Skip to content or view mobile version

Home | Mobile | Editorial | Mission | Privacy | About | Contact | Help | Security | Support

A network of individuals, independent and alternative media activists and organisations, offering grassroots, non-corporate, non-commercial coverage of important social and political issues.

Comrades, beware of irresponsible web sites

TPTG | 17.11.2011 01:32 | Policing

A statement concerning the irresponsible practice of Libcom.org

An aspect of the whole “Aufhebengate” issue ( http://www.indymedia.org.uk/en/2011/10/486344.html,  http://www.indymedia.org.uk/en/2011/10/486740.html) which is really important and extremely dangerous for all came to the fore recently. During a controversy on a thread on Libcom, admin Ed wrote: “avantiultras shares an IP address with dr.faustus whose sole activity is TPTG-related”. This brought to our attention the fact that Libcom “tracks all visits with log files”. For those who are not knowledgeable on the technical details, this means that the IP address of every person who visits Libcom is logged for an indefinite period of time in the logs (and surely for more than one month since our last visit occurred on 13/10/2011). According to Wikipedia, “an Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: ‘A name indicates what we seek. An address indicates where it is. A route indicates how to get there.’” In other words, the emergency services for which their cop collaborator friend works can utilize this address to determine the exact physical location of the residence, the workplace or the social space where the computer which was used by any member of Libcom in order to post an article, to post a comment or just to visit the site resides! This is obviously an extremely dangerous practice. For example, Athens Indymedia stores such logs only for 2 hours in order to protect the people who contribute to or just visit their site. The only reason why they keep such logs for 2 hours is to block spammers, malicious posters and trolls. In the case of UK Indymedia, things get even clearer: “Indymedia has in the past attracted the attention of authorities, that have occasionally tried to request logs of whom is accessing the web site and have in one occasion seized without any explanation our server. We believe in the right to anonymous political speech and therefore we do not keep logs that could provide any such information. Still, we advise indymedia readers that are concerned about the privacy of their reading and posting habits to hide them by using anonymizing services, like Tor or using SSL encrypted connections.” ( http://www.indymedia.org.uk/en/static/security.html, the emphasis is ours)

The justification given by Libcom about the practice they follow ( http://libcom.org/notes/legal-notes) looks odd and suspicious: “Libcom.org respects our users privacy and will not release any information on users under regular circumstances. We track visits with log files. Libcom.org uses this information only to determine which pages are the most popular and least popular, and to detect any problems with the site. Libcom.org will not pass on any information collected from our users to a third party”. First of all, we really wonder what is meant with the term “regular circumstances”. Is “Aufhebengate” an “irregular circumstance” that would permit the release of information collected from us to their cop consultant friend, John Drury, a member of Aufheben? What are the measures taken by the Libcom group in order to prevent police authorities (and people so closely connected to these authorities like JD) to acquire these really sensitive data? How can they assure that “Libcom.org will not pass any information collected from [their] users to a third party”, when they have been proven to be fervent admirers of cop consultants and they have a “don’t worry, be happy” attitude towards the graded policing guidelines of Drury & Co. (which include use of intelligence, the kettling of ‘trouble-makers’ in demos etc. etc.) ? What will they do if they receive a search warrant?

What looks even more suspicious is the explanation given for the retention of these data: “Libcom.org uses this information only to determine which pages are the most popular and least popular, and to detect any problems with the site”. Anyone who has the slightest technical expertise knows very well that the logging of IP addresses is completely useless for keeping statistics on the popularity of the pages and for the “detection of problems with the site”. Statistics could be easily kept after discarding all relevant identifying information such as the IP address. Further, it’s totally clear for any IT professional that the detection of technical problems with the site has no relation whatsoever with the logging of the IP addresses. The error/debugging messages generated by the software platform (Drupal, SQL, etc.) would completely suffice after the discarding of all identifying (and incriminating) information.

Therefore, we would advise all future users of Libcom to be extra cautious when using this totally irresponsible, to say the least, web site and forum.

TPTG

TPTG
- e-mail: tptg@tptg.gr
- Homepage: www.tptg.gr

Comments

Hide the following 23 comments

Libcom

17.11.2011 07:14

Since when did Libcom have any credibility at all? Only a fucking idiot would post there.

Anarchist


Libcom - not an anarchist site

17.11.2011 09:39

Ugly little website, run by ugly little people. Gives libertarian communism a bad name

Captain anarchy


well...

