much wrong. Admittedly we should have been honest from the beginning but it's too late for hindsight. Assuming none of the people with admin passwords are cops then posters IP details were pretty safe but I get that there are reasons to be concerned. Don't hold your breath for an official statement, we don't have a good track record on reaching consensus these days.

IMCista


I'm not sure I agree with Danny, the way you put it

23.01.2011 23:00

Outrageous,

I posted an IMCistas article from Feb 2009, but here were previous similar discussions online from years before that I could link to if it is important that discussed the same thing. This has been discussed online repeatedly.

All web-servers bar none are vulnerable to IP address 'vulnerability'. In a way that is a good thing, when you trust the admins, because that exposes intrusions like the Schnews article lists and prevents many more serious attacks.

What is wrong, and what I have complained about previously on other collectives, and what I hope you are complaining about in your post, is when this is denied by either unwitting or malicious admins. I've only ever really posted on IM-UK and IM Scotland. IM-UK admitted this unavoidable reality, both online and via email, and IM Scotland denied it and personally attacked me for saying it. IM UK permit Tor posts, IM Scotland block them. I haven't checked out other collectives but prefer to post here because of that.

I cannot see a reason why any IM collective would deny anonymous posts, except that it saves their moderators time hiding posts from known stooges, and to me that isn't a valid reason to sacrifice unaware activists security.

I therefore do think some collectives do need to explain themselves, but IM UK is not one of them in this point of discussion.

I speak as someone who has probably been hidden by IM UK more than anyone else, and yet has suffered police raids and worse due to misbehaviour I partially blame on other collectives. I can't say more than that without being hidden (ironically, but not humorously to me at least, by IM UK IMCistas). I am currently taking legal action against Indymedia for publishing smears about me being a sex-offender, I doubt any defender of the collectives methods have such strong anti-collective credentials.

This is the same for all web-sites, whatever they claim. You have added extra reasons to be aware, but really, there are too many reasons to list and listing them becomes self-defeating. This is true though.

Tor protects IM Posters from IMC Imposters.



Danny


interesting, this post misspells "its", just like many of the cop posts do

23.01.2011 23:13

One common factor of the trolling posts that were from the energis gateway was that the writer wasn't very literate. In particular, they often wrote "it's" when they meant "its", Just as this post does. ("...when Schnews published it's story...")

It's true it is a fairly common mistake, but I wouldn't be surprised if a shit-stirring post like this did have a hidden agenda behind it...

anon


not gonna try and defend it - it's shit

23.01.2011 23:20

Several of us within IMC UK argued strongly against deceiving IMC users in this way.

Dysfunctional consensus decision making meant that the status quo continued:
* Several people blocked a proposal to come clean about the IP logging feature.
* Several other people blocked a proposal to permanently disable that feature.

Maybe those of us in favour of transparency should have done more about it, but it was difficult to see how to without splitting the UK network. Which has happened now anyway. Agh.

The above is obviously in a personal capacity, not on behalf of any particular IMC collective or network.

IMCer


another troll comment about "rouge" [sic] admins?

23.01.2011 23:27

Is our dyslexic cop trolling again? Shit-stirring comment Conspiracy of silence by "indymedia can't be trusted" mentions "...some IMC admin went rouge...". I'm sure they don't mean they turned red! Just the sort of spelling error made in many of the energis gateway posts.

I'm sure they have learned their lesson and will be posting from anonymous IP addresses now though.

And further down, comment "I agree with Danny" by someone *ahem* NOT agreeing with Danny:
"An IP on screen is about the same as an IP logged."

No it isn't, it's completely different. The conspiracy theory level issues you raise about "Van Ecking" (most people don't use CRT monitors any more) and other things are probably designed to put people off the fact that the filth probably log all IP addresses visiting the Indymedia site externally anyway.

They aren't going to break into admins' houses and install hidden CCTV to look at IP addresses appearing on the screen, for fucks sake. It would be risky, the person might move their screen, it would involve a massive amount of time to pull them off the video, etc.

Far easier for them just to send some dark-suited people round to the ISP and "persuade" them to install a logging device on the routers that the Indymedia server sits behind. I would be very surprised it they haven't done this.

I'm beginning to think virtually all of the negative comments about this are from police trolls...

anon


What would you have done?

23.01.2011 23:42

We have spent years arguing and failing to move ahead within our current structure which is why we finally compromised and agreed to fork the indymedia uk project. Consensus has been repeatedly blocked an a wide range of issues and it has become obvious that the network can't continue as it is as some people just can't work with some others.

I'd love to know who 'indyleaks' is and which admin went behind our backs to provide info to SchNEWS but to tell the truth, if I found out I'd not be sure whether to kick them out of indymedia or thank them. The deceit we've engaged in over IP monitoring (I still would not use the term 'logging') is highly embarrassing and obviously does us no favors but it was simply impossible to get an agreement to come clean. We rarely discussed it at all even at our infrequent national network meetings and no mention of it online has been tolerated. Now I look back it seems really remiss of us but I doubt any of you could have done better given the dysfunctional nature of the network.

Lets put this behind us and move on with a clean slate with the new sites.

another admin


Demands

23.01.2011 23:43

"The proposal to publish it was blocked by London and Northern IMC after they failed to get agreement on amendments which would clarify that the confession about IP logging related solely to the IMC UK sites hosted on MIR."

This is untrue, there was not a failure to agree on stating that this only referred to Mir. However IMC London demanded that a list of pre-requisites for publication had to be met, however some people in Indymedia were of the opinion that those preresquisites were near enough impossible to achieve, so it would never see the light of day.

Insider


the point is

23.01.2011 23:58

The point is that if Indymedia mods want to get your IP address, they can.

Think about it - there's a reason why serious activists, such as for instance the venerable Julian Assange and his merry men, don't touch Indymedia with a barge pole. It relies on too many total strangers not being porkers.

anon


Confused

24.01.2011 00:08

I am not clued up on tech issues and this is confusing the hell out of me. If the feature on Birmingham site is to be believed then some people inside indymedia are owning up to having pulled the wool over the eyes of site users for many years to hide the truth about logs of IP addresses. What I don't understand is the motives. Why would individuals choose to turn a blind eye to this or actively participate in the cover up? I think questions need to be asked about the people who did this and whether they should remain part of indymedia at all. I can't see any justification for lying to the people who make this site what it is, those who contribute the stories and actually do the actions.

I wonder if we could somehow arrange an independent inquiry into this mess to help restore faith.

outsider


consensus was used to shut people up

24.01.2011 00:12

those who wanted to keep the police abuse secret by blocking publication of the truth used consensus to insist people kept it secret

in51der


Another personal view

24.01.2011 00:30

I think some of us were simply convinced by arguments that revealing the truth would put the site at greater risk from the cops and legal action against those with their name on contracts for servers. Thinking about it now and understanding better the actual nature of the IP logging options, I doubt those arguments.

I regret that the truth has come out now in this way and will join those calling for the logging options to be removed from IMC UK. Even though my own collective has now left MIR, the mayday collective intends to continue to use MIR for the new indymedia project to be launched May 1st. I think that the issue will have to have been properly resolved by then.

Inside2


re: Confused

24.01.2011 00:32

Not sure if you are a police troll, but I've used Indymedia for several years and I always just assumed they were able to filter out troublemakers by IP address. It would be crazy if they couldn't.

