“You're in charge but don't touch the controls.”
IMC linksunten (South-West Germany) | 30.01.2011 20:37 | Indymedia | Repression | Technology | World
every time they left the Mir space station for a spacewalk, 1996
Indymedia UK, one of the oldest Indymedia websites worldwide, will fork in two projects by the 1st of May 2011 [1]. A contentious point was IP monitoring [2] by uk.indymedia.org which led to a fierce controversy [3] | [4] | [5] | [6]. Both the British Indymedia website and de.indymedia.org run on the content management system Mir [7] and de.indymedia.org logs IPs temporarily, too. But what exactly does that mean?
“You're in charge but don't touch the controls.”
The Mir programmers built functions into the software to monitor and filter IP addresses. It could nevertheless be prevented that IP address reach Mir, this is done by removing them on a server level. But that has not been done by uk.indymedia.org nor by de.indymedia.org in the last couple of years.
In fact, it would be possible to built in backdoors to monitor IP addresses secretly for system admins (called root in unix-like systems) with bad intentions. However, with Mir it is possible for all moderators to access the functions to monitor IP addresses if they are not removed at a server level. That's because the programmers of Mir unfortunately didn't integrate permission management into the software. Thus, access to sensitive functions and data cannot be restricted and so every moderator can access everything.
Until spring 2008 and probably until now, the most recent 80 IP addresses from where articles or comments have been posted are being temporarily stored in RAM by the Mir-system used on de.indymedia.org. This data is being used to set up IP filters, e.g. to automatically hide spam or Nazi articles being posted from specific IP addresses.
While the IP addresses aren't stored on the hard disk permanently, it's still possible for moderators to check the most recent 80 IP addresses for the time they are kept in RAM. Usually it's under 240 postings a day, so a moderator would have to check this list only three times a day to get the IP addresses of all postings on de.indymedia.org and – with bad intentions – copy and save them.
But also without bad intentions those IP filters regularly produce false positives and good content gets hidden for being posted from a filtered IP address. It happens regularly for example that Tor exit nodes, VPNs or proxies are being blocked. But because IP monitoring has been kept secret for many years, this collateral damage couldn't be explained to affected users. Not all censorship was intended.
But worse than the IP monitoring itself, are the long years of silence by the moderators of Indymedia Germany. At least since the end of 2007, the later excluded Freiburg moderation collective, criticised the temporary logging of IP addresses. They proposed to disable the IP monitoring at the national meeting in November 2007 in Freiburg. The proposal was blocked by other moderators.
The subject was raised in public at the beginning of 2010 on a mailing list of IMC linksunten [9] and shortly afterwards on the global communication list of the Indymedia network [10]. IMC Germany has ignored the criticism. And it cannot even claim to have monitored the IP addresses to uncover agents provocateurs of the state. In the UK, it has been discovered through IP filters [11] that some postings by state agencies led to criminalisations and even police raids and server seizures.
In general, activists have to look after their security [12] by using services like Tor [13] or VPN [14]. However, IP addresses are being removed on server level [15] by linksunten.indymedia.org as it is being done by IMC Bristol [16]. On top of this, we have disabled IP-Logging in our software Drupal [17].
In October 2005, IMC Sydney [18] proposed an amendment to the Principles of Unity [19] of the Indymedia network. They proposed that no Indymedia site should log user data. This proposal was raised again in January 2011 by IMC Nantes [20] and extended by IMC Northern England [21]. We support this initiative [22].
Indymedia should not log IP addresses!
IMC linksunten (South-West Germany)
Communiqué from 30.01.2011
[1] https://www.indymedia.org.uk/en/2010/12/470678.html
[2] https://www.indymedia.org.uk/en/2011/01/472622.html
[3] https://www.indymedia.org.uk/en/2011/01/472618.html
[4] https://www.indymedia.org.uk/en/2011/01/472719.html
[5] https://london.indymedia.org/articles/7018
[6] https://nottingham.indymedia.org.uk/articles/921
[7] https://docs.indymedia.org/view/Devel/MiR
[8] http://de.indymedia.org/2009/12/269514.shtml
[9] https://lists.indymedia.org/pipermail/imc-linksunten/2010-February/0225-na.html
[10] https://lists.indymedia.org/pipermail/imc-communication/2010-February/0225-05.html
[11] https://www.indymedia.org.uk/en/2011/01/472575.html
[12] http://www.activistsecurity.org/
[13] https://www.torproject.org/
[14] https://we.riseup.net/riseuphelp/testing-personal-vpn
[15] https://code.autistici.org/trac/privacy/browser/trunk/libapache-mod-removeip/upstream/trunk/README
[16] https://bristol.indymedia.org/article/703042
[17] https://drupal.org/node/359066
[18] https://lists.indymedia.org/pipermail/imc-communication/2005-October/1019-tg.html
[19] https://docs.indymedia.org/view/Global/PrinciplesOfUnity
[20] https://lists.indymedia.org/pipermail/imc-process/2011-January/0109-10.html
[21] https://lists.indymedia.org/pipermail/imc-process/2011-January/0116-q4.html
[22] http://lists.indymedia.org/pipermail/imc-linksunten/2011-January/0130-42.html
IMC linksunten (South-West Germany)
Homepage:
http://linksunten.indymedia.org/en
Comments
Hide the following comment
"A contentious point was IP monitoring"
31.01.2011 14:02
Cobblers. Not a word was uttered about it until the 303 feature was proposed at the Bristol network meeting. More like a stick to beat some people with really.
Insider