Gateway 303: Police Disinformation on UK Indymedia

What the above article and comment don't reveal is the extent that a few paranoid IMC UK admins systematically (and on a daily basis) log innocent users IP addresses in order to capture a few bad apples.

In this case, the IP address was entered manually. That is by no means the normal way that these anti abuse measures work. In fact, once turned on they log EVERY poster to the sites IP address during that period, so they can be matched to the user posting them.

Whilst people like Chris above insist that these IP addresses are only held temporarily in RAM, it is well known that Chris also keeps his own copy for personal 'fishing' expeditions (this is the term that was used by Chris at a recent network meeting -at that meeting, he also advocated turning IMC UK into an "attack site"). There was even once a comment in the admin screen of Mir that said "a few interesting catches today" made by, guess who. The evidence for this widespread abuse of the IMC UK site and retention of data is that Chris emailed a copy of this IP data (which includes at least one innocent users IP address as this was subsequently followed up - the person posting the comment that chris insisted had come from an 'agent of the state' had left their email address) from an article several years ago to another IMC admin (and who knows who else). He also emailed a copy of this data to someone unknown to him based in another country under the pretense of it being for the greater good.

The reason that non-Mir collectives are so opposed to this article isn't because of the content, rather that it doesn't make clear the distinction between the UK Indymedia site (that can and does log it's 'anonymous' posters IP addresses) and the regional collectives that don't use Mir and have special software installed on their servers so that it is impossible for them to do this even if they wanted to for any reason. It is a firmly held belief by the majority of IMC's around the world in the global Indymedia network that it is absolutely unacceptable to capture the private data of it's users under any circumstances.

A fitting analogy would be the previous government trying to force through ID cards and retention of personal data of UK citizens to combat 'terrorism' and for peoples own good - "if you've done nothing wrong you've got nothing to hide".

It is unfortunate that people such as those currently hijacking the UK admin system for their own purposes can't see past the reasons why people have been fighting so hard to stop them having the ability to capture users IP addresses. They try to dismiss these concerns as people 'trying to bury the story' when in fact we are trying to protect the anonymity of users of UK Indymedia. Now that this is public knowledge, the police could potentially at any time get hold of one of the numerous copies of this information that has been made and use it to prove that you have posted a story. The advice is simple, if you want to remain anonymous, don't use UK Indymedia, insist on posting to an IMC website that doesn't spy on it's own users.

Well, I guess certain people will think this comment has come from the police too. You could always check the IP logs though to find out couldn't you Chris.

Without wishing to engage in semantics, it is still the case that IP addresses are not being 'logged' by Mir sites . This implies that the system makes permanent records of these IP addresses (i.e. in a file). The anti-abuse controls do not function in this way. As stated in the post the IP addresses must be added manually from a temporary list *in memory* when the anti-abuse measures have been turned on. This list is continually reduced over a fixed length of time and completely destroyed when the features are turned off. This information could never be retrieved once its been removed from the system memory. The IP addresses are then used to filter posts so that repeat spam/malicious posts can be caught before they get published.

The use of this system is not 'systematic' or scoring large numbers of false-positives, but is targetted at identifying known (in the sense that it is known what kinds of posts are commented on or when there will be further posts following an initial post) malicious/spam posters.

It is also very mis-leading to imply that non-mir sites are not capable of logging IPs. Having 'special software' (is this documented anywhere? /what does this mean exactly?/ is this at the level of the CMS or lower down in the software stack? ) is not a complete guarantee that someone has not circumvented the system and is recording them in an automatic or manual way. Also, not logging IP addresses is not the be all and end all of security. Server-side logging is not the weak link in internet security , the bigger potential problems are packet and routing analysis by recently expanded state telecommunications surveillance programs. We could equally be asking why all the indymedia sites allow any connections which are not encrypted ? Indymedia has been very explicit in recommending its users make use of anonymising services and encrypted communications (as in the above posts). These are the only true guarantee of anonymity and confidentiality. To claim without qualification that non-mir indymedia sites offer you complete anonymity is incredibly dangerous and misleading for the privacy and confidentiality of internet users. That someone who appears to have knowledge of both UK admin and hyperactive admin (i.e. an admin of either Northern/London ) believes this is a poor reflection of the approach these sites may have to security. Given all this , there is probably the same chance of users of either sites compromising their anonymity /confidentiality.

It is arguable that this is also potentially a legal problem . In European law both sets of sites are in breach of data retention directives because they dont retain any logs for any length of time . So its probably not that. Saying you dont store logs is probably not adequate protection against seizure either , particularly if the polices objective is more to disrupt the site rather than try to get any information out of hardened encrypted servers (as we saw in the last server seizure). You are damned if you do and damned if you dont.

Ultimately, we also have an issue of trust. Users need to be able to trust those who are running the sites not to disclose information which compromises the confidentiality/anonymity of its users. There is a choice, for example, between more established sites with more people involved (UK) or smaller newer collectives (northern). An average user has no more reason to trust non-Mir sites over UK sites, all they have is the assurances of the respective admins. There are many more axes to trust than anti-spam measures. Again, on balance it is the users responsibility to guarantee their anonymity /confidentiality , a anti-spam measure makes relatively little difference to this.