17.11.2011 10:32

" What looks even more suspicious is the explanation given for the retention of these data: “Libcom.org uses this information only to determine which pages are the most popular and least popular, and to detect any problems with the site”. Anyone who has the slightest technical expertise knows very well that the logging of IP addresses is completely useless for keeping statistics on the popularity of the pages and for the “detection of problems with the site”. Statistics could be easily kept after discarding all relevant identifying information such as the IP address. Further, it’s totally clear for any IT professional that the detection of technical problems with the site has no relation whatsoever with the logging of the IP addresses. The error/debugging messages generated by the software platform (Drupal, SQL, etc.) would completely suffice after the discarding of all identifying (and incriminating) information. "

Well, it's not that suspicious, really.
1. If a popular page is defined as one that is visited many times by MANY people, than it is rather necessary to track the IP addresses. For example, if a single person visits a page a million times, does this make the page popular??
2. To solve some technical problems, it is essential to have a log of visiting IP addresses. Example: Distributed Denial of Service is a certain attack on websites which has a bunch of "infected" computers send continuously a lot of requests to the web server hosting the site, thus bringing the server down (the server will spending most of its time serving those requests rather than serving benign requests from users). In order to handle such an attack, the admin should blacklist the problematic IP addresses, which is again done with the help of logs.

Of course, I fully agree with the dangers and the problems involved with a web site storing your personal data (such as your IP address) and in this case users can use ip tunneling techniques to avoid their address being logged on the server. For more, check www.torproject.org or www.i2p2.de

me


Me again

17.11.2011 10:36

Sorry, don't want to make a fuzz or anything.

SQL is not a software system, it's a computer language used for managing data in databases :)

And would like to take the opportunity to stress what I believe to be crucial: people should reaally learn about issues with anonymity when using the web and try as best to stay anonymous and hidden as possible. SImply switching to private browsing doesn't work.

me


Under regular circumstances - WTF!!?

17.11.2011 10:58

given libcom's pathologicval distaste for the anarchist movement, and anarchists in genera,l and their rather 'well connected' backgrounds isn't the adjunct "under regular circumstances" incredibly disturbing. Given these people hold an incredible amount of prvileged information - libcom is essentially a private website with no responsibility to the wider political movement, shouldn't we be taking this a little more seriously?

Well done to TPTG for highlighting these issues.

Hooked Bell


technical info

17.11.2011 11:01

1. In order to keep the statistics, of course you don't need to track the IP addresses, you could use something as simple as using the cryptographic hash code ( http://en.wikipedia.org/wiki/Cryptographic_hash_function) of the IP address when you count the visits.

2. About the DDOS attack, what you say is also wrong. In order to respond to a DDOS attack, logs of all the visits to a site from the day of its creation are totally useless. What you need is a DOS Defense System which blocks the attacking IPs without logging every activity in the site!

It's suspicious that you say it isn't suspicious!

it


re: tech info

17.11.2011 12:34

No need to be paranoid. I'm simply trying to shed some light on the matter with logging user data in a general case. I'm also trying to explain to myself when (if at all) it's useful to have such log data.

1. I agree on hashing the addresses, makes quite good sense.
2. What if: server's not completely down, but quite slow with responding to user requests. If you, the admin, detect that something's wrong with the server, you could use tools (like netstat, etc.) to determine current connections, rate of requests and other stuff, and manage to block the attacking IPs. What is you're away at the moment and need to investigate later, when the attack has terminated? How would you really see what connections there were, where the attack originated from?
3. What if somebody hacks the website, messes it up completely and takes your private data? How would you track the guy's actions, what hidden door he came from and so on? In case of somebody hacking, for example, riseup.net private mailing lists and stealing all e-mails, this will be bad.
4. I didn't mention anything about storing everything from day 0. While I fully support anonymous web surfing and data privacy, I do believe that some kind of logging is necessary for good functioning of a web site. I believe IPs and other user data should be logged on some regular basis for a short period of time, to check if everything is OK, and then delete all logs, thus keeping nothing most of the time. For example, riseup.net's policy is that they don't log any user IPs, except for troubleshooting purposes (or this is the way I interpret "For troubleshooting, we may enable increased logging for brief periods of time") and after the troubleshooting period is over, all logged data is deleted.

I believe the main problem is, as this article states, with the sentence "Libcom.org respects our users privacy and will not release any information on users under regular circumstances" and how the term "regular circumstances" is handled. As well as the fact they constantly store user data. The problem is, how many websites can you think of that do not log user data?

me


cryptographic hash - not a good idea

17.11.2011 14:38

As there are a very limited number of IP addresses, I'm sure it would be possibly to brute force all of them fairly quickly. So hashing them won't really buy you much.

Anyway, the people you want to be worried about will be tracking the IP addresses further upstream, so whether libcom themselves store any IP addresses isn't that relevant.

anon


Libcom 10 - who are they?

