How should security of Wikimedia accounts be better?

List overview All Threads
Download

newer

older

Re: [Wikimedia-l] [Wikimedia...

Re: [Wikimedia-l] (no subject) -...

Fæ

12 Nov 2016 12 Nov '16

12:22 p.m.

Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security? Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made public so far; plus it's the weekend :-) Over the last few years, there have improvements on account set-up and choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and this might be a good moment to encourage the WMF to have better facilities built into the projects. We could even make two-factor identification a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special rights that could cause a fair amount of disruption if a hacked account were not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring it, these could end up being far more disruptive than well-watched accounts like Jimmy's. We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding social hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities. Links 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised 2. https://en.wikipedia.org/wiki/Template:Committed_identity 3. https://en.wikipedia.org/wiki/Multi-factor_authentication Thanks, Fae -- faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae

Show replies by date

Craig Franklin

12 Nov 12 Nov

12:27 p.m.

New subject: How should security of Wikimedia accounts be better?

I know it's been said many times, but two-factor authentication, mandatory for accounts with advanced privileges and optionally available for everyone else, would seem to be a logical step. It's not foolproof, but it would go a long way to making us less of a soft target. Cheers, Craig On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com> wrote:

...

Amir Ladsgroup

12:37 p.m.

New subject: How should security of Wikimedia accounts be better?

As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605 I emphasized on having 2fa for CUs, oversights and others with private data access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this. Best On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <cfranklin(a)halonetwork.net> wrote:

...

Vi to

1:53 p.m.

New subject: How should security of Wikimedia accounts be better?

...

I know it's been said many times, but two-factor authentication,

mandatory

for accounts with advanced privileges and optionally available for

everyone

else, would seem to be a logical step. It's not foolproof, but it would

a long way to making us less of a soft target. Cheers, Craig On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com> wrote:

Fæ

2:08 p.m.

New subject: How should security of Wikimedia accounts be better?

Good point Vito, I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies. We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-) Fae On 12 November 2016 at 13:53, Vi to <vituzzu.wiki(a)gmail.com> wrote:

...

My phone number is something I consider highly sensitive. Linking this kind of data to my online identity would be an unacceptable risk for me. Vito 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>: > As far as I know 2FA is already implemented and mandatory for WMF staff > accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605 > > I emphasized on having 2fa for CUs, oversights and others with private data > access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <cfranklin(a)halonetwork.net> > wrote: > > > I know it's been said many times, but two-factor authentication, > mandatory > > for accounts with advanced privileges and optionally available for > everyone > > else, would seem to be a logical step. It's not foolproof, but it would > go > > a long way to making us less of a soft target. > > > > Cheers, > > Craig > > > > On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com> wrote: > > > > > Do any of the volunteers contributing to this list have ideas for > > > changes that may make a significant difference to security? > > > > > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the > > > process appearing to promote an organisation.[1] It was not the only > > > account compromised. This is being analysed, though as there are > > > security issues being examined, the analysis has not been made public > > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account set-up and > > > choice of passwords, along with user suggestions for better account > > > management. Users can also chose to use committed identities[2] to > > > make account recovery easier, and are encouraged to use more secure > > > passwords. Two-factor authentication,[3] such as using mobile phone > > > text messages, has been suggested a few times by volunteers, and this > > > might be a good moment to encourage the WMF to have better facilities > > > built into the projects. We could even make two-factor identification > > > a requirement for trusted users, such as administrators, important > > > bots, and "high profile" accounts, where they may have special rights > > > that could cause a fair amount of disruption if a hacked account were > > > not identified quickly. Considering that some administrator accounts > > > can lie dormant for many months without the actual user monitoring it, > > > these could end up being far more disruptive than well-watched > > > accounts like Jimmy's. > > > > > > We may want extra security to remain mostly optional, keeping our > > > projects simple to access. Education of new volunteers and trusted > > > users may be critical for making it effective, such as avoiding social > > > hacking. A clearer understanding of what the community would want to > > > see improved would probably help set development priorities. > > > > > > Links > > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised > > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > > > > > Thanks, > > > Fae > > > -- > > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l(a)lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

-- faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae

Amir Ladsgroup

2:30 p.m.

New subject: How should security of Wikimedia accounts be better?

There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar ones. Then you scan a QR code from a special page in Wikipedia. Then every time you want to login, you need to give username, password and a short-lived token the app gives you. See this for more details: https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html On Sat, Nov 12, 2016 at 5:38 PM Fæ <faewik(a)gmail.com> wrote: Good point Vito, I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies. We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-) Fae On 12 November 2016 at 13:53, Vi to <vituzzu.wiki(a)gmail.com> wrote:

...