I would ask other readers to take the more personal accusations with a pinch of salt . If the admin did indeed do the things described (as described) then we would certainly require action to be taken . However, the manner in which this anecdote is related here suggests there is probably another side to the story.

The comment above is a classic example of disinfo, it contains innacuracies which make it clear that it wasn't written by a IMC admin and it mixes true information with fabricated lies for a political purpose: DIVIDE AND RULE.

In fact it's such a classic example it probably deserves to go on this wiki page with another classic example:

 https://docs.indymedia.org/Local/ImcUkSheffieldDisinfo

Indymedia Ireland have in fact already banned and censored the Pink Panther, Mickey Mouse and Donald Duck !Mighty Mouse, Batman and Popeye “not recommended”and Bugs Bunny comic books “doubtful” !On February 2nd at 4 a.m., Indymedia Ireland will run out of cyberspace and IP addresses to ban or censor in Ireland. At least that’s what an Internet service provider is forecasting, based on a rate of about one million addresses every four hours.Technically Indymedia Ireland's time is up, despite its efforts to leave the minimum number of Irish footprints on Cyberspace. According to one of the numerous native Irish users who have had ISP's banned by Indymedia ireland, they won't be missed, " They joined the Wankers Club years ago anyway" she said. We tried to interview them on the matter at their offices, just recently located after years of being a top Irish secret mystery. Such a secret in fact that many suspected for years that it was located beside the Thames. Unfortunately we could only interview them through their letter box using a loud speaker.

We interviewed one of their censors called Iris through the letter box, who apparently is and Indymedia Ireland censor and a cybespace conservationist, who when asked about astroturfing in Ireland, appeared to be prone to bouts of over-excitement. We can, however, only speculate as to what exactly it is about astroturfing, provoked her to suggest that most of the censored Indymedia Ireland articles on astroturfing campaigns on all of Ireland's bogs, would be much improved by supplements with titles such as "Water Sports: Golden sand, Golden sun, Golden shower".

Please readers, don't misunderstand Ireland, no people alive, enjoy water more then the Irish. Indeed so much so, that some usually shower seven or eight times on a non-soft day, more at weekends. And while I can fully appreciate the thrill that mounting a jet-ski like Iris does at Indymedia Ireland might give, as the beast between her legs provokes a shattering, water-borne climax, I cannot fathom as to how it is connected with astroturfing issues raised, during the interview through Indymedia Ireland's office letterbox..

As we expressed my doubts to Iris through the lettebox, she became increasingly agitated. We had, she insisted, completely missed the point. The debate with Indymedia Ireland became increasingly acrimonious until, incredibly, a furious Iris pulled down her shorts and proceeded to urinate into an expensive Jasper Conran vase in their office, while another of Indy's censor apprentices lay on the floor licking his lips for abit of action.

I hardly need to add that Iris has been sent home pending psychiatric evaluation through a rear entrance. While we are prepared to admit a certain sympathy with some Indymedia people's love of the outdoor life, we must insist upon the following, Water sports are deadly in an Irish bog even for bogtrotters like Indymedia Ireland but then she was simply explaining Indymedia Ireland's activities and the possibilities of a golden shower while astro-skiing in a real Irish bog.

Meanwhile Hurricane Electric have launched Twitter and Facebook accounts that count down to what has been termed the “Indymedia Ireland IPcalypse.” Every device that is connected to the Internet gets a unique code called an IP address. The current system, IPv4, only supports about 4 billion individual IPv4 addresses. This obviously will mean a lot of work for Indymedia Ireland blocking and banning all of the numerous IP addresses censored in Ireland.

PC World’s Chris Head explained yesterday, some of these addresses are reusable. The problem, however, is that their one-time use counterparts, will eventually lead to the complete depletion of IP addresses and in Indymedia Ireland's case, cyberspace burnout and depletion. It is believed the editors at Indymedia are extremely disappointed, as they had hoped to surpass the record in Irish censorship, already set by the Irish Censorship of Publications Board, where Mighty Mouse, Batman and Popeye were “not recommended”and Bugs Bunny comic books were “doubtful”. Such was and still are the views of key members of censorship in Ireland, who continue to censor and ban ISP's of cartoon and freedom creators in Ireland. Indymedia Ireland have in fact already banned and censored the Pink Panther, Mickey Mouse and Donal Duck which were part of a treatise on cartoon production in Ireland.

Creative indigenous Irish artists censored by Indymedia Ireland, foresaw this problem long before Indymedia Ireland did and invented IPv6, a system that that uses both letters and digits to handle 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses, so Indymedia Ireland will have a lot of censorship work on their hands for the near future bearing in mind the mirrors and proxy's used by groups such as Wikileaks.

Hurricane Electric’s doomsday encourages native Irish Internet service providers to transition to that system. Fortunately IPv4 and IPv6 can co-exist during the transition despite being mostly incompatible. Developers are working on the transition and most operating systems install IPv6 by default. Many Irish writers still have some canned food and bottled water stacked up in case of a feared total blackout censorship of all writers in Ireland, so we should be OK either way, even if Indymedia Ireland ban all native Irish writers who are not part of their fascist collective, styled on the national socialist values of Paul Joseph Goebbels .- Irish Blog - http://bit.ly/IRISHcensored Please if you oppose censorship, re share and re-tweet this on Facebook & Twitter. More details @ Irish Blog