17.11.2011 14:46

we know aufheben's relationship to the state and libcom's close relationship to aufheben but can anybody give any insight into libcom's relationship to the state? We know there are ten admin's who control and run the site - what are their backgrounds, histories, current status?

From an outsiders perspective i alway thought they were just a bunch of frustrated kids angry at the anarchist movement, hence their pre-disposition to slag off any all and groups in a rather unsavoury manner.

There is obviously a lot more to the website than merely name calling. Can we have something concrete of the libcom 10?

xax


er what?!

17.11.2011 16:29

I have lost all respect for TPTG in this debacle. They were caught lying about the identity of someone who claimed to be an ultra football fan in Verona (where the ultra's are famous for their fascism) but then turned out to be TPTG. They went slightly mad saying that an article on the riots Aufheben published, written by someone who doesn't even live in Brighton and isn't part of Aufheben, was actually written by J - with no basis whatsoever. So now they turn to paranoia; it's thoroughly depressing.

I imagine all these comments slagging off libcom are written by people who haven't looked into the evidence on this matter at all.

baffled


@ xax

17.11.2011 16:43

xax said:
"we know aufheben's relationship to the state and libcom's close relationship to aufheben but can anybody give any insight into libcom's relationship to the state? We know there are ten admin's who control and run the site - what are their backgrounds, histories, current status?

From an outsiders perspective i alway thought they were just a bunch of frustrated kids angry at the anarchist movement, hence their pre-disposition to slag off any all and groups in a rather unsavoury manner.

There is obviously a lot more to the website than merely name calling. Can we have something concrete of the libcom 10?"

Only on indymedia...

I'm also coming from an outsiders perspective (although I've met one or two of them, neither of whom were 'kids'). They obviously don't slag off all groups, given some of them are in groups. The profiles of the admins clearly show this on their site, and they also show the occupations and political histories of the admins. Hope that clears things up :)

On a real, don't throw about accusations of people having relationships to the state. Libcom might have strong political criticisms of certain anarchist-y groups, but they don't go about saying they have a relationship to the state.

"There is obviously a lot more to the website than merely name calling." Yeah, there is. It has a fantastic library full of books, essays, reports, news, etc. from a libertarian communist perspective - unmatched in the English speaking world I reckon. If they are state assets, I think we should be very grateful for them ;)

P.S. My personal favourite bit in xax's post is calling the libcom admins the 'libcom 10'.

mint


Libcom owner

17.11.2011 17:02

The brave and courageous salt-of-the-earth character known as 'Captain Anarchy' -  http://www.telegraph.co.uk/news/uknews/law-and-order/8423532/Captain-Anarchy.-Key-Labour-figures-sons-behind-the-violent-breakaway-cuts-protests..html

He takes your security as seriously a7 he does his own.

John Blair


Who to trust?

17.11.2011 17:25

So, who's more unsavoury - the person that the mainstream press see as being enough of a threat that they publicly smear him, or the people who smugly take pleasure in the Tory press publicly smearing comrades? I don't have any love for cop consultants, but gloating about the media redbaiting other anarchists is just fucked.

Anon


Mint royale

17.11.2011 18:02

never trust a hipster as the saying goes

Watch Me Burn, Mother


Libcom are not "comrades"

17.11.2011 18:20

first oiff this guy isn't a "comrade" he is a grade A cunt. His dad was involved in the blair government ffs - how privileged do you want to go? The point is what other of the libcom cunts have got dodgy backgrounds?

Fucking mint!

John Bowden's Fridge


sore losers

17.11.2011 18:54

TPTG are just sore that they got caught out setting up a fake account to agree with themselves pretending to be a football hooligan in pursuing their ridiculous vendetta against Aufheben

LOL


response

17.11.2011 20:40

@me

As I told you before, you need an DOS Defense System / Intrusion Detection System which could log only the malicious / attacker IP addresses

@anon

1. In order to generate the hash you could use as an input a result of the XOR on a relatively big number of bytes from the article's data and the IP address (repeated as many times as it is necessary as a sequence of bits) in order to make the brute force attack infeasible. Therefore, the problem you mention can be easily resolved.

2. Tracking the IP addresses further upstream entails real-time eavesdropping which is a totally different issue. The issue here is about the practices of a so-called libertarian communist web site.

it


Question...?

17.11.2011 21:18

can one of the libcom trolls tellus what the irregular circumstances would be, and what they would do with this information they have on their "comrades" under those circumstances? This is sersiously fucked.