My phone number is something I consider highly sensitive. Linking this

kind

...

of data to my online identity would be an unacceptable risk for me. Vito 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>: > As far as I know 2FA is already implemented and mandatory for WMF staff > accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605 > > I emphasized on having 2fa for CUs, oversights and others with private

data

...

access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this. Best On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <cfranklin(a)halonetwork.net

> wrote: > > > I know it's been said many times, but two-factor authentication, > mandatory > > for accounts with advanced privileges and optionally available for > everyone > > else, would seem to be a logical step. It's not foolproof, but it

would

...

> go > > a long way to making us less of a soft target. > > > > Cheers, > > Craig > > > > On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com> wrote: > > > > > Do any of the volunteers contributing to this list have ideas for > > > changes that may make a significant difference to security? > > > > > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the > > > process appearing to promote an organisation.[1] It was not the only > > > account compromised. This is being analysed, though as there are > > > security issues being examined, the analysis has not been made public > > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account set-up

and

...

> > > choice of passwords, along with user suggestions for better account > > > management. Users can also chose to use committed identities[2] to > > > make account recovery easier, and are encouraged to use more secure > > > passwords. Two-factor authentication,[3] such as using mobile phone > > > text messages, has been suggested a few times by volunteers, and this > > > might be a good moment to encourage the WMF to have better facilities > > > built into the projects. We could even make two-factor identification > > > a requirement for trusted users, such as administrators, important > > > bots, and "high profile" accounts, where they may have special rights > > > that could cause a fair amount of disruption if a hacked account were > > > not identified quickly. Considering that some administrator accounts > > > can lie dormant for many months without the actual user monitoring

it,

...

> > > these could end up being far more disruptive than well-watched > > > accounts like Jimmy's. > > > > > > We may want extra security to remain mostly optional, keeping our > > > projects simple to access. Education of new volunteers and trusted > > > users may be critical for making it effective, such as avoiding

social

...

> > > hacking. A clearer understanding of what the community would want to > > > see improved would probably help set development priorities. > > > > > > Links > > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised > > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > > > > > Thanks, > > > Fae > > > -- > > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

...

> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l(a)lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Vi to

2:34 p.m.

New subject: How should security of Wikimedia accounts be better?

Actually I consider to be sensitive the google account linked to my mobile phone :| also lots of people might have no compatible devices. Vito 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>:

...

My phone number is something I consider highly sensitive. Linking this

kind

org/T107605

> > I emphasized on having 2fa for CUs, oversights and others with private

data

> access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <

cfranklin(a)halonetwork.net

would

public

> > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account set-up

and

this

> > > might be a good moment to encourage the WMF to have better

facilities

> > > built into the projects. We could even make two-factor

identification

> > > a requirement for trusted users, such as administrators, important > > > bots, and "high profile" accounts, where they may have special

rights

> > > that could cause a fair amount of disruption if a hacked account

were

> > > not identified quickly. Considering that some administrator accounts > > > can lie dormant for many months without the actual user monitoring

it,

social

https://meta.wikimedia.org/

> > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l ,

> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

unsubscribe>

> > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

> > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l(a)lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

-- faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Amir Ladsgroup

2:37 p.m.

New subject: How should security of Wikimedia accounts be better?

Emphasizing on this part of my message: "'Google Authenticator' *or similar ones.*" On Sat, Nov 12, 2016 at 6:04 PM Vi to <vituzzu.wiki(a)gmail.com> wrote:

...

https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html

On Sat, Nov 12, 2016 at 5:38 PM Fæ <faewik(a)gmail.com> wrote: Good point Vito, I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies. We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-) Fae On 12 November 2016 at 13:53, Vi to <vituzzu.wiki(a)gmail.com> wrote:

My phone number is something I consider highly sensitive. Linking this

kind > of data to my online identity would be an unacceptable risk for me. > > Vito > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>: > >> As far as I know 2FA is already implemented and mandatory for WMF

staff

> accounts and wikitech accounts. https://phabricator.wikimedia.

org/T107605

> > I emphasized on having 2fa for CUs, oversights and others with private

data

> access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <

cfranklin(a)halonetwork.net

would >> go >> > a long way to making us less of a soft target. >> > >> > Cheers, >> > Craig >> > >> > On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com> wrote: >> > >> > > Do any of the volunteers contributing to this list have ideas for >> > > changes that may make a significant difference to security? >> > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in

the

>> > > process appearing to promote an organisation.[1] It was not the

only

> > > account compromised. This is being analysed, though as there are > > > security issues being examined, the analysis has not been made

public

> > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account set-up

and >> > > choice of passwords, along with user suggestions for better

account

>> > > management. Users can also chose to use committed identities[2] to >> > > make account recovery easier, and are encouraged to use more

secure

>> > > passwords. Two-factor authentication,[3] such as using mobile

phone

> > > text messages, has been suggested a few times by volunteers, and

this

> > > might be a good moment to encourage the WMF to have better

facilities

> > > built into the projects. We could even make two-factor

identification

> > > a requirement for trusted users, such as administrators, important > > > bots, and "high profile" accounts, where they may have special

rights

> > > that could cause a fair amount of disruption if a hacked account

were >> > > not identified quickly. Considering that some administrator

accounts

> > > can lie dormant for many months without the actual user monitoring

it,

social >> > > hacking. A clearer understanding of what the community would want

>> > > see improved would probably help set development priorities. >> > > >> > > Links >> > > 1.

