Skip Nav | Home | Mobile | Editorial Guidelines | Mission Statement | About Us | Contact | Help | Security | Support Us

World

“You're in charge but don't touch the controls.”

IMC linksunten (South-West Germany) | 30.01.2011 20:37 | Indymedia | Repression | Technology | World

Shannon Lucid, recounting what the two Russian cosmonauts told her
every time they left the Mir space station for a spacewalk, 1996

Indymedia UK, one of the oldest Indymedia websites worldwide, will fork in two projects by the 1st of May 2011 [1]. A contentious point was IP monitoring [2] by uk.indymedia.org which led to a fierce controversy [3] | [4] | [5] | [6]. Both the British Indymedia website and de.indymedia.org run on the content management system Mir [7] and de.indymedia.org logs IPs temporarily, too. But what exactly does that mean?

“You're in charge but don't touch the controls.”
“You're in charge but don't touch the controls.”


Mir was developed [8] for Indymedia in 1999 and has made more than 10 years of independent media possible. The concept of Mir relies on a production server where content is posted and moderated and where static pages are produced and one or more mirror servers where the static pages are copied and then delivered to the users.

The Mir programmers built functions into the software to monitor and filter IP addresses. It could nevertheless be prevented that IP address reach Mir, this is done by removing them on a server level. But that has not been done by uk.indymedia.org nor by de.indymedia.org in the last couple of years.

In fact, it would be possible to built in backdoors to monitor IP addresses secretly for system admins (called root in unix-like systems) with bad intentions. However, with Mir it is possible for all moderators to access the functions to monitor IP addresses if they are not removed at a server level. That's because the programmers of Mir unfortunately didn't integrate permission management into the software. Thus, access to sensitive functions and data cannot be restricted and so every moderator can access everything.

Until spring 2008 and probably until now, the most recent 80 IP addresses from where articles or comments have been posted are being temporarily stored in RAM by the Mir-system used on de.indymedia.org. This data is being used to set up IP filters, e.g. to automatically hide spam or Nazi articles being posted from specific IP addresses.

While the IP addresses aren't stored on the hard disk permanently, it's still possible for moderators to check the most recent 80 IP addresses for the time they are kept in RAM. Usually it's under 240 postings a day, so a moderator would have to check this list only three times a day to get the IP addresses of all postings on de.indymedia.org and – with bad intentions – copy and save them.

But also without bad intentions those IP filters regularly produce false positives and good content gets hidden for being posted from a filtered IP address. It happens regularly for example that Tor exit nodes, VPNs or proxies are being blocked. But because IP monitoring has been kept secret for many years, this collateral damage couldn't be explained to affected users. Not all censorship was intended.

But worse than the IP monitoring itself, are the long years of silence by the moderators of Indymedia Germany. At least since the end of 2007, the later excluded Freiburg moderation collective, criticised the temporary logging of IP addresses. They proposed to disable the IP monitoring at the national meeting in November 2007 in Freiburg. The proposal was blocked by other moderators.

The subject was raised in public at the beginning of 2010 on a mailing list of IMC linksunten [9] and shortly afterwards on the global communication list of the Indymedia network [10]. IMC Germany has ignored the criticism. And it cannot even claim to have monitored the IP addresses to uncover agents provocateurs of the state. In the UK, it has been discovered through IP filters [11] that some postings by state agencies led to criminalisations and even police raids and server seizures.

In general, activists have to look after their security [12] by using services like Tor [13] or VPN [14]. However, IP addresses are being removed on server level [15] by linksunten.indymedia.org as it is being done by IMC Bristol [16]. On top of this, we have disabled IP-Logging in our software Drupal [17].

In October 2005, IMC Sydney [18] proposed an amendment to the Principles of Unity [19] of the Indymedia network. They proposed that no Indymedia site should log user data. This proposal was raised again in January 2011 by IMC Nantes [20] and extended by IMC Northern England [21]. We support this initiative [22].

Indymedia should not log IP addresses!