And a reason why not to shout about this? There is an obvious reason - while dumbass cops are busy posting their bullshit from a single IP address they are easy to filter out.

Now someone has decided this non-issue is a big deal (to deflect from the main issue, which is what the cops were doing trolling maybe?) they will just get some anonymous-looking IP addresses sorted out to do their trolling from, and so will be able to disrupt Indymedia far more effectively.

anon


"I am not clued up on tech issues"

24.01.2011 00:33

I am though, and I'm also more of an outsider than you are, so please direct techie questions to me because in this forum I will be corrected if I lie.

"If the feature on Birmingham site is to be believed then some people inside indymedia are owning up to having pulled the wool over the eyes of site users for many years to hide the truth about logs of IP addresses."

It looks like Mir, the custom-designed Content Management System (CMS) that they use on IM-UK permits IP Logging to be turned on by random newbie admins. Should you personally be concerned? Perhaps, if you posted incriminating stuff here without using Tor as you were recommended to repeatedly. It applies to all websites though and I would be more concerned with the sites that deny this basic technical truth.

"What I don't understand is the motives. Why would individuals choose to turn a blind eye to this or actively participate in the cover up?"

The reason admins need to look at IP addresses is to protect sites from 'anonymous' attacks. All sites do it, even the ones who claim not to, or they wouldn't last a day online. You say there was a cover-up, and some people claiming to be IMCistas are agreeing, but they are obvious frauds, it was always acknowledged here openly. By accident or design you are contributing to what seems like the downfall of this site, so choose your words more carefully. It was always acknowledged, at least by IM UK.

My question would be why it was denied by other collectives, why people were smeared by other collectives for pointing this out, and why IM UK never investigated this misbehaviour by other collectives once it was reported to them?

Danny


Denial, decite and betrayal

24.01.2011 01:10

Indymedia Privacy Policy
"UK Indymedia is very concerned about users privacy and anonymity. Optional personal information is only collected when people post to the newswire. All cookies are optional. IP addresses are not logged."

Not the entire truth.

"All the web servers that are used for the UK Indymedia web site are set up not to log IP adresss. This ensures the privacy of people who are browsing the site and posting news and comments to it."

Also not the truth.

Indymedia Security Information
"We have tried to minimise what information can be found out about posters. Currently, Indymedia UK does not log ip addresses. "

Currently? Except when it does.

 http://www.indymedia.org.uk/en/2009/01/419838
"As an open publishing project, Indymedia UK has set up Apache to not log IP addresses. "

Misleading.

Another whole thread of denial  http://www.indymedia.org.uk/en/2009/02/422330.html?c=all and here  https://sheffield.indymedia.org.uk/2009/02/421839.html?c=all

The 303 gateway article also open admits that IMC UK had deliberately misled site users since 2003.

Danny what are you on?

google is your friend


Get real Danny

24.01.2011 01:23

evryone nows indymedia has always claimed there is no loging

lucy


logging and honesty

24.01.2011 01:36

I got about halfway through then gave up.

Either IP addresses are being logged or they are not. Either way I can see no reason why whoever runs the site cannot be honest and up front about it.

I get a little further and find the truth was not told. Might frighten the natives.

I have no problem with the IP address being logged. If it is known it is logged and you do not wish it to be known who you are, the you take the appropriate precautions.

If, for example, you make a call using a mobile phone, caller ID flags up at the other end. If you paid cash, for a one time use, it would be nigh impossible to link the phone to you.

At the very least, the IP addresses would have to be held i na temporary cache otherwise the server could not deal with a request.

I can also see the filter has to be manually fed an IP address to filter.

But this begs the question: Where has the IP address to filter come from? It has to have been recorded or logged somewhere.

Keith


what are you on?

24.01.2011 01:43

Cigarettes and alcohol (Sainsbury Whisky and Mayfair just now if you must know, times are hard)

I wish I was on what you are on though. Do you have a point or a question that hasn't previously been addressed? Cos I'd be happy to answer it if you did. You seem to think I'm defending Indymedia, but frankly I think they need abuse. Just not your untargetted abuse.

You know what I am going to get next, cos I have been here before and I do. Danny, why are you making this place your personal blog?

Well why aren't you lot making this place your personal blog? Can't get to grips with Tor? Can't you even figure out how to see the hidden comments on a thread? I'm not going to live forever, get your shit in order. Learn how to criticise +sensibly+


Danny


What a lot of disinfomation

24.01.2011 02:08

Well what a lot of disinformation.

The Internet depends on iIP addresses or it wouldn't work. The best advice is that if you value your anonymity then take care of it yourself - you are responsible for it. I was never told that IM UK couldn't log IP's only that it didn't by default, and measures were taken to delete any web server log files automatically, e.g. logs are written to a temporary directory which is then deleted when the server restarts, this acts as a protection against 'information loss' through seizure, i.e. IP addresses ending up in the wrong hands.

'hyperactive' the content management system used by IMCs London, Northern, Nottingham etc is a 'Ruby on Rails' web Application that links a user to a data base of web content and serves web posts and requests using a web server called 'mongrel',

*any* web server can log the IP addresses and other information about readers and posters to a site and write that info to a file and 'mongrel' is no exception, anyone with root access can access the logs. And this is how the promoters of the hyperactive platform used by IMC London et al, could say this about it on their development page...

>>It was used during the G20 meeting in London this past April 2009, serving pages to about 500,000 >>unique visitors a day while keeping very low server load.

How do they know the 500,000 visitors were 'unique'? this info comes from the web-server logs, and the only way to tell if a visit is 'unique' is via a visitor's IP address.

This is not to imply that IMC London are actually logging IPs and saying they're not, it's just to show that IP information *is* logged somewhere, because without IP information there's no way that you'd get the web page you requested, or be able to post your content.

'Rails' the platform on which 'hyperactive' is built, has a built in logger- called the "production logger"; as we can see from this snippet from a Rails development discussion board....

>> ... the production log! In particular, there seem to be entries for every
>> single HTTP request, along with timing numbers. Is this actually useful?

>Yes, this is the default behaviour of Rails logger.

Every HTTP request contains the IP address of the computer that made the request, and this is the *default* behaviour of Rails, the platform on which the Content Management System (CMS) that IMC London et al use, is built.

And finally Ruby the scripting language that 'hyperactive' is written in has an inbuilt 'logger' class.

From the class Logger docs page

>>The Logger class provides a simple but sophisticated logging utility that anyone can use because >>it‘s included in the Ruby 1.8.x standard library.

>>How to Log an INFO message.

>>The message can come either from the progname argument or the block. If both are provided, then >>the block is used as the message, and progname is used as the program name.
>>Examples

logger.info("MainApp") { "Received connection from #{ip}" }
# ...
Notice the #{ip} after Received connection from.......

So there at least three ways for an unscrupulous and evil 'hyperactive' hacker/admin to get your IP address, so the guarantees from IMC London that IPs aren't logged doesn't mean that they can't be, quite clearly and obviously they can.

What about MIR?

Mir is basically the same idea as 'hyperactive' but with 'apache' not 'mongrel' as the web server, the language it is written in is JAVA not Ruby and it uses a thing called 'tomcat' in a similar way as hyperactive uses 'rails'. 'apache' can certainly log IP addresses, it's a webserver after all, and in the same way as the unscrupulous and evil hyperactive hacker/admin can, the unscrupulous and evil Mir hacker/admin can get your IP address. In the MIR interface you can tell if IP logging is on, I'm not so sure that the same is true of 'hyperactive'. Either way your anonymity is your responsibility.