https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised

> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > > > > > Thanks, > > > Fae > > > -- > > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at:

https://meta.wikimedia.org/

> > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l ,

> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

unsubscribe> >> > _______________________________________________ >> > Wikimedia-l mailing list, guidelines at: >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines >> > New messages to: Wikimedia-l(a)lists.wikimedia.org >> > Unsubscribe:

https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

, >> > <mailto:wikimedia-l-request@lists.wikimedia.org

?subject=unsubscribe>

>> _______________________________________________ >> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ >> wiki/Mailing_lists/Guidelines >> New messages to: Wikimedia-l(a)lists.wikimedia.org >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Steinsplitter Wiki

3:46 p.m.

New subject: How should security of Wikimedia accounts be better?

https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard#Two-F… ________________________________ Von: Wikimedia-l <wikimedia-l-bounces(a)lists.wikimedia.org> im Auftrag von Amir Ladsgroup <ladsgroup(a)gmail.com> Gesendet: Samstag, 12. November 2016 15:37 An: Wikimedia Mailing List Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be better? Emphasizing on this part of my message: "'Google Authenticator' *or similar ones.*" On Sat, Nov 12, 2016 at 6:04 PM Vi to <vituzzu.wiki(a)gmail.com> wrote:

...

https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html

My phone number is something I consider highly sensitive. Linking this

staff

> accounts and wikitech accounts. https://phabricator.wikimedia.

org/T107605

> > I emphasized on having 2fa for CUs, oversights and others with private

data

> access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <

cfranklin(a)halonetwork.net

the

>> > > process appearing to promote an organisation.[1] It was not the

only

> > > account compromised. This is being analysed, though as there are > > > security issues being examined, the analysis has not been made

public

> > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account set-up

and >> > > choice of passwords, along with user suggestions for better

account

>> > > management. Users can also chose to use committed identities[2] to >> > > make account recovery easier, and are encouraged to use more

secure

>> > > passwords. Two-factor authentication,[3] such as using mobile

phone

> > > text messages, has been suggested a few times by volunteers, and

this

> > > might be a good moment to encourage the WMF to have better

facilities

> > > built into the projects. We could even make two-factor

identification

> > > a requirement for trusted users, such as administrators, important > > > bots, and "high profile" accounts, where they may have special

rights

> > > that could cause a fair amount of disruption if a hacked account

were >> > > not identified quickly. Considering that some administrator

accounts

> > > can lie dormant for many months without the actual user monitoring

it,

social >> > > hacking. A clearer understanding of what the community would want

>> > > see improved would probably help set development priorities. >> > > >> > > Links >> > > 1.

https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised

https://meta.wikimedia.org/

> > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l ,

> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

, >> > <mailto:wikimedia-l-request@lists.wikimedia.org

?subject=unsubscribe>

> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Craig Franklin

14 Nov 14 Nov

12:10 a.m.

New subject: How should security of Wikimedia accounts be better?

This is really excellent. Thankyou! Cheers, Craig On 13 November 2016 at 01:46, Steinsplitter Wiki <steinsplitter(a)wikipedia.de

...

wrote:

> https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_ > noticeboard#Two-Factor_Authentication_now_available_for_admins > > ________________________________ > Von: Wikimedia-l <wikimedia-l-bounces(a)lists.wikimedia.org> im Auftrag von > Amir Ladsgroup <ladsgroup(a)gmail.com> > Gesendet: Samstag, 12. November 2016 15:37 > An: Wikimedia Mailing List > Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be > better? > > Emphasizing on this part of my message: "'Google Authenticator' *or similar > ones.*" > > On Sat, Nov 12, 2016 at 6:04 PM Vi to <vituzzu.wiki(a)gmail.com

...

wrote:

> > > Actually I consider to be sensitive the google account linked to my > mobile > > phone :| > > > > also lots of people might have no compatible devices. > > > > Vito > > > > 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>: > > > > > There is no need to store phone number at all. > > > You need to install an app called "Google Authenticator" or similar > ones. > > > Then you scan a QR code from a special page in Wikipedia. Then every > time > > > you want to login, you need to give username, password and a > short-lived > > > token the app gives you. See this for more details: > > > > > https://lists.wikimedia.org/pipermail/labs-announce/2016- > March/000104.html > > > > > > > > > > > > On Sat, Nov 12, 2016 at 5:38 PM Fæ <faewik(a)gmail.com

...

wrote:

> > > > > > Good point Vito, > > > > > > I agree that mobile numbers are personal information. However, my > > > understanding of the two-factor process would be that it can set up so > > > that mobile numbers are *guaranteed* to