welcome to room threeohthree
Tagged as: 303 filters gateway indymedia ip logging logs schnews techNeighbourhoods: online uk
Did you read that article on SchNEWS and some IMC sites[1], pertaining that cops post on Indymedia UK? Wow, that is a big story, isn't it? Not surprising, really, any sensible person had been assuming that this is the case. But actually proving that cops have posted confidential information and have been acting as agent provocateurs on Indymedia UK? That is one hell of a story! Especially coinciding with the current revelations about the doings and screwings of undercover cops, embedded amongst dangerous activist outfits such as CIRCA.
Anyway, sadly it is just that: a story. Taking a closer look at the story, one thing is missing: there isn't any factual evidence.

Click on a thumbnail for a slideshow view
The problem is, when you talk about internet tech, you should take some time to research what this is all about. Unfortunately, SchNEWS starts into the story like this:
"It is clear from the consistency of
the usage of gateway-303 server that the IPs are probably assigned to
particular premises or else specific units within the UK Government.
One of the purposes of the GSI network is to provide a secure proxy
network behind which users can maintain their anonymity."
And from here it goes all wrong. With the assumption made that "gateway 303" means "somebody hiding" and "government", SchNEWS logically follows that behind gateway 303 is the police. It couldn't be more wrong. In fact, the purpose of the gatway is neither "to hide" nor is GSi assigned to Government units.
GSi (Government Secure Intranet) is an intranet/internet service for the public sector[2] and is indeed a programm started by the Government in 1998, at a time when many security measure for internet usage (such as digital signatures, encryption, DNS security) were not widely available. Therefore many governments started to offer the public sector network communication via a wide area network (WAN) which also provides access to the internet. By this organisations were able to transmit data between them within a closed network (and without any traffic going via other countries). Imagine this intranet as a large version of your home network, with a gateway similar to the DSL router you might have at home.
That infamous gateway is indeed the GSi's portal to the wider world. However, as much as we usually experience the government through the batons of it's police officers, in this case we there's many more involved: Jobcentres, Banks, Local Councils, companies who supply local services, the NHS, or - as a random example - the Brighton Tourism Board; and the project "Online Free School Meals" recently even won an award for participating.[3]
Gateway 303 can be found in numerous website logs, subversive websites
like asian wedding photos, italian hotels and electricians.
If you run an organisation which works in the public sector, you can
apply to take part in the program [4]. The service is described as
"The GSi Framework Agreement is a contract managed by Buying Solutions
providing a secure, highly available communications hub for the public
sector. The Framework provides access to email, web publishing, file
transfer, search facilities, directory services and secure access to
the public internet."
So basically: yes, someone is posting from inside the Government Secure
Intranet. But it might well be activists working in the establishment.
Maybe at a public library, or job centre, or tourism office. And just
maybe their bosses are now checking from what computer the Indymedia UK
website was accessed. Because they do keep logs. And just maybe, some
comrade is about to get into trouble for this. Let us hope that this is
not the case, and the over-zealous collecting and sharing of information
by individuals within Indymedia, SchNEWS, Fitwatch et al. has not caused
more damage than the general confusion and loss of trust.
A repeated argument that the supporters of 'going public' bring up when confronted with this utter lack of evidence is that information that could only have been known by cops was posted from that very same gateway.
Now, that information is not so secret, it's about someone getting
arrested and their personal details. News travel fast in the global
activist village, and people don't keep tabs on their personal info, but
spread it all over the place, on facebook, google, and elsewhere. Could
it have been posted by a cop? Yes it could. Would it be a major story if
it was? Hell yes. Do we have proof that this is what happened? Sadly,
not at all.
So are the cops posting on Indymedia?
We always assumed for that to be the case, very likely they do.
Do they leak information on Indymedia?
It's possible.
Do they try to use Indymedia to spread false information, to incite, to
divide the movement?
Again, we would be surprised if they didn't.
Do we have factual evidence of this?
No, we don't.
We have our suspicions and assumptions. But we had those long before SchNEWS had their 'I want to feel like a Guardian reporter for once and break a big story' moment.
