Skip to content or view mobile version

Home | Mobile | Editorial | Mission | Privacy | About | Contact | Help | Security | Support

A network of individuals, independent and alternative media activists and organisations, offering grassroots, non-corporate, non-commercial coverage of important social and political issues.

IMC UK Security Information


Browse using an encrypted connection

Indymedia UK values the principles behind open-publishing and is working towards completely anonymous publishing of media upon the website. One of the things that you can do to help this is browse the web site using an encrypted connection: this helps disguise who is posting to the site at any given time.

Why is this important?

We have tried to minimise what information can be found out about posters. Currently, Indymedia UK does not log ip addresses. However, it is possible for someone to monitor individuals who are using the site and check which time they visited Indymedia UK. If this corresponds to the time a certain article was posted, then whoever is doing the surveillance may get useful information. One way of diminishing this is to ensure that lots of people are connecting at the same time - hence, any one of them could be making a post or merely viewing the site.

What is an "encrypted connection"?

An encrypted connection between computers is used to hide the details of the information that is being transferred. For example, many organisations use encrypted connections when making or discussing financial transactions: you have probably used one if you've ever booked a ticket or used the bank online.

During the exchange, a third-party is used to verify that the website is who they say they are. There are many big corporate companies who sell identification-certificates - and procedures for acquiring them may be variable; such organisations are known as Certificate Authorities (CAs). Thus, it can be difficult to know whether to trust them or not (although often, one does not have a choice).

What are certificates?

Certificates are used to verify the identity of people or computers. In particular, certificates are needed to establish secure connections. Without certificates, you would be able to ensure that no one else was listening, but you might be talking to the wrong computer altogether!

What is a certificate authority?

Certificates are the digital equivalent of a government issued identification card. Certificates, however, are usually issued by private corporations called certificate authorities (CA). Indymedia UK for some of it's websites uses CA Cert (cacert.org), a free and non-profit certificate authority. For main website a Certificate issued by Gandi.net is used.

Unfortunately, you need to do a little work to get your software to recognize CA Cert as a certificate authority. Every CA has a 'root certificate' which identifies a particular organization as a certificate authority. Corporate CAs have their root certificates distributed with most of the major computer programs and operating systems, and are preconfigured in most web browsers. For CAcert, however, you need to manually install the cacert.org root certificate.

How do I install the cacert.org root certificate?

Alternately, you may wish to visit the CAcert root cert page.

Here are a few installation tutorials:

What happens if I don't install the root certificate?

Without the root certificate, for some of our websites such as lists.indymedia.org.uk email list server you will receive a security warning each time you attempt to establish a secure connection to them but this is no longer the case with indymedia.org.uk. You can usually choose to ignore this warning and accept the server's certificate on a temporary or permanent basis.

"That doesn't sound so bad", you might say. In the past, this is exactly what many users have done in order to use secure connections. But there are major problems with this:

  1. If people get in the habit of approving new server certificates every time they get a security warning, it completely defeats the purpose of having certificates in the first place.
  2. indymedia.org.uk has several different servers and a different certificate for each one. It is easier for users to install CA Cert as a certificate authority once, rather than approving each certificate one at a time.
  3. indymedia.org.uk actively wants to spread the adoption of CA Cert as a certificate authority, because it is also being used (or will be) by other parts of the indymedia network as well as other activist collectives and groups around the world.

I thought you were against authority?

We are, but the internet is designed to require certificate authorities and there is not much we can do about it. There are other models for encrypted communication, such as the decentralized notion of a "web of trust" found in PGP. Unfortunately, no one has written any web browsers or mail clients to use PGP for establishing secure connections, so we are forced to rely on certificate authorities. Some day, we hope to collaborate with other tech collectives to create a certificate (anti) authority.

What are the fingerprints of indymedia.org.uk's certificates

Some programs cannot use certificate authorities to confirm the validity of a certificate. In that case, you may need to manually confirm the fingerprint of the certificate.

