Skip to content or view screen version

Hidden Article

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

Indymedia security

Hairy Strike | 28.11.2012 05:30

Once again Indymedia UK has been found harvesting IP details

It is with considerable regret we have had confirmation that Indymedia UK mods are once again recording and storing the IP details of posters. Moderator 'monkey wrench' wrote in an email,

" the site has been getting so much spam recently we have had no choice but to turn the IP capture option back on. Some of us were unhappy about this and at the very least felt we should make a statement so we don't repeat the whole 303 scandal"

As of now there is no statement on the site (US Mountain time 1030) and I for one don't expect there to be knowing the history of the mods on this issue.

Posters need to be aware of their history, Indymedia UK mods WILL pass your details to the cops if served with court orders.

Hairy Strike

Additions

Disinfo

28.11.2012 07:12

Hairy Strike claims that IP addresses are being recorded and stored. There is no truth in this. Nothing has changed since we wrote the Advocating Domestic Extremism - Cops on Indymedia - An Exposé feature in early 2011. As we stated then:

...the CMS system we use has a number of anti-abuse measures which include the ability to monitor for particular IP addresses and log their behaviour. The key here is that IP addresses are never written to the hard disk - they are briefly held in the RAM (i.e. temporary) memory only. Only when particular IP addresses are identified as persistent abusers are they applied to filters. There remains no general practice of logging each and every user. Once the anti-abuse measures are turned off, any IP addresses identified are automatically wiped from the virtual memory and, as they were never written to the hard disk, no amount of forensics would ever be able to find them.

So, what is true is that the anti-abuse measures have indeed been used to protect the site against a sea of spam in Turkish, by blocking the IP addresses from which they were coming.

What is not true is Hairy Strike's claim that: "Posters need to be aware of their history, Indymedia UK mods WILL pass your details to the cops if served with court orders. "

because we don't have your details, and neither do we have any history of, nor interest in passing anything to the cops. And in any case, we can't give something we don't have.

What is also true is that most posts to the wire are of no interest to the cops in the first place. We have always advised anyone who is posting sensitive information to the wire to take steps to protect themselves and their privacy:

Here's what we wrote in the feature. The advice still stands:

Be Cleverer than NETCU - mask your identity.

Posts on Indymedia have often urged people to protect themselves from the cameras and Police Intelligence Units by masking up at public demonstrations. Those activists who have taken steps to avoid detection of covert actions before, during and after they take place, are well advised to take other steps to avoid detection when posting about those actions . This is because we know that we cannot guarantee that there are not other ways for the state to trace your computer activity.

In our post-server seizure article in February 2009 we suggested the following steps to to improve your security when using the IMC-UK website:

  • Only post stuff to Indymedia that won't get you in trouble.
  • Use Tor - an application that allows you to anonymise your IP address. Bear in mind that it is not 100% safe - see these Tor caveats. The safest way to use Tor is probably via a live CD or USB stick, see the The (Amnesic) Incognito Live System, which is designed so that "all outgoing connections to the Internet are forced to go through the Tor network" and "no trace is left on local storage devices unless explicitly asked".
  • Don't post it on Indymedia, post it on wikipedia or blogspot or... well those two aren't that good, but cryptome is pretty secure and better security than Indymedia in a number of ways.
  • Set up your own open publishing platform: the more the merrier.
  • Don't post anywhere on the internet.

We take this opportunity to urge you to look out for workshops on internet security, and to read up on proxies, anonymisers and SSL.

We issued this statement when the server was seized last year:

Indymedia takes your privacy seriously and works hard to ensure that the strictest security measures are in place. However, while we hope that everybody trusts our commitment to protect our users - and thus our technical and security procedures - we also understand that the measures we take may not be easily understandable by non-techs. In this article we have therefore tried to explain some of the measures we take and why we take them. We end with a reiteration of our commitment to the global Indymedia Principles of Unity - and particularly want to highlight Principle 4:

4. All IMC's, based upon the trust of their contributors and readers, shall utilise open web based publishing, allowing individuals, groups and organisations to express their views, anonymously if desired.

We re-affirm that commitment to your security now, and we apologise for allowing a situation to develop where we did not inform you of the full picture. This article marks out our commitment to take steps to avoid allowing a similar situation to arise.

This article has therefore been hidden as inaccurate.

ftp