Speaking of SchNEWS, it would be interesting to hear from them how they got this information. And why they published their article, in spite of the blocks within Indymedia. Obviously SchNEWS is not bound by blocks within Indymedia, and they should make up their own minds whether to publish information like this or not. However, as a fellow radical media organisation, the minimum to expect is that they give the arguments for the blocks a fair hearing. They did not. Much less did they attempt to cooperate with Indymedia on this story or have a dialogue with Imcist@s. Not only was this an example of bad journalism, where someone failed to do the research, but it is disregarding the basic foundations of grassroots organising. It's not what we would call solidarity. It's sad, we always had a lot of respect for SchNEWS and the work they have been doing. After this fuck up, they will have to work hard to earn that respect back.
So, after all this ranting, what's the story of this story? There's been
quite a bit of shouting about Indymedia UK finally coming clean about
keeping IP logs. This of course is utter bullshit. The Mir website at
indymedia.org.uk does not and never did keep IP logs. It has an IP
monitor, that can keep up to 80 IPs in temporary memory. Like when you
copy and paste something. That's stored temporarily, but it's not safed
permanently and disappears quickly, right?
So basically, it's a feature that was included as an anti abuse measure
for when the site gets spammed. Let's say there's lots of pictures of
cocks being posted. While cocks in themselves are not necessarily a bad
thing, that's not what Indymedia is there for. So if that was happening,
an admin could turn on IP monitoring. It would show that there were 10
posts of cock pics from a certain IP. That IP would be blocked (a filter
would be set on that particular IP) and the monitoring would be switched
off. If that happens, it's not a big deal, and it doesn't pose any kind
of serious thread to anyone.
Now the problem of that function is that it relies on the human end. It
relies on the admins being trustworthy people, because this function can
be abused. And that's what happened. Some admins abused their privilege
and did break the trust they were invested with.
It was proposed in Indymedia UK to disable the function because it could be abused in serious ways. Sadly this proposal was blocked by the very same people who wanted to go public with the revelations about gateway 303, the same admins who had been the only ones to actively use this feature.
If you look at the list of posts published, the earliest comments date
back to August 2008. This means some admin has been keeping information
about Indymedia contributors for at least 29 months. It is unclear where
this information was kept. Other UK Indymedia admins were not aware of
this happening. And it must have, at least in the beginning, been done
on the basis of a vague suspicion. As outlined above, a little research
shows the breadth of organisations using the Government Secure Intranet.
Looking through the earlier posts, there is no notion of internal
information that only a police officer would be privy to being posted.
They are random comments, just like any other. So on what basis was the
decision made to monitor these IP addresses? And who made this decision?
How are those who made those decisions, and acted on them, accountable to
Indymedia UK, the global Indymedia Network and the activist community?
In the end, the only thing we do have proof off is that rogue Imc UK admins were gathering information from the site, that they should not have accessed. They did so based on a suspicion, that they had no evidence for. We do not know what other IPs they might have come to suspect. Someone involved with a legal team or other infrastructure might post information which could look to an Imc admin like insider knowledge, and have ended up in their net of suspicious IPs to monitor and keep data of. This behaviour can easily threaten activists, and we will never know what other information was accumulated, only to be discarded later and not gone public with because the suspicion proofed to be unfounded.
This constitutes the real breach of trust here. Imc admins are invested
with access to information. This is done on the basis of the agreement
that they will safekeep the data they have access to and respect the
privacy of their users.
This is not to say that an investigation into the whole issues of cops
leaking information or acting as agent provocateurs online should not be
investigated. But it needs to be done without compromising the security
of Indymedia contributors. There are ways to do this, e.g. setting up
so-called honeytraps, websites specifically designed to collect this kind
of information, without jeopardising the privacy of activists. But it is
absolutely inacceptable that Indymedia is used for this kind of
investigation. It is not acceptable for any Indymedia site to be used
for collecting information about contributors.
The Imc volunteers who participated in this abuse of power and privilege
need to be asked to step down. All Indymedia sites have to come up with
clear privacy policies. We have to hold those people who are invested
with the responsibility, privilege and power over our infrastructure
accountable for their actions.