This is the current (2015-03-24) certificate:

www.indymedia.org.uk SHA1 9D:7E:BF:68:C0:3D:B1:F2:4E:BC:4A:86:E5:44:90:EF:EA:B2:A6:75
www.indymedia.org.uk SHA256 95:D4:99:CD:88:36:6B:85:ED:52:C3:4C:84:12:BB:DA:60:43:4A:82:C9:4F:94:DD:5F:6A:94:A4:0B:25:1E:9C

Anonymous browsing: Tor

Indymedia has in the past attracted the attention of authorities, that have occasionally tried to request logs of whom is accessing the web site and have in one occasion seized without any explanation our server. We believe in the right to anonymous political speech and therefore we do not keep logs that could provide any such information. Still, we advise indymedia readers that are concerned about the privacy of their reading and posting habits to hide them by using anonymizing services, like Tor or using SSL encrypted connections.

Tor - Anonymous browsing

Download Tor

Tor is a decentralized network of computers on the Internet that increases privacy in Web browsing, instant messaging, and other applications. We estimate there are some 30,000 Tor users currently, routing their traffic through about 200 volunteer Tor servers on five continents. Tor solves three important privacy problems: it prevents websites and other services from learning your location; it prevents eavesdroppers from learning what information you're fetching and where you're fetching it from; and it routes your connection through multiple Tor servers so no single server can learn what you're up to. Tor also enables hidden services, letting you run a website without revealing its location to users.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. The Electronic Frontier Foundation (EFF) is backing Tor's development as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis. A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East. This diversity of users helps to provide Tor's security.

Tor is free/open source software and unencumbered by patents. That means anyone can use it, anyone can improve it, and anyone can examine its workings to determine its soundness. It runs on all common platforms: Windows, OS X, Linux, BSD, Solaris, and more. Further, Tor has extensive protocol documentation, including a network-level specification that tells how to build a compatible Tor client and server; Dresden University in Germany has built a compatible client, and the European Union's PRIME project has chosen Tor to provide privacy at the network layer.

Of course, Tor isn't a silver bullet for anonymity. First, Tor only provides transport anonymity: it will hide your location, but what you say (or what your applications leak) can still give you away. Scrubbing proxies like Privoxy can help here by dealing with cookies, etc. Second, it doesn't hide the fact that you're *using* Tor: an eavesdropper won't know where you're going or what you're doing there, but she or he will know that you've taken steps to disguise this information, which might get you into trouble -- for example, Chinese dissidents hiding from their government might worry that the very act of anonymizing their communications will target them for investigation. Third, Tor is still under active development and still has bugs. And, since the Tor network is still relatively small, it's possible that a powerful attacker could trace users. Even in its current state, though, we believe Tor is much safer than direct connections.

Please help spread the word about Tor, and give the Tor developers feedback about how they can do more to get this tool into the hands of people who need it, and what changes will make it more useful. Also, consider donating your time and/or bandwidth to help make the Tor network more diverse and thus more secure. Wide distribution and use will give us all something to point to in the upcoming legal arguments as to whether anonymity tools should be allowed on the Internet.

See Also

IMCUK, 01.01.2005 23:42

Upcoming Coverage
View and post events
Upcoming Events UK
24th October, London: 2015 London Anarchist Bookfair
2nd - 8th November: Wrexham, Wales, UK & Everywhere: Week of Action Against the North Wales Prison & the Prison Industrial Complex. Cymraeg: Wythnos o Weithredu yn Erbyn Carchar Gogledd Cymru

Ongoing UK
Every Tuesday 6pm-8pm, Yorkshire: Demo/vigil at NSA/NRO Menwith Hill US Spy Base More info: CAAB.