JC


cryptographic hash

18.11.2011 10:57

it: "In order to generate the hash you could use as an input a result of the XOR on a relatively big number of bytes from the article's data and the IP address (repeated as many times as it is necessary as a sequence of bits) in order to make the brute force attack infeasible. Therefore, the problem you mention can be easily resolved."

Well they could spend ages writing a convoluted way of using some half-arsed way of hashing their IP address, but it would be very non-standard and difficult to integrate with other things. And maybe they aren't programmers or cryptographic experts?

Also, since an attacker would know the page content, they could still brute force it just by doing the same process with each IP address and seeing what matches. If the police confiscated the server, for example, they would be able to see the exact method used to generate the hashes.

Anyway, to generate the statistics you need to know things like unique IP addresses across different pages. If you've hashed the IP address with the page content you've lost that. You wouldn't be able to see a DOS attack from one IP that is hitting multiple pages, for example.

And various firewalls along the way probably store IP addresses in their caches for at least some time...

And even if someone says they don't log IP addresses, or that they hash the IP addresses according to some easily-broken scheme like you suggest, you shouldn't trust them anyway if you really need privacy. Use something like Tor to hide your real IP address, as someone else suggested.

anon


bad bad

18.11.2011 20:32

>> 1. In order to generate the hash you could use as an input a result of the XOR on a relatively big number of bytes from the article's data and the IP address (repeated as many times as it is necessary as a sequence of bits) in order to make the brute force attack infeasible. Therefore, the problem you mention can be easily resolved.


piece of piss to reverse engineer.
Visit with a known IP address, spot the hash code. Repeat 10 times and then spot the pattern.
XOR is not a crypto method of any worth because it is reverse engineerable.

die hard III


re: bad bad

19.11.2011 12:00

I agree the hashing is a bad idea, but I don't really understand your point. The XOR isn't used for the hashing, it's more like a "salt" so that hashing the same IP address doesn't give the same hash for different pages. Which of course makes it completely useless for its purpose anyway...

Plus the added issue that anyone seizing the server would just have to perform the same XORing and hashing process on all 255^4 IP addresses (minus private networks) to identify the IP address, which wouldn't take very long at all.

enjoying this geeky pissing contest ;-)

anon


Response to libcon lies about TPTG

07.12.2011 07:17

If you check the following link:
 http://libcom.org/news/open-letter-tptg-06102011
and look at my November 20th comment underneath, you will see that when libcon said that dr.faustus and avantiultras were the same person, they were lying. Moreover, when I pointed this out, they locked the thread 15 minutes later, and seem to have deleted it as a link on their long endless list of "recent posts" (check out November 20th - the date I posted the comment - there's no mention of the TPTG's Open letter). But most important of all was the fact that they did not say I was lying in accusing them of lying, which would have drawn attention to the comment and, given that they've temporarily banned people for repeating "lies" would've meant I'd have been temporarily banned at that time (in fact, I was temporarily banned a few days later, but not apparently for "lying").
All this might seem fairly trivial and excessively detailed, but it's symptomatic of the deceitful manipulative power games libcon admin are increasingly developing. The whole of Aufhebengate indicates how unlibertarian significant sections of the "libertarian" Anglophone milieu is, and how many of these people could well be the politicians of the future, since they are playing politics in a crudely vicious way in the present, albeit on a very small scale.

Samotnaf
mail e-mail: dialecticaldelinquents@yahoo.co.uk


Technical discussion

09.01.2012 08:59

I've just read all the previous comments concerning the technical problems with keeping statistics without IP retention.

Well, friends there is a very easy and secure solution to this problem and due to the relatively short number of the IP addresses, it is not the cryptographic hash code but plain and simple Public-Key Cryptography. The use of a strong algorithm such as RSA encryption on the IP address and some metadata of each post would make the analysis of the data by the emergency services really difficult. The private key could just be destroyed...

Further, I do not understand a word of what is being said in relation to stats. If I understood well the issue here is to keep stats about the popularity of the pages. Well then you do not need track different users across different pages. A unique combination of the user with the page is more than adequate. Therefore, the method described above (RSA cryptography) is fully functional.

Finally, I am really puzzled with what is being said about the DDOS attacks. Be serious! This is totally irrelevant with tracking the IP addresses of all visits. You just need to block the IP addresses that follow specific traffic patterns. There are specific systems for that and their functionality has no relation whatsoever with IP logging!

In any case, DDOS attacks are usually handled by the ISP and not by the administrator of a web site.