Take Care

35 Percy Street


this week's new NETCU training course....tor

24.01.2011 02:27

I can just see it now. A room full of NETCU losers being taught how to use tor so they don't get caught being silly buggers on the comments. Next they'll be reading activist security zines and taking their batterys out of their phones in important meetings.

Fabbri


perspective

24.01.2011 07:25

please take a step back for some perspective.

this is a comparatively minor issue compared with all the real issues we are addressing like climate change, systemic banking fraud and so on.

also, i am sure we all expect indymedia to secure itself and us from state and corporate attacks - secrecy and deception are valuable tactics in security work. please do not mistake them as an attack against indymedia users.

all systems have to constantly adapt, so it may be time to openly debate these previous policies, if only to better design the next ones.

from a technical point, there is a world of difference between universally logging all users and conducting counter surveillance against known threats.

free participation in the public sphere is only possible when all actors have privacy and secrecy - that includes indymedia

to demand indymedia be 100% open and transparent is unrealistic and overly idealistic

heath bunting
mail e-mail: heath@irational.org
- Homepage: http://irational.org/heath/


Filters filter - they do not log

24.01.2011 09:11

I'm sorry but in normal IT usage a 'filter' would filter out traffic it is configured for - i.e. they would block traffic from the GSI.

This also begs the question - why did IMC not block the posts instead of allowing them to be posted and do what little damage they did do - no sorry it still stinks.

ip geek
- Homepage: http://en.wikipedia.org/wiki/Internet_filter


All power corrupts

24.01.2011 09:40

For me this is a classic case of the corruption of power, something to which we are all susceptible. The power might not amount to much in reality, but it still corrupts. Often it begins when one or more people think they are in a better position to take decisions than those the decisions affect (like when CNT leaders entered the Republcan goverment). It's clear to anyone who occassionally looks at the mods list that 'power' is a real issue for one or two mods, but in this case you have all abused the trust of IM users. If you are Anarchists you need to stand down and reflect on this.

Ordinary IM user


@ip geek: in order to filter, you need to know what to filter on

24.01.2011 10:24

In order to filter, you need to know what to filter on, so obviously you need to know the IP addresses beforehand.

It is interesting why the GSI IP addresses were let through rather than being blocked automatically.

I imagine it was to give the cops enough rope to hang themselves. If they just blocked posts from the cops' proxy server automatically, they would just switch to other IP addresses and carry on as usual. Far better to entice them into thinking they can still post, but be able to easily identify the trolling message and take them down promptly.

The cops must have thought Indymedia didn't know what were their posts and only took them down by inspecting the content. When all along Indymedia did know exactly who was filth. Well fuck you, cops, you got pwned!

I think Indymedia have handled this excellently and it's the cops coming out looking like idiots here.

anon


The Indymedia 'Fork'

24.01.2011 11:33

Seems to be explained in this article from last year  http://sheffield.indymedia.org.uk/en/regions/sheffield/2010/12/470678.html

Why wasn't this on the UK front page?

reader


@35 percy st

24.01.2011 12:40

Just to clarify, though ruby on rails is often served by a mongrel webserver, hyperactive sites are actually served by Apache running the passenger rails deployment software. Also, all of the hyperactive sites in the UK are running mod remove_ip which means that (beyond returning the page) everything else on the server appears to come from the localhost at ip address 127.0.0.1

All logs on Apache point to /dev/null in any case, and the rails production log you mentioned will only tell you the same information about an article that appears on an article on the front page ie the time it was posted and the url (and that it was posted by localhost) - this information is on the right hand newswire in public view. The logger features of rails are used to report software errors and info to this file not to log users (ask any rails developer)

As far as I'm aware 'unique hits' as mentioned above actually means 'individual hits' rather than from a unique user - this is a language slip on a forum.

all of these things are not guarantees of security by any means, you should always use tor and https whenever you can and take responsibility for your own online security. This is just information to assure people that their privacy is taken seriously and that measures are taken to safeguard this. If you have any questions about these issues then contact your local imc collective (their addresses can be found at  https://lists.indymedia.org) or come down to meet them face to face at one of their open meetings.

There is an excellent guide on this produced by the hacktionlab network and viewable online on the northern imc site at  https://northern.indymedia.org/zines/1165

correct@


@reader

24.01.2011 13:13

It was meant to be written collaboratively by all the uk imc's as a joint statement but Sheffield just wrote their own and stuck it up there. Unfortunately, some in imc UK find it hard to work with others which is what has led to this situation. The dividing line was between those who worked as local collectives and saw UK indy as a network of collectives, and a group of individuals based around the UK who saw themselves and UK indymedia as the 'uk collective' - this is the group now forming the 'mayday' collective who will continue to use mir at a different domain. Some of the local collectives will continue to work together (in a less formal way) and with other good quality radical media outlets to produce an aggregated news site.

I know it all sounds a bit 'peoples front of Judea' but the most important thing is providing a good quality and trusted radical media resource for our communities, which is something we have been failing to do so far. Hopefully this will mean we can finally make this happen.

IMCer


Ta @correct that's useful information ;-)

24.01.2011 13:52

@correct@

Thanks for the info.

The Statement from IMC London about the Schnews post is therefore misleading because it says hyperactive does not have the capability to log IPs 'built in', but it does - as default, so measures have to be taken to turn this 'built in' functionality off by 'fooling' it into thinking all requests are coming from 'localhoast' by configuring the web server this way. And if you can switch it off you can switch it on, configuring apache to log IPs. It would have been more informative to users if the London IMC post gave the information you have given. rather than this...

>>Following the publication of this schnews article, Indymedia London
>>would like to make it clear that ............ The
>>hyperactive code that indymedia london and others [1,2] run on does
>>>not have these facilities built into it.

Fact is it does and you actually have to do something to stop IPs being logged.

The point I was labouring to make is that any CMS has vulnerabilities and that IP information is potentially available to the unscrupulous, infiltrating, state operative whatever the CMS. So assume the worst, and if you are involved in activities that may affect your liberty, take care when using the internet.

What is good to see is that clearly the state has not infiltrated moderators/admins on IM UK because the gateway 303 story has been known inside the collectives for a while, and any unscrupulous state MIR moderator/admin would have known of the counter abuse capabilities of MIR and clearly they did not. TeHe.

The egg is on the state's face and not on Indy!

35 Percy Street


@IMCer and Fabbri - back to IM Scotland

24.01.2011 14:04

I'll keep this polite and to the point.

On Indymedia Scotland there is currently an article 'Indymedia UK to split'. I find it disingenuous and misleading, but that's my opinion.

On it, someone called TomM comments that "if you want anonymity use TOR". Which is good advice.

Then 'Bunny - an Indymedia Scotland admin', and I have met this man and know to distrust him, talks about how they are now on a budget server and so can't prevent logging. He previously revealed on that site that their server had been in a Greek Uni, and he claims that back then "indymedia admins having full control over whole server".

And back then was when IM Scotland were abusing IP addresses, my allegation. So I thought fair enough, things have changed, I'll post my criticism there. Yet any Tor comments are still blocked with the message "Your submission has triggered the spam filter and will not be accepted".