This is the problem with Indymedia UK: as a national website, the
average activist has a hard time to contact the people making editorial
and technical decisions. The only way to get in touch are email lists,
and it's hard to build trust and hold people accountable on email lists.
This was one of the ideas behind the decentralisation Indymedia
underwent in 2003: local Indymedia groups provide accountability.
Building trust happens on the streets, not on the web. If those
maintaining infrastructure operate in the vacuum of not being immersed
in a group, that meets face to face and makes collective decisions, they
can hardly be held accountable. It becomes much too easy for them to
only share information that is convinient to share with a limited group
of people they already know will agree with them.
This rant has been going on for far too long. we will finish it off with
this (even if it's preaching): Educate yourself about computers and the
internet. You want to know what is in your food, with Monsanto and other
fuckers putting all this crap in it. The same way you need to be
informed about what ways your information travels and who has access to
it. Set up more local Indymedias, radical media groups, tech
collectives. Own the stack, don't rely on other people to keep you safe
and guard your data for you. You need to take responsibility for your
information. Reclaim the streets and your data!
[1] http://www.schnews.org.uk/archive/news755.php
[2] http://www.govconnect.gov.uk/
[3] http://www.guardian.co.uk/society/2010/apr/22/public-sector-government-computing-awards-free-school-meals
[4] http://www.buyingsolutions.gov.uk/services/Communications/GSi/ConnectingtoGSi/
Additions
Dynamite
The possible stick of dynamite under the chair on all this is that the Indymedia posting of the SHAC trial judge's home address came from gateway 303 -and resulted in a seized server and a person arrested.
I'm not saying the address would only be known to state agents. Any competent investigator could have tracked it down, but its posting does seem to have served a purpose. Can anything more be done to refine the source of that posting?
Why not contact SchNEWS?
Hi there Rouge Admins,
The idea for the SchNEWS article was posted on the Indy features list and the contact list four days before it was published. It is true that it was blocked as an Indy feature and SchNEWS have respeceted that block.
However the blocking arguments were never put to us. All we got were referrals to discussions which had already been had e.g
"i object to it being published in the current format. i believe the reasons have been stated before.solidarity,"--gdm
In the light of no-one actually trying to dissuade us from publishing we went ahead and did so. We are easily contactable - so why did no-one do so?
Dear SchNews
The arguments "were" put to you, sent to the address that proposed the feature in the first place, since the person sending the proposal said that SchNews were having problems with their emails.
It is a real pity that communication broke down so badly. Trust has certainly broken down as a result.
Regular false positives
Interesting piece on this subject by Linksunten:
"But also without bad intentions those IP filters regularly produce false positives and good content gets hidden for being posted from a filtered IP address. It happens regularly for example that Tor exit nodes, VPNs or proxies are being blocked. But because IP monitoring has been kept secret for many years, this collateral damage couldn't be explained to affected users. Not all censorship was intended."
links
London Statement: https://london.indymedia.org/articles/7018
Bristol Statement: https://bristol.indymedia.org/article/703042
Notts Statement: https://nottingham.indymedia.org.uk/articles/921
Is there one from Northern England?
on its way...
A statement is currently being written to set out our position on the capture of personally identifying data and will be published here once we have consensus
comment on schnews article by cautious
A note of caution: I had trouble on certain anarcho/activist forums when I was an office temp. Reason? I was an office temp in the civil service (with a lot of spare time) and my postings came from government GSI addresses.
Now hopefully you've thought about that explanation and ruled it out, but it would be good to know how you've ruled it out if so. It seems perfectly possible to me that a committed activist might be working for the government in some perfectly innocent role.
And honestly, I can't see much of a pattern to those postings. Certainly nothing really incriminating. If they are incitement, then I have incited. If they are demoralising, then I have demoralised (ie critiqued certain actions).
It may be true that information has been put online by this person or persons, but I can't see any serious logic to it, and it seems to me it could just as easily have been a stupid activist. They do exist.
I'm not saying you're wrong, just that what I see here doesn't seem conclusive to me.