I would agree with a previous commenter that It's really fishy that some people try to backup IP logging with such fervor using arguments related with statistics or DDOS attacks!

profi


Upcoming Coverage
View and post events
Upcoming Events UK
24th October, London: 2015 London Anarchist Bookfair
2nd - 8th November: Wrexham, Wales, UK & Everywhere: Week of Action Against the North Wales Prison & the Prison Industrial Complex. Cymraeg: Wythnos o Weithredu yn Erbyn Carchar Gogledd Cymru

Ongoing UK
Every Tuesday 6pm-8pm, Yorkshire: Demo/vigil at NSA/NRO Menwith Hill US Spy Base More info: CAAB.

Every Tuesday, UK & worldwide: Counter Terror Tuesdays. Call the US Embassy nearest to you to protest Obama's Terror Tuesdays. More info here

Every day, London: Vigil for Julian Assange outside Ecuadorian Embassy

Parliament Sq Protest: see topic page
Ongoing Global
Rossport, Ireland: see topic page
Israel-Palestine: Israel Indymedia | Palestine Indymedia
Oaxaca: Chiapas Indymedia
Regions
All Regions
Birmingham
Cambridge
Liverpool
London
Oxford
Sheffield
South Coast
Wales
World
Other Local IMCs
Bristol/South West
Nottingham
Scotland
Social Media
You can follow @ukindymedia on indy.im and Twitter. We are working on a Twitter policy. We do not use Facebook, and advise you not to either.
Support Us
We need help paying the bills for hosting this site, please consider supporting us financially.
Other Media Projects
Schnews
Dissident Island Radio
Corporate Watch
Media Lens
VisionOnTV
Earth First! Action Update
Earth First! Action Reports
Topics
All Topics
Afghanistan
Analysis
Animal Liberation
Anti-Nuclear
Anti-militarism
Anti-racism
Bio-technology
Climate Chaos
Culture
Ecology
Education
Energy Crisis
Fracking
Free Spaces
Gender
Globalisation
Health
History
Indymedia
Iraq
Migration
Ocean Defence
Other Press
Palestine
Policing
Public sector cuts
Repression
Social Struggles
Technology
Terror War
Workers' Movements
Zapatista
Major Reports
NATO 2014
G8 2013
Workfare
2011 Census Resistance
Occupy Everywhere
August Riots
Dale Farm
J30 Strike
Flotilla to Gaza
Mayday 2010
Tar Sands
G20 London Summit
University Occupations for Gaza
Guantanamo
Indymedia Server Seizure
COP15 Climate Summit 2009
Carmel Agrexco
G8 Japan 2008
SHAC
Stop Sequani
Stop RWB
Climate Camp 2008
Oaxaca Uprising
Rossport Solidarity
Smash EDO
SOCPA
Past Major Reports
Encrypted Page
You are viewing this page using an encrypted connection. If you bookmark this page or send its address in an email you might want to use the un-encrypted address of this page.
If you recieved a warning about an untrusted root certificate please install the CAcert root certificate, for more information see the security page.

Global IMC Network


www.indymedia.org

Projects
print
radio
satellite tv
video

Africa

Europe
antwerpen
armenia
athens
austria
barcelona
belarus
belgium
belgrade
brussels
bulgaria
calabria
croatia
cyprus
emilia-romagna
estrecho / madiaq
galiza
germany
grenoble
hungary
ireland
istanbul
italy
la plana
liege
liguria
lille
linksunten
lombardia
madrid
malta
marseille
nantes
napoli
netherlands
northern england
nottingham imc
paris/île-de-france
patras
piemonte
poland
portugal
roma
romania
russia
sardegna
scotland
sverige
switzerland
torun
toscana
ukraine
united kingdom
valencia

Latin America
argentina
bolivia
chiapas
chile
chile sur
cmi brasil
cmi sucre
colombia
ecuador
mexico
peru
puerto rico
qollasuyu
rosario
santiago
tijuana
uruguay
valparaiso
venezuela

Oceania
aotearoa
brisbane
burma
darwin
jakarta
manila
melbourne
perth
qc
sydney

South Asia
india


United States
arizona
arkansas
asheville
atlanta
Austin
binghamton
boston
buffalo
chicago
cleveland
colorado
columbus
dc
hawaii
houston
hudson mohawk
kansas city
la
madison
maine
miami
michigan
milwaukee
minneapolis/st. paul
new hampshire
new jersey
new mexico
new orleans
north carolina
north texas
nyc
oklahoma
philadelphia
pittsburgh
portland
richmond
rochester
rogue valley
saint louis
san diego
san francisco
san francisco bay area
santa barbara
santa cruz, ca
sarasota
seattle
tampa bay
united states
urbana-champaign
vermont
western mass
worcester

West Asia
Armenia
Beirut
Israel
Palestine

Topics
biotech

Process
fbi/legal updates
mailing lists
process & imc docs
tech