I would have cut and pasted my comment here but their webserver denies even that basic facility.

Now, I consider myself technical as I've stated/boasted, and I admit to already distrusting these people, but how can blocking Tor posts while recommending them not be seen as dodgy as fuck? Are other people here able to post comments via Tor to Indymedia Scotland? I assume not because I also tried to post an innocuous comment there from a friends PC, same result. Unless 'Bunny' has ruined Tor too then that seems bogus.

So why is IM UK having anything to do with IM Scotland? And speaking as a Scot, why are foreigners running an 'Indymedia Scotland' in the first place - I mean, I don't want to be 'nativist' about this but these are not Scots and though they've integrated themselves into various 'movements', they don't speak for me. I know of hundreds of actions in the past year that haven't been reported there. I would challenge them on this face to face but they don't even hold open meetings, let alone proper publically accountable meetings.

Please, when IM UK does fork, let me know which branch contains the IM Scotland admins so I can continue to ignore it.

Danny


thanks for the helpful bug report Danny...

24.01.2011 14:29

It was possible to comment and post on IMC Scotland with Tor at least a month ago. We've had problems with the spam filter recently, and after a pretty bad rash of spam comments taking up a lot of admins time configurations were changed. It has only just come to our attention that Tor can't be used, and people are currently trying to fix this. Instead of criticising here, you could of just said, and it would of been looked into. That is what's happening now. Thanks for your help.

As for this idea that "foreigners" are "running" IMCS, sounds like the Daily Mail comments pages would be better place for you to comment. There are a range of people involved in IMC Scotland to various degree's. Some have spent their hole lives in Scotland, some are new to Scotland. Either way, they are just as welcome. Your closet racism, and blatant nationalism, aren't. I look forward to the day you "continue to ignore" IMC Scotland, but feel that day will never come....

Fabbri


Gateway 303 article still being hidden by imc mods

24.01.2011 14:48

Hidden on Northern
Hidden on Nottingham
Hidden on Bristol
Hidden on Northern (2nd time)

London also hid it.

All of their readers are likely to have been affected.

FTP


Bug report my arse

24.01.2011 14:51

I have never been able to post a Tor comment to IM Scotland over years of trying. Not once. No one has that I've spoken to. The fact you lie about that blatantly shows you are a liar, but it also indicates to anyone who knows you that you and your comrades are people friendly with unexposed undercover activists, and who have been protecting them while abusing genuine activists. I'd have no problem with Indymedia Scotland being run by non-Scots, as long as it was run openly and honestly. And you pal don't do that. When is your next meeting and where was it published that it will be held? Cos I can name a score of Scots that would like to see who has been passing Indymedia posts to Lothian and Borders and Strathclyde police virtually destroying activism in this country. How long is it going to take you to fix your 'temporary recent bug' that has always denied Tor posts? Did I catch your curly tail in the fence, pig?

Danny


Disgusting

24.01.2011 14:52

The behavior of indymedia collectives on this issue is disgusting. When they spilt (sorry 'fork') I think neither should be allowed to use the name indymedia. When this 'mayday' group apply to use the name I think we should all object. No more indymedia MIR sites spying on posters!

no more indymedia


@FTP

24.01.2011 15:24

None of those sites use mir so how would their readers have been affected by the UK 'anti abuse' logs? Bristol and northern have always used non mir sites. The old Leeds bradford collective (mir), some of whom formed northern imc all handed in their mir logins in protest at how the imc uk site was being run didn't they?

Is it inconceivable that it might have been hidden because its a badly written, badly researched article that jumps to massive conclusions based on very little evidence (gateway 303 could just as easily be the jobcentre as netcu according to the diagram attached to the article) and not actually relevant to any of those regions, since the real story seems to be that imc UK has been spying on its own users 'for their own good'.

A tenner says the ip capture ability is on right now on this thread. How would we the users know if this is correct or not? Who agreed to a handful of people having that ability in a completely unaccountable way?

suicidal backfire


Piglet to Hamlet

24.01.2011 15:27

To any casual reader unsure if I'm lying or Fabbri is lying, read the IM UK archive including the hidden comments. I've claimed here repeatedly that IM Scotland don't permit Tor posts, and in emails to IM UK admins, never before has any IM Scotland admin claimed online it was just a temporary bug. I was either hidden, ignored or labelled paranoid. If I am being corrected now, that it is just a temporary yet recurring glitch, then I would have been corrected previously. I wasn't.

The reason I tried to use Tor on IM Scotland, before I ever used it here, was my family were suffering from police raids quoting Indymedia posts I was alleged to have written. At the same time I noticed IM Scotland Admins were misusing IP addresses by blocking certain posts and spilling information about posters. Soon after, I found the same IM Scotland admins were defending people who admitted to being police informers, and who sometimes have claimed to be undercovers, as 'salt of the earth activists'. Meanwhile I was publically lablled as paranoid by Fabbri and co for stating what every techie knows, and which had already been admitted on IM UK, that IP addresses are potentially visible on all websites.

Now for some reason IM UK is under attack, not just here but on Indymedia Scotland articles. Those same articles have IM Scotland admins saying always use Tor - and yet they have never permitted Tor. They claim now that they do, and it is just a tewmprary glitch, but I know that to be a lie and you should know that to be a lie because this is the first time they have claimed this in response to my allegations.

I'm not saying trust me, but any rational person should know to treat Fabbri and co with the same suspicion that something brown on the sole of your shoe merits. There is something rotten with the state of IM Scotland. Their articles should not be reposted here and none of their admins should have admin rights here. Fuck the fork, it's high time for a purge.

Danny


Re: Disgusting

24.01.2011 15:33

I find it suspicious that there is someone commenting on all 3 articles today advocating the destruction of Indymedia. More NETCU post perhaps?

Insider


Back to basics

24.01.2011 16:00

Over a decade ago IM UK was set-up by a small group of individuals, and their number expanded greatly as their reputation increased. With that has come dodgy members, and some really dodgy off-shoots. It has needed purging for years, not forking.

As an outsider I suggest as many of the original group get together, take control, and admit only the bare minimum number of helpers that running this site requires, with stringent security tests. I'd also suggest using lie-detectors on those additional volunteers, because everyone can be taken in by a professional liar.

Keep it small, keep it pure, and you will have a far bigger effect, like you once had. Look at me, I'm accused of being an egoist now, fair point, but originally I wouldn't post here out of respect for the genuine activist who did use this place as a useful service. Cut the crap, and if that means me too then fair enough.

It's a basic truism in computing, added functionality decreases security, added security decreases functionality, it's always a balance, so prioritise security. We don't need a huge IM, we don't need a friendly IM, we need a trustable IM. Like you once were. Hit the reset button. Reinvent yourself with added security.

Danny


Overly optimistic

24.01.2011 16:19

Some people are being over optimistic here claiming that the IP logging is now out in the open. It's not really, no more than it has been before. There has been no official announcement just Sheffield and Birmingham going it alone to publish information which the rest of the network seems to be blocking/hiding.

There are still insiders posting here claiming it's all overblown, irrelevant or untrue.

The security and privacy pages of the IMC UK site still make the claim that no IP addresses are logged, nothing has changed and only the views of this specific thread may have read something which they'll remember. In a few weeks time it will blow over and people will forget. The claims that IMC UK doesn't log IP addresses will remain.