Every Tuesday, UK & worldwide: Counter Terror Tuesdays. Call the US Embassy nearest to you to protest Obama's Terror Tuesdays. More info here

Every day, London: Vigil for Julian Assange outside Ecuadorian Embassy

Parliament Sq Protest: see topic page
Ongoing Global
Rossport, Ireland: see topic page
Israel-Palestine: Israel Indymedia | Palestine Indymedia
Oaxaca: Chiapas Indymedia
Regions
All Regions
Birmingham
Cambridge
Liverpool
London
Oxford
Sheffield
South Coast
Wales
World
Other Local IMCs
Bristol/South West
Nottingham
Scotland
Social Media
You can follow @ukindymedia on indy.im and Twitter. We are working on a Twitter policy. We do not use Facebook, and advise you not to either.
Support Us
We need help paying the bills for hosting this site, please consider supporting us financially.
Other Media Projects
Schnews
Dissident Island Radio
Corporate Watch
Media Lens
VisionOnTV
Earth First! Action Update
Earth First! Action Reports
Topics
All Topics
Afghanistan
Analysis
Animal Liberation
Anti-Nuclear
Anti-militarism
Anti-racism
Bio-technology
Climate Chaos
Culture
Ecology
Education
Energy Crisis
Fracking
Free Spaces
Gender
Globalisation
Health
History
Indymedia
Iraq
Migration
Ocean Defence
Other Press
Palestine
Policing
Public sector cuts
Repression
Social Struggles
Technology
Terror War
Workers' Movements
Zapatista
Major Reports
NATO 2014
G8 2013
Workfare
2011 Census Resistance
Occupy Everywhere
August Riots
Dale Farm
J30 Strike
Flotilla to Gaza
Mayday 2010
Tar Sands
G20 London Summit
University Occupations for Gaza
Guantanamo
Indymedia Server Seizure
COP15 Climate Summit 2009
Carmel Agrexco
G8 Japan 2008
SHAC
Stop Sequani
Stop RWB
Climate Camp 2008
Oaxaca Uprising
Rossport Solidarity
Smash EDO
SOCPA
Past Major Reports
Encrypted Page
You are viewing this page using an encrypted connection. If you bookmark this page or send its address in an email you might want to use the un-encrypted address of this page.
If you recieved a warning about an untrusted root certificate please install the CAcert root certificate, for more information see the security page.

Global IMC Network


www.indymedia.org

Projects
print
radio
satellite tv
video

Africa

Europe
antwerpen
armenia
athens
austria
barcelona
belarus
belgium
belgrade
brussels
bulgaria
calabria
croatia
cyprus
emilia-romagna
estrecho / madiaq
galiza
germany
grenoble
hungary
ireland
istanbul
italy
la plana
liege
liguria
lille
linksunten
lombardia
madrid
malta
marseille
nantes
napoli
netherlands
northern england
nottingham imc
paris/île-de-france
patras
piemonte
poland
portugal
roma
romania
russia
sardegna
scotland
sverige
switzerland
torun
toscana
ukraine
united kingdom
valencia

Latin America
argentina
bolivia
chiapas
chile
chile sur
cmi brasil
cmi sucre
colombia
ecuador
mexico
peru
puerto rico
qollasuyu
rosario
santiago
tijuana
uruguay
valparaiso
venezuela

Oceania
aotearoa
brisbane
burma
darwin
jakarta
manila
melbourne
perth
qc
sydney

South Asia
india


United States
arizona
arkansas
asheville
atlanta
Austin
binghamton
boston
buffalo
chicago
cleveland
colorado
columbus
dc
hawaii
houston
hudson mohawk
kansas city
la
madison
maine
miami
michigan
milwaukee
minneapolis/st. paul
new hampshire
new jersey
new mexico
new orleans
north carolina
north texas
nyc
oklahoma
philadelphia
pittsburgh
portland
richmond
rochester
rogue valley
saint louis
san diego
san francisco
san francisco bay area
santa barbara
santa cruz, ca
sarasota
seattle
tampa bay
united states
urbana-champaign
vermont
western mass
worcester

West Asia
Armenia
Beirut
Israel
Palestine

Topics
biotech

Process
fbi/legal updates
mailing lists
process & imc docs
tech