|
Comment on this article |
View comments |
Email this Article
|
|
News :: Miscellaneous |
|
IP Logging/Tracking Explained and other Ethical and Privacy Issues |
Current rating: 0 |
by Zachary Miller
Email: zach (nospam) ucimc.org (unverified!) |
28 Jul 2002
Modified: 02 Aug 2002 |
|
This is an attempt to address some of the concerns raised by the recent (seemingly routine) announcement that IP tracking/logging had been turned on on the UCIMC website as per the emergency provisions of the website abuse abatement policy. |
|
|
|
Thank you |
by Paul Riismandel
paul (nospam) mediageek.org (unverified) |
Current rating: 0
28 Jul 2002
|
Thank you Zach for this honest and thorough explanation of the responsibilities of system administration and how the IMC tries to balance its ideals with the realities of the outside world.
We have built a community of trust within the IMC. It is not perfect, but you see it in action with our open, unlocked door, the hundreds of people we host at shows each week, and our open publishing system. In many cases this trust is built more on a benefit of a doubt than a strong earned trust. We don't know everyone who walks in the door or uses the site, but we choose to trust that they will be respectful or at least do no harm rather than assume that their intentions are malevolent.
Within our local community we have the ability to know each other face to face and by reputation. We can build stronger trust through sharing and discussion. Unfortunately it's much harder to do this on a world-wide basis over the 'net, though we do attempt it. The global IMC system, where the majority of participants have never met one another, is one such example.
Nevertheless there are people who choose to take advantage of that trust, and who thus inflict us with a tough question -- how do we protect what we have built while continuing our trust?
So far I think we've made a pretty good compromise that allows us to take emergency actions when we are being attacked while otherwise leaving the door open. I appreciate Zach's circumspection in double-checking his perceptions before taking action against an attack on our system. I also appreciate that he is reticent to yell "fire" to everyone before confirming he smells smoke. These are judgement calls, and I think he's doing a good job.
But this doesn't mean our compromise system is perfect. It might be improved. I might have to be changed. As long as we stay committed to having these things be the topic of dialog resolved by consensus, then I think we'll stay on the right path.
Finally, I do want to point out that our openness and trust does make us vulnerable in ways that it's tough to protect against without appearing to be clandestine. The U-C IMC's primary mode of communications is an e-mail list which can be read by anyone on the Internet because it is archived on the web (http://lists.cu.groogroo.com/mailman/archive/imc/). This keeps us extremely transparent, but it also means that it's very difficult to keep announcements and discussions strictly within our local most-trusted community (those people we know by face, reputation, sharing and friendship).
When we're being attacked on the Internet, unfortunately it's unwise to alert your attacker that you know you're being attacked and are taking steps to investigate it. Then your attacker is clued in and knows to cut it out until you let your defenses down. I hate to think this way, but the actions of others force us to. So if we alert the whole IMC by our mailing list then we've also revealed that alert to any potential attacker. Whether we like it or not, it creates quite a conflict between openness and protecting our system and resources from a real and true attack.
That is why initial reports about the attack to the IMC list were minimal and perhaps cryptic.
At the IMC Tech meeting last week we think we came up with a solution that sufficiently bridges the divide by communicating affirmatively and explicitly with our most trusted community while also limiting the reach of that communication. In the future, notification of attacks to our website will be made to all the e-mail addresses subscribed to the IMC list, but not to the list itself. So if you are a subscriber you will receive a direct e-mail, not forwarded to the list.
Recognizing that IMC is an open list to which anyone can subscribe, IMC Tech may choose to exclude addresses that cannot be immediately connected to someone within the community, and especially addresses that cannot be identified and have recently subscribed.
This was reported in the minutes of last week's tech meeting. If you have any comments, thoughts or concerns about this approach you are invited to come to any of our meetings (Wed. 6pm at IMC) or talk to any member of tech.
Although we have a strong on-line presence, we still privilege the real face-to-face world - -that is where all of our binding decisions are made. That is where our strongest trust is created. |
|
test comment |
by test comment
test (nospam) testing.123 (unverified) |
Current rating: 0
28 Jul 2002
|
|
testing |
|
Remember |
by mel
(No verified email address) |
Current rating: 0
28 Jul 2002
|
|
Basically, anything you now post to this Web site is discoverable and part of the public record. So if you don't want the police or others (Ashcroft, etc) to know about it, keep it to yourself. |
|
THat's Not New |
by ML
(No verified email address) |
Current rating: 0
28 Jul 2002
|
mel, you're being a little too paranoid about this.
The fact is, even before we began this brief period of temporary logging to verify the information we need to deal with the individual attempting to damage this website, the government could have, and may well have, been poking around. The usual state of disabled logging that is in effect here simply meant that they couldn't get that information from us, because we wouldn't have had it. If it comes down to a choice between allowing the pinhead that is trying to hack the site to disable it and worrying about a hypothetical warrant that the FBI might have for our logs, we'll deal with the problem of keeping the site up.
In any case, the government has NEVER been able to present a warrant that held up in court for an IMC's logs. They have been turned back each time and reminded to read the Constitution. Of course, this may not hold true in the future. Our government seems to have far more faith in repression than in democracy tehse days, but what else is new other than the blatant nature of the power grab. The problem you have to be concerned about is government spying outside the servers of the IMC. As Zach put it so well above, there has never been any real privacy on the Internet any farther than you can trust the people you know on the Internet. If you thought otherwise, it was only through your own ignorance. At least you know that you can trust the IMC with your info, which is not the case in the 99.9999% of the sites on the Internet, which is all the more reason to spend your time here, among friends and comrades.
As for that pesky government that is the real problem with privacy on the Internet, along with all those nosy corporations like Microsoft (who want to spy on your computer to make sure that you don't break any of their self-serving "rules" and "user agreements" designed to make them rich at your expense), the best thing you can do is get involved with IndyMedia, where we work hard everyday to break the government power monopoly and the corporate media's grasp on news monopolies.
Remember IndyMedia: Your Everyday Media Empowerment Factor! |
|
internet protocol |
by gehrig
(No verified email address) |
Current rating: 0
29 Jul 2002
|
ML: "The fact is, even before we began this brief period of temporary logging to verify the information we need to deal with the individual attempting to damage this website, the government could have, and may well have, been poking around."
Exactly. UCIMC can't log any information that isn't being sent through the net in a way which is already vulnerable to sniffing long before it reaches the UCIMC http port. And that includes unencrypted IP data. Think about it -- it couldn't be logged if it wasn't being sent there in the first place by your computer so that the pages you ask for can find their way back to you. That isn't melodrama, it's just fact.
@%< |
|
Short memories..or new confidence in civil liberties? |
by Marat
(No verified email address) |
Current rating: 0
02 Aug 2002
Modified: 03 Aug 2002 |
Interesting. Next the FBI asks for the server logs..what will Urbana IMC do..now that you've acknowleged that you are keeping them..even briefly ? Undoubtedly inquiring minds will want to know.
A quick look into IMC's past at http://www.indymedia.org:8081/fbi/
>>>>This is hidden because it's DAN SPAM<<<< |