All this has has happened before and people then said the same things, expressing thanks that the truth was finally out there. But the cover up continued and remains to this day.

Don't believe me? Check for yourself. Use a decent search engine to search this site for references to IP LOGS and then switch on the hidden comments by adding ?c=all to the end of the URL. When you do this you will find references to this issue dating back to 2003.

Try these for example:
 http://www.indymedia.org.uk/en/2009/02/421434.html?c=all
 https://sheffield.indymedia.org.uk/2009/02/421839.html?c=all
 http://www.indymedia.org.uk/en/2009/02/421703.html?c=all


deja vu


An appeal to indymedia UK

24.01.2011 16:23

Please please please put an end to all this bickering. Please discuss among your collectives and issue statements either individually so each collective or if possible from IMC UK as a whole and categorically make clear whether the admissions and apology in the article posted by Birmingham IMC reflects the opinion and reality for IMC UK collectives as a whole.

Please do this urgently as you are all looking really shady right now.

step up


Indymedia doesn't need added security - it needs authentication

24.01.2011 16:29

Any "security" Indymedia adds will just be a charade, since ISPs can log IP addresses at a higher level anyway.

The main problem Indymedia has isn't with revealing the identity of people who post information on illegal acts, it is with the huge amount of trolls from police and other scum. If posts and comment could be (optionally) linked to a single (pseudononymous) identity, we could have more of an idea which are from genuine people and which are just trolls.

Ideally some kind of reputation system would be good, so people can mark up the trustworthiness of specific identities. This would require a lot of work and much more processing power for the server though, so it might be unfeasible.

How about letting people post PGP-signed messages, as a first step? That would just mean the server had to store PGP keys and validate the signatures on any posts or comments that came in, which wouldn't be too much work. It's true it would probably only be usable by geeks, but at least it would be a start.

anon


Followed the link and found this hidden comment

24.01.2011 16:35

Proof of the IP logging feature is in the public record
11.02.2009 01:49

That email that the above poster refers to on the IMC-UK-MODERATION list has now been removed from the public archives which doesn't exactly inspire confidence. I'm confused about what those responsible so worried about revealing as it's already in the public record that the indymedia software has this feature and obvious that it is used.

A google search for INDYMEDIA MIR "IP LOG" returns many hits for publicly archived posts from indymedia collectives around the world which use the same software as the UK and many posts in the indymedia documentation project and the MIR development site.

The feature was publicly announced in some detail during October 2003 on the IMC-UK-FEATURES list in following a previous thread about blocking the IP of a specific poster.

More of that discussion can be seen in a log of an IRC meeting which was posted to the IMC-TECH list. A further google search reveals that most of the people who took part of that discussion are still active in indymedia collectives. Below are some extracts:

yossarian i am for blocking Rockwell
...
bunny_ it can easily be bypassed especially if person knows they are being blocked
....
yossarian i am hoping that Rockwell is a shithead who is not technically
savvy
....
bunny_ I think blocking should be decided by a secret comminite in private that we sety up at sheff
bunny_ which report general critia
bunny_ in open but not specifics
....
bunny_ The problem with Blocking is it depends on switching IP log on
bunny_ which we shoudl no do if we can aviod
Tom secret committe - not really in the sprit of the Indymedia collective IMHO
zak i'm rather nervous about starting to take decisions in private -- it kind of goes against our princple of accountability and openness
yossarian bunny_ that is very bakunin of you
bunny_ but it is nature of the tool of blocking
bunny_ if one chooses to use it
bunny_ I say it should be used rarely
Tom what's the issue with IP logging?
...
yossarian i am not for secrecy in this case either
....
bunny_ then yossarian you must be against blocking
....
yossarian no i am not against blocking, i just think we should be open about why we are doing it and who we are doing it to

Other people in that meeting include GDM and Chrisc who've all been engaged in the arguments over transparency on the IMC-UK-MODERATION list over the last week since the expulsion of admin Ben who's email which mentioned the IP log. That email has now been deleted from the public archive by the list admins.

It seem that some indymedia admins are hoping to rely on what is know as security through obscurity
which basically means you know that you have vulnerabilities but hope that by not talking about it then nobody will discover them for themselves. This approach is generally considered highly flawed but there are arguments for it but in this case it's certainly a case of shutting the barn door after the horses have bolted since the codebase MIR is open source and the features actively publicised by the developers.

One example can be seen here and gives a little insight into what the admin interface for indymedia might look like. It is a list of string names and values for the localization of the interface, given in english in this case. It clearly shows a host of functions relating to an IP log and IP filtering.

abuse.htmltitle = anti-abuse measures
....
abuse.disableopenpostings=Turn off open posting
abuse.openpostingpassword=Require a password for open postings
abuse.logpostings=Log IPs for open postings
abuse.logsize=Logging buffer size
abuse.cookies=Use cookies for blocked users
abuse.articleaction=Action for blocked article
abuse.commentaction=Action for blocked comment
....
abuse.showlog=Show the IP log
abuse.showfilters=Manage filters
....
abuse.log.time=Time
abuse.log.address=IP number
abuse.log.object=Object
abuse.log.browser=Browser
abuse.log.filtertype=Filter type
abuse.log.filterexpression=Expression
....
abuse.filtertype.ip = IP Number
abuse.filtertype.regexp = Regular expression
....
abuse.filters.htmltitle = Anti-abuse filter rules
abuse.log.htmltitle = Anti-abuse open posting log

There is little to gain from continuing to hide these features while at the same time as encouraging users and spammers alike to use proxies to ensure their anonymity. The vast majority of determined spammers will already have been using such cloaking technology anyway.

In the meantime, attempting to hide all this from indymedia users is totally counterproductive at this time, especially while people are seeking reassurance and carification over the potential for police to obtain IP data relating to specific posts. Honestly would be reassuring and as stated in that October 2003 email, "the data collected is held in memory, not on any hard disk space and is gone once the log is switched off again - so if anyone ever wanted to raid the server no information on posters can be obtained."

Indymedia are acting like the chinese government censors, hiding all comments on this and even going so far as to purge the history books of references they dont like. The revisionistas have deleted from their own PUBLIC mailing list archives all the emails mentioned by an earlier poster who ironically was pointing out that you cant gain security by sweeping issues under the carpet.

DELETED  http://archives.lists.indymedia.org/...er/004250.html

but still cached by google as I type (  http://74.125.77.132/search?q=cache:...ient=firefox-a)

[Imc-uk-features] IP address
andi andi at syndicate.org.uk
Thu Oct 23 13:11:05 PDT 2003

* Previous message: [Imc-uk-features] newswire list, promoting, feats ed policy...
* Next message: [Imc-uk-features] rockwell?
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi all,

it is possible to log ip addresses in the new codebase. this can be
switched on and off, and is by default switched off.

the data collected is held in memory, not on any hard disk space and
is gone once the log is switched off again - so if anyone ever wanted
to raid the server no information on posters can be obtained.

but we as imcistas have the option to track trolls. we have not used
ip blocking yet but were near doing it - i for one have hunted for
ram's ip, see
 http://lists.indymedia.org/pipermail...ptember/004459.
html

anyhow we never made firm decisions on this.

a question would be as well for how long a block is supposed to be...


DELETED  http://archives.lists.indymedia.org/...er/001187.html

but also still cached as I type (  http://74.125.77.132/search?q=cache:...ient=firefox-a)

Here's another one they'll have to delete if they want to continue to revise history:
 http://archives.lists.indymedia.org/...er/003929.html

I don't know how they think they can eradicate this from our memories or from web sites they dont control which also record this info.

They hide this shortly to but it can all be read here  http://www.indymedia.org.uk/en/2009/...703.html?c=all at least until they stoop to deleting rather than hiding the comments they don't like.

anon

wow


Disinfo Disinfo

24.01.2011 16:52

"I find it suspicious that there is someone commenting on all 3 articles today advocating the destruction of Indymedia. More NETCU post perhaps? "

Yes disinfo isn't that difficult to spot especially now we have some examples to look at.

An interesting one is the 'plausible deniability' angle e.g. might have been an anarchist lollipop lady, there was one on Schnews that actually suggested it might be a disaffected anarchist copper doing the posting! It's pretty good because plausible deniability is the last resort of the covert operator.

Having seen the 303 posts it seems likely and obvious to me that this wasn't a disaffected anarchist copper, but a bunch of paid operatives, trying to get people locked up.

Class War


@deja vu - this is funny

24.01.2011 16:52

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

Caveat Emptor: your details are noit invisible on the IMC UK system

11.02.2009 08:28
I thought the wording of this was a little odd.

 http://www.indymedia.org.uk/en/static/privacy.html#IP_Address_Logging

"IP Address Logging

Every computer on the web has an IP address. The IP adresses of remote users can be logged by servers. Through these logs, people's activities can be traced when they are matched with records from ISP's about who is has been allocated any given IP address at any time.

All the web servers that are used for the UK Indymedia web site are set up not to log IP adresss. This ensures the privacy of people who are browsing the site and posting news and comments to it. However, it is technically possible for networks between the servers and users to log IPs — if you are concerned about privacy need to ensure your anonomity please see the security page for more information about measures you can take."

I suggest it should now read:

" Despite the fact that servers have had their logging of IP addresses disabled, we are clandestinely running a system where the IP data can be actively monitored by a administrative facility that holds this info in memory for an unspecified period of time.

This in turn obviously means that anyone with (access to) the correct admin rights can easily and secretly note down the IP details of posters. Which again in turn means that anything you post can be easily traced back to you and potentially shared.

This system obvious has very seriously implications for a facility designed for activism and political dissent, and we cannot offer any assurances that your identity will not be divulged to anyone including the police and security services.

Security services please note, that all you have to do is become an admin on IMC UK to be able trace posters- or just threaten admins into complying"

Can we see something as accurate as my sarcastic yet true suggestion?

That you have been monitoring IP and have such a facility on IMC servers is beyond belief! It is as irresponsible as you can get and has put making admins lives easier above the security of posters.

I am still agog!!! Given the attitudes and sanity of some admins on here, I have zero confidence in this facility not being abused.

It makes a mockery of anti-authoritarian and anti-surveillance posters here and I shall be passing on to others what you are doing.

Totally and utterly appalled!

Sam


@sam

24.01.2011 17:41

"This in turn obviously means that anyone with (access to) the correct admin rights can easily and secretly note down the IP details of posters."

If the posters don't use Tor, as is allowed here and has been pointed out repeatedly by IM UK admins. So use Tor here like you were told and you won't have any worries here. What should worry you, and is something I've pointed out repeatedly is that not all British collectives permit Tor. I highlighted IM Scotland because I believe beyond reasonable doubt that they are dodgy, but any website that doesn't permit Tor should be treated with contempt.

Tor isn't fool-proof, and it won't last forever, but there is no valid reason to block it as some other collectives do.

Some anon previously on this thread suggested PGP encryption, which is daft and I hope they are embarrassed. PGP encryption is a must for personal communications, and 'plausible deniablity' encryption is a must for your hard drives, but PGPing to a public site? It's like PGPing directly to the cops. If they have your IP address, what good does it do? Maybe I'm missing something but it seems like disguising your voice on a bomb threat from your own phone. Maybe your voice is disguised, but your identity isn't.

I'm a bit worried to read on this thread that 'bunny' is a player here. I could name his name and address here, out of badness since it would be instantly hidden, but really, Space Bunny is a player on IM UK? That's the most worrying thing I've heard this year. Makes me think, we know about the cops infiltrating but Mossad too?

[exit stage left to the Dave Howard Singers 'I am a bunny']

Danny


Re: Followed the link and found this hidden comment — wow

24.01.2011 19:09

Hoorah - you found some disinformation. Well done. It was posted at this rather delicious site:
 http://www.rinf.com/forum/showthread.php?t=7619

Can you prove this claim?

"The bigger issue here is how it seems the IP logs that IndyMedia keeps have been used in the recent arrest and subsequent convictions of Animal Rights activist, a fact that Indy admins have kept quiet and worse hidden reference to."

The only arrest I am aware of was of someone who wasn't an Animal Rights activist, and who was never charged with anything.

Because if that isn't true, then what we have is someone stirring the pot. Just like the cops have been doing for years.

Should Indymedia leave blatant lies up?

There are no IP logs, seizing the server would not help the police at all.

googler


lost and bemused

24.01.2011 19:17

As someone who has used computers since the late 1960s, been able to programme them since then, had a web site running before most people had heard of the web or internet let alone knew what they were, I possibly know a little more than the average punter.

Servers need IP addresses to work, the net needs IP addresses to work. If you request a web page from a server, which is what your web browser does on your behalf, then it has to know your web address, otherwise it cannot complete your request. The server has to know where to send the web page you have requested.

The real world analogy is that I need your address to send you something in the post. Without your address, to where do I send it.

What the server does with you IP address after it has processed your request is a moot point. I would expect the default to be logging is turned on.

Now this is where it gets interesting. If some IP addresses are to be filtered and the IP addresses are to be fed into the filter manually, then they have to have been logged or recorded somewhere.

Personally I could not give a toss whether or not Indymedia UK logs or does not log IP addressess But clearly some people do care. What I cannot underdstand is why Indymedia UK is not willing (or maybe unable) to give a straight answer.

But let us assume Indymedia does not keep your IP address. It must be logged your end, ie your ISP, as again we have a communicate problem.

It is unreasonable to assume Cops know anything about computers and how the internet works.

It is unreasonable to assume that those making mischief are cops. All we know is it person or persons unknown on the government network. It could just as easily be a bored low level clerk in a Job Centre

As for secrecy, posts would carry far more weight if people had the guts to post in their own name.

Keith


Questions for Keith

24.01.2011 19:31

Keith says:

" It could just as easily be a bored low level clerk in a Job Centre"

Fitwatch says:  http://www.fitwatch.org.uk/2011/01/22/state-infiltration-and-attempted-disruption-of-activist-websites/

"Other comments have publicised legal action taken against Fitwatch activists, presumably in an attempt to undermine our support. During one case, three people convicted for obstructing police cameras found the news of the verdict posted before they had even left court. Similarly, a Fitwatch activist deported from Copenhagen after being caught up in the mass (unlawful) preventative arrests during the COP 15 protests, had the news – along with her name – posted on the then unmoderated site from the 303 gateway address. The post was removed by Fitwatch in order to protect her privacy."

How do you think the bored clerk would have got hold of that info Keith?

Schnews also notes:  http://www.schnews.org.uk/archive/news755.php

"These postings have targeted individual activists, put out information about activists that is not in the public domain, attacked campaigns, and urged the disruption of peaceful protests

Now Keith, please tell us where the lowly clerk gets the info that isn't in the public domain?"

Those are the posts that are really worth thinking about. If its unreasonable to suspect the cops, all you need to give us a reasonable explanation of how your bored job centre clerk got hold of info that wasn't actually available in the public domain. and so quickly....

Not Keith


Like the Stasi

24.01.2011 22:08

Ever noticed one IM mod hides more posts than all the others put together? Completely deleting posts, editing comments, even deleting stuff from the mods list archive - none of these things are new. Within the last fortnight for example Indymedia have policed the Kennedy affair like the fucking Stasi. You have shown yourselves to be a bunch of stupid, corrupt, incompetent liars Indymedia. You have abused the trust placed in you. You are not fit to call yourselves anarchists and you are not fit to hold positions of responsibility.

Grumbleweed


@Danny: use of PGP with Indymedia

24.01.2011 22:39

You seem to be fairly computer literate, so I assume you misread what I said, but for the benefit of other people: I was talking about PGP signing, not encryption.

 http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Digital_signatures

Basically you have a private key and a public key. The private key is used by you to "sign" a message. This attaches a small piece of data to each message that only you could have generated. Anyone with your public key can verify that the message was sent by the person with the private key.

If Indymedia stored the public keys of regular and genuine posters, it could verify signed messages and put some kind of logo by them to highlight the fact they are by genuine people. Other non-signed messages could still be shown, but people would know to treat them with some suspicion.

The point is it enables you to build up a trust in your pseudonymous identity. You could post your signed messages from Tor each time if you wanted, so it couldn't easily be traced to an IP address. You could have multiple such identities if you wanted, if you didn't want two different aspects of your life to be linked.

You could also have a web of trust, where people can sign other people's PGP keys to give them indirect trust.

The advantage of this over some kind of login system is that it requires less infrastructure on the server. You could even do it right now if you wanted (although Indymedia probably reformats the message slightly to put it in HTML format, which would break the signature). Then people could verify the signature themselves. But most people wouldn't know how to do this, so if Indymedia did it, it would make life much easier.

anon


Grumbleweed

24.01.2011 22:42

anonymous sniping is ever so easy.

Challenge the hiding of posts on the moderation list if you're not happy with them. Thats where they get reported, and you must know where it is if you know who does the hiding.

tumbleweed


example of using PGP signing

24.01.2011 23:03

Here is a basic example of how PGP signing works. I'm using GnuPG on a commandline but there would be graphical ways of doing it too.

1. generate your PGP key pair:

$ gpg --gen-key

Fill in name, email, comment as required. You can lie if you want! You can see your key:

$ gpg --list-secret-keys


2. write your message in a file message.txt

3. sign the message:

gpg --clearsign --default-key  smith@smith.org message.txt

This creates a file message.txt.asc which looks something like this. Indymedia could hide the signature from the basic view, but it would be good to have the raw message available so we don't have to trust a central system:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi this is a test message
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQEcBAEBAgAGBQJNPgIFAAoJEA5RydKht9ozN9wH+wa5J30F6/SXKX1F8Uqp5RzC
7OSWolZXABSpcCqoY//LiE/rkkHSZkPnC1AinRpxTiDWqbbP5E9/KpnzRyYij+mn
6T2d9/0eJv7KIZfZbQH5fEiqnNYRl608B4C5YTKVHH4duM5hNVNCT9rQcGMOKv+h
pKOs4QL/2cpzgHMswFhupTl/LejaEpLAQw9dn5DtTfU8G3gs4Fuf0rkTMWkRwM/i
ph0412WpU2EGeLh6CGTH0IkYC6Dx4g8iWTkaWmHncdr9lVNU9HaAfW+RhuvtxEwP
NrIv1ElfDItdDQJiPT41HKIkLscG1ukd27J0x7ApDEIYbSZnCZwwl2l+dSVAgMc=
=ew+/
-----END PGP SIGNATURE-----

Now you post this message to Indymedia.

4. You make your public key available to anyone that wants it. They can verify the message was from you by saving the raw message to a file message.txt.asc:

$ gpg --verify message.txt.asc

gpg: Signature made Mon 24 Jan 2011 22:49:41 GMT using RSA key ID A1B7DA33
gpg: Good signature from "Mr Smith (This is Mr.Smith's test key) < smith@smith.org>"

This looks complicated but Indymedia should be able to verify behind the scenes to make it simple for most people to get the benefit of knowing which messages are trustworthy. Sending signed messages would still be complicated though, although I'm sure there are graphical tools for PGP that make it simpler.

anon


tumbleweed

24.01.2011 23:14

What an old chestnut! Don't you understand your not trusted by anyone anymore. Complain? Even if anybody could figure out how the system works it does no good. You lot've been out of control for ages now.

Dan


So so bored with reading posts from Danny

25.01.2011 02:12

Reading posts from Danny over and over again is enough to incite suicidal feelings. I hope I'm never in a meeting with him as he is clearly somebody who loves the sound of his own voice and would be forever holding up to fingers to make some vital intervention into the discussion.

The issues raised here are too important to allow distraction from disruptive users like Danny. I wish indymedia would spend as much time hidding his rambling repetition as they apparently do censoring information about police infiltration of the website and references to IP logging.

yawn


@yawn

25.01.2011 09:21

U r obviously the filth trying to deprive us if indymedias greatest contributor, and the flurry of adoring commentators that magically follow on. I suspect he is some new chris morris character lampooning the swp.

coraline


@anon - PGP

25.01.2011 11:35

Oh sorry, I didn't get your point. I have recommended authenticated log on's for year, for users who choose not to post anonymously, I thought a password would be good enough but PGP would be better. It stops people faking other peoples identities to mislead or smear - and in my case of being it would've stopped at least one police raid as I genuinely didn't write many of the posts I was questioned about. Years ago there was a spate of that, and I met one of the people who did it, someone who claims both to be mad and an undercover. Authenticated logons wouldn't stop the police posts here, or various other problems, but it would stop that base tactic which would save a lot of confusion.

@Yawn, There will be a fair few folk here who have seen me at meetings, but I loathe meetings so they won't have heard me talk. I'd have a helluva lot to say at an Indymedia Scotland meeting but they don't seem to invite the public. Smear and run, that's them.

Danny


cop or bored Job Centre clerk

25.01.2011 18:43

If a post comes from the government secure network, then clearly it can be anyone on that network.

If the post reveals sensitive information known only to a small circle of people, then I agree it narrows it down to that small group of people.

Many of the posts on Indymedia UK, which greatly devalues its value, are posted by morons. Moot point whether they are behind a government secure network. I would suggest cops, even bored cops, have better things to do.

Keith


PGP digital signature

25.01.2011 19:04

Most people think of PGP as secure encryption. But is can also be used to sign documents. The signature can be a detached signature, thus it does not have to be text you sign, it can be a picture, for example.

PGP is hard encryption, that is secure.

The problem arises in Public-Key Encryption, which PGP is but one example, with key management. Few people understand this, let alone get it right. I have been at security conferences where I find people do not understand.

It does not matter how good your encryption if your key management is poor.

How do I know the key is your key?

All I know is the document has been signed by the key holder.

I have to be able to verify the key. I have to be able to trust who has signed the key. That is why I emphasise to people over and over again, do NOT sign a key unless you are sure the person is who they say they are, as other people are relying on you to have checked them out.

We now have another problem. You are no longer anonymous.

The following information is now somewhat dated, it was written for the MSDOS version, but the principles still apply.

 http://www.heureka.clara.net/sunrise/pgp.htm
 http://www.heureka.clara.net/sunrise/pgpwhat.htm
 http://www.heureka.clara.net/sunrise/pgpwhy.htm
 http://www.heureka.clara.net/sunrise/pgpsec.htm

Keith


re: PGP digital signature

26.01.2011 00:10

@Keith: you are missing the point.

The idea of using PGP signatures in this instance is NOT necessarily to associate posts with a trusted real person, even if that is the conventional use of PGP signing.

Indymedia could use it to link a post to a real person though; for example if an organisation wants to post to Indymedia and have everyone verify it really is from them. They could post the public key on their website so people can check. Or Indymedia could do it automatically. They can use a web of trust so people can have indirect trust it really is from them. Or people who post here under their own name anyway and have a problem with people pretending to be them.

The use I am thinking of is establishing a "pseudonymous" identity to make more than one post, so they will all be linked together. In this way, even though no-one knows who is making the posts, the trust you place in a post can be weighted by all the other posts made by that same identity.

It's true that trolls can still get through by making a series of sensible posts to build up trust in their identity and then starting their trolling, but that is a lot of extra work for them.

It's just the same idea as having a login system. You don't necessarily know who is behind a particular login, but the login has its own reputation building up.

The only advantage of the PGP signing is that it requires less work on the server side, so would be easier to implement. The first thing that would be needed is the ability to post raw text to Indymedia so things like links and angle brackets don't get mangled.

anon


pgp communication

20.02.2011 02:28

its to complicated to use pgp in the case of us digitally signing into indymedia. Indymedia just needs to be moderated. It is about taking control.

In your affinity group, use pgp and sign your key if you are satisfied that you trust everone in your affinity group. For email communication. set your mail up to download to your computer. Use another email address than the one you use all the time for friends and family. when planning an action use that address. Encryption should be at compter level, emailed across the server encrypted, downloaded at the other end and decrypted on the computer. delete the emails you dont want or need anymore on the computer. On the night before your action delete the email account on the computer and defrag and secure delete the free space on the hard drive. Ensure your computer is clear of all incriminating evidence. then delete the email account with the encrypted emails on there. destroy all paper evidence and passwords. You are now ready for your mission..

Good luck and good night..

pgpgpgp


Upcoming Coverage
View and post events
Upcoming Events UK
24th October, London: 2015 London Anarchist Bookfair
2nd - 8th November: Wrexham, Wales, UK & Everywhere: Week of Action Against the North Wales Prison & the Prison Industrial Complex. Cymraeg: Wythnos o Weithredu yn Erbyn Carchar Gogledd Cymru

Ongoing UK
Every Tuesday 6pm-8pm, Yorkshire: Demo/vigil at NSA/NRO Menwith Hill US Spy Base More info: CAAB.

Every Tuesday, UK & worldwide: Counter Terror Tuesdays. Call the US Embassy nearest to you to protest Obama's Terror Tuesdays. More info here

Every day, London: Vigil for Julian Assange outside Ecuadorian Embassy

Parliament Sq Protest: see topic page
Ongoing Global
Rossport, Ireland: see topic page
Israel-Palestine: Israel Indymedia | Palestine Indymedia
Oaxaca: Chiapas Indymedia
Regions
All Regions
Birmingham
Cambridge
Liverpool
London
Oxford
Sheffield
South Coast
Wales
World
Other Local IMCs
Bristol/South West
Nottingham
Scotland
Social Media
You can follow @ukindymedia on indy.im and Twitter. We are working on a Twitter policy. We do not use Facebook, and advise you not to either.
Support Us
We need help paying the bills for hosting this site, please consider supporting us financially.
Other Media Projects
Schnews
Dissident Island Radio
Corporate Watch
Media Lens
VisionOnTV
Earth First! Action Update
Earth First! Action Reports
Topics
All Topics
Afghanistan
Analysis
Animal Liberation
Anti-Nuclear
Anti-militarism
Anti-racism
Bio-technology
Climate Chaos
Culture
Ecology
Education
Energy Crisis
Fracking
Free Spaces
Gender
Globalisation
Health
History
Indymedia
Iraq
Migration
Ocean Defence
Other Press
Palestine
Policing
Public sector cuts
Repression
Social Struggles
Technology
Terror War
Workers' Movements
Zapatista
Major Reports
NATO 2014
G8 2013
Workfare
2011 Census Resistance
Occupy Everywhere
August Riots
Dale Farm
J30 Strike
Flotilla to Gaza
Mayday 2010
Tar Sands
G20 London Summit
University Occupations for Gaza
Guantanamo
Indymedia Server Seizure
COP15 Climate Summit 2009
Carmel Agrexco
G8 Japan 2008
SHAC
Stop Sequani
Stop RWB
Climate Camp 2008
Oaxaca Uprising
Rossport Solidarity
Smash EDO
SOCPA
Past Major Reports
Encrypted Page
You are viewing this page using an encrypted connection. If you bookmark this page or send its address in an email you might want to use the un-encrypted address of this page.
If you recieved a warning about an untrusted root certificate please install the CAcert root certificate, for more information see the security page.

Global IMC Network


www.indymedia.org

Projects
print
radio
satellite tv
video

Africa

Europe
antwerpen
armenia
athens
austria
barcelona
belarus
belgium
belgrade
brussels
bulgaria
calabria
croatia
cyprus
emilia-romagna
estrecho / madiaq
galiza
germany
grenoble
hungary
ireland
istanbul
italy
la plana
liege
liguria
lille
linksunten
lombardia
madrid
malta
marseille
nantes
napoli
netherlands
northern england
nottingham imc
paris/île-de-france
patras
piemonte
poland
portugal
roma
romania
russia
sardegna
scotland
sverige
switzerland
torun
toscana
ukraine
united kingdom
valencia

Latin America
argentina
bolivia
chiapas
chile
chile sur
cmi brasil
cmi sucre
colombia
ecuador
mexico
peru
puerto rico
qollasuyu
rosario
santiago
tijuana
uruguay
valparaiso
venezuela

Oceania
aotearoa
brisbane
burma
darwin
jakarta
manila
melbourne
perth
qc
sydney

South Asia
india


United States
arizona
arkansas
asheville
atlanta
Austin
binghamton
boston
buffalo
chicago
cleveland
colorado
columbus
dc
hawaii
houston
hudson mohawk
kansas city
la
madison
maine
miami
michigan
milwaukee
minneapolis/st. paul
new hampshire
new jersey
new mexico
new orleans
north carolina
north texas
nyc
oklahoma
philadelphia
pittsburgh
portland
richmond
rochester
rogue valley
saint louis
san diego
san francisco
san francisco bay area
santa barbara
santa cruz, ca
sarasota
seattle
tampa bay
united states
urbana-champaign
vermont
western mass
worcester

West Asia
Armenia
Beirut
Israel
Palestine

Topics
biotech

Process
fbi/legal updates
mailing lists
process & imc docs
tech