Posts which incite others to commit violent acts are a risky business for Indymedia Collectives. In early 2009 Indymedia UK had one of its servers seized after a comment was posted to the newswire, with the home address of the judge from the Stop Huntingdon Animal Cruelty (SHAC) trial. An individual was arrested, and to this day the police continue to hold the server, along with personal belongings of the arrestee. In 2005, a local collective, Bristol Indymedia had their server seized from the home of an activist, after a site user complained to the police about an anonymous post to the Bristol Indymedia newswire, which reported an 'action' in which objects were dropped onto a freight train carrying new cars somewhere near Avonmouth.

In both those cases Indymedia, because of stringent rules designed to protect user anonymity, was absolutely unable to provide IP addresses to anyone as the system does not log IP addresses. Today however, we are able to state categorically that the comment containg the incitement was one of a long list of posts which have come from a Government Secure Intranet known as Gateway 303, a state network which provides a secure proxy network behind which state agents can maintain their anonymity. Other posts from the same government secure intranet have targeted individual activists, put out information about activists that is not in the public domain, attacked campaigns, and urged the disruption of peaceful protests with Direct Action. The main targets of these many articles and comments have been Environmental Campaigns and Animal Rights campaigns and activists. Whilst we do not have any way of identifying from which computer behind the Government Secure Intranet these posts came, we would hazard a guess that they came from someone who has links to The National Extremism Tactical Coordination Unit known as NETCU, a shady body which has so far evaded accountability because it has been set up as a private limited company despite the fact it is staffed by serving police officers, and funded by the Home Office.

We have decided to publish a list of all posts that we know were made from Gateway 303 so that activists can see for themselves some of the tactics that agents of the State have used to disrupt, and provide disinformation on Indymedia, and which campaigns and activists they have targeted. With this information, we believe that the state should be able to identify their own agent-provocateurs, and furthermore that this exposure of the posts by State Agents undermines the state itself in a number of ways. It shows once again that the so-called "forces of Law and Order" are infiltrated with unprofessional individuals who are prepared to go to great lengths to set-up individuals and protest campaigns, and that despite all their many claims, parliamentarians are unable to take effective action to weed out the 'bad apples' they say are the problem. It undermines attempts by the Crown Prosecution Service to smear defendants by pointing to anonymous postings on Indymedia. Judges will now have to take into account that there is clear evidence that Indymedia UK is abused by State Agents to harass campaigns and individuals, and to incite the very kind of 'Domestic Extremism' that outfits such as NETCU were set-up to specifically stop. We wonder if some of their own posts have been used by NETCU to bolster their own importance and to justify higher levels of funding than they might otherwise receive. We cannot know for certain, but can strongly suspect, that there have been other state posts which have come from non-filtered IPs, and that by going public on these posts, we have made public the propensity of the State to harass campaigns and activists through abuse of open publishing sites.

How does Indymedia UK know where these posts came from, when it always said it doesn't log IPs?

It is absolutely true that Indymedia does not log IPs - by which we mean the IP Addresses of those who use the website are not recorded for the purposes of protecting their privacy. However, what has never been openly stated before is that the CMS system we use has a number of anti-abuse measures which include the ability to monitor for particular IP addresses and log their behaviour. The key here is that IP addresses are never written to the hard disk - they are briefly held in the RAM (i.e. temporary) memory only. Only when particular IP addresses are identified as persistent abusers are they applied to filters. There remains no general practice of logging each and every user. Once the anti-abuse measures are turned off, any IP addresses identified are automatically wiped from the virtual memory and, as they were never written to the hard disk, no amount of forensics would ever be able to find them.

In this particular instance however, the filter for the Gateway 303 IP was manually added after site admins became aware of a post on Animal Rights Copwatch which revealed that someone posting from Gateway 303 had posted to their site, posing as an Animal Rights activist. This allowed all posts from Gateway 303 to be identified and each post was flagged with an internal comment that identified it as a post from Gateway 303.

In the early days of Indymedia UK, which recently celebrated it's 10th Birthday, site admins believed that they would never be able to gain the trust of posters, if the range of anti-abuse measures were made public. As is often the case, once a body has failed to be completely open about something, it becomes 'the elephant in the room' and so a situation was created where the new and current admins were actively blocked from bringing these measures into the open. The stalemate continued until now, with site admins proposing a new approach of coming clean about the measures that are in place, and others in the collective blocking this.

The dilemma was brought to a head when it became clear that the state was exploiting the stalemate to attack campaigns and activists, and the most recent posts meant that the calls to expose these attacks became louder. We sought to convince people within the collectives that activists are now much more aware of how the internet works, and many have direct experience of working on sites which have a range of anti-abuse measures. We also argued that continuing to gloss over the reality in a misleading way was detrimental to Indymedia UK, and that there was no small likelihood that at some stage we could be outed. Furthermore, we argued that as a group we have a duty to defend campaigns and activists that are being targeted by the state, in exactly the same way that people have supported us when we have experienced state repression, and that we could no longer justify allowing state agents to abuse Indymedia UK, by glossing over what we knew was happening.

However the state chooses to respond to this revelation, the truth remains that there is no written log of IP addresses, and that no amount of duress will enable any IMC admin to reveal information that quite simply is not available to them. We will endeavour to produce an article detailing how our anti-abuse measures operate, as quickly as possible.

Be Cleverer than NETCU - mask your identity.

Posts on Indymedia have often urged people to protect themselves from the cameras and Police Intelligence Units by masking up at public demonstrations. Those activists who have taken steps to avoid detection of covert actions before, during and after they take place, are well advised to take other steps to avoid detection when posting about those actions . This is because we know that we cannot guarantee that there are not other ways for the state to trace your computer activity.

In our post-server seizure article in February 2009 we suggested the following steps to to improve your security when using the IMC-UK website:

• Only post stuff to Indymedia that won't get you in trouble.

• Use Tor - an application that allows you to anonymise your IP address. Bear in mind that it is not 100% safe - see these Tor caveats. The safest way to use Tor is probably via a live CD or USB stick, see the The (Amnesic) Incognito Live System, which is designed so that "all outgoing connections to the Internet are forced to go through the Tor network" and "no trace is left on local storage devices unless explicitly asked".

• Don't post it on Indymedia, post it on wikipedia or blogspot or... well those two aren't that good, but cryptome is pretty secure and better security than Indymedia in a number of ways.

• Set up your own open publishing platform: the more the merrier.

• Don't post anywhere on the internet.

We take this opportunity to urge you to look out for workshops on internet security, and to read up on proxies, anonymisers and SSL.

We issued this statement when the server was seized last year:

Indymedia takes your privacy seriously and works hard to ensure that the strictest security measures are in place. However, while we hope that everybody trusts our commitment to protect our users - and thus our technical and security procedures - we also understand that the measures we take may not be easily understandable by non-techs. In this article we have therefore tried to explain some of the measures we take and why we take them. We end with a reiteration of our commitment to the global Indymedia Principles of Unity - and particularly want to highlight Principle 4:

4. All IMC's, based upon the trust of their contributors and readers, shall utilise open web based publishing, allowing individuals, groups and organisations to express their views, anonymously if desired.

We re-affirm that commitment to your security now, and we apologise for allowing a situation to develop where we did not inform you of the full picture. This article marks out our commitment to take steps to avoid allowing a similar situation to arise.