IMC linksunten (South-West Germany)
Communiqué from 30.01.2011


[1]  https://www.indymedia.org.uk/en/2010/12/470678.html
[2]  https://www.indymedia.org.uk/en/2011/01/472622.html
[3]  https://www.indymedia.org.uk/en/2011/01/472618.html
[4]  https://www.indymedia.org.uk/en/2011/01/472719.html
[5]  https://london.indymedia.org/articles/7018
[6]  https://nottingham.indymedia.org.uk/articles/921
[7]  https://docs.indymedia.org/view/Devel/MiR
[8]  http://de.indymedia.org/2009/12/269514.shtml
[9]  https://lists.indymedia.org/pipermail/imc-linksunten/2010-February/0225-na.html
[10]  https://lists.indymedia.org/pipermail/imc-communication/2010-February/0225-05.html
[11]  https://www.indymedia.org.uk/en/2011/01/472575.html
[12]  http://www.activistsecurity.org/
[13]  https://www.torproject.org/
[14]  https://we.riseup.net/riseuphelp/testing-personal-vpn
[15]  https://code.autistici.org/trac/privacy/browser/trunk/libapache-mod-removeip/upstream/trunk/README
[16]  https://bristol.indymedia.org/article/703042
[17]  https://drupal.org/node/359066
[18]  https://lists.indymedia.org/pipermail/imc-communication/2005-October/1019-tg.html
[19]  https://docs.indymedia.org/view/Global/PrinciplesOfUnity
[20]  https://lists.indymedia.org/pipermail/imc-process/2011-January/0109-10.html
[21]  https://lists.indymedia.org/pipermail/imc-process/2011-January/0116-q4.html
[22]  http://lists.indymedia.org/pipermail/imc-linksunten/2011-January/0130-42.html

IMC linksunten (South-West Germany)
- Homepage: http://linksunten.indymedia.org/en

Comments

Display the following comment

  1. "A contentious point was IP monitoring" — Insider

Publish

Publish your news

Do you need help with publishing?

/regional publish include --> /regional search include -->

World Topics

Afghanistan
Analysis
Animal Liberation
Anti-Nuclear
Anti-militarism
Anti-racism
Bio-technology
Climate Chaos
Culture
Ecology
Education
Energy Crisis
Fracking
Free Spaces
Gender
Globalisation
Health
History
Indymedia
Iraq
Migration
Ocean Defence
Other Press
Palestine
Policing
Public sector cuts
Repression
Social Struggles
Technology
Terror War
Workers' Movements
Zapatista

Kollektives

Birmingham
Cambridge
Liverpool
London
Oxford
Sheffield
South Coast
Wales
World

Other UK IMCs
Bristol/South West
London
Northern Indymedia
Scotland

Server Appeal Radio Page Video Page Indymedia Cinema Offline Newsheet

secure Encrypted Page

You are viewing this page using an encrypted connection. If you bookmark this page or send its address in an email you might want to use the un-encrypted address of this page.

If you recieved a warning about an untrusted root certificate please install the CAcert root certificate, for more information see the security page.

IMCs


www.indymedia.org

Projects
print
radio
satellite tv
video

Africa

Europe
antwerpen
armenia
athens
austria
barcelona
belarus
belgium
belgrade
brussels
bulgaria
calabria
croatia
cyprus
emilia-romagna
estrecho / madiaq
galiza
germany
grenoble
hungary
ireland
istanbul
italy
la plana
liege
liguria
lille
linksunten
lombardia
madrid
malta
marseille
nantes
napoli
netherlands
northern england
nottingham imc
paris/île-de-france
patras
piemonte
poland
portugal
roma
romania
russia
sardegna
scotland
sverige
switzerland
torun
toscana
ukraine
united kingdom
valencia

Latin America
argentina
bolivia
chiapas
chile
chile sur
cmi brasil
cmi sucre
colombia
ecuador
mexico
peru
puerto rico
qollasuyu
rosario
santiago
tijuana
uruguay
valparaiso
venezuela

Oceania
aotearoa
brisbane
burma
darwin
jakarta
manila
melbourne
perth
qc
sydney

South Asia
india


United States
arizona
arkansas
asheville
atlanta
Austin
binghamton
boston
buffalo
chicago
cleveland
colorado
columbus
dc
hawaii
houston
hudson mohawk
kansas city
la
madison
maine
miami
michigan
milwaukee
minneapolis/st. paul
new hampshire
new jersey
new mexico
new orleans
north carolina
north texas
nyc
oklahoma
philadelphia
pittsburgh
portland
richmond
rochester
rogue valley
saint louis
san diego
san francisco
san francisco bay area
santa barbara
santa cruz, ca
sarasota
seattle
tampa bay
united states
urbana-champaign
vermont
western mass
worcester

West Asia
Armenia
Beirut
Israel
Palestine

Topics
biotech

Process
fbi/legal updates
mailing lists
process & imc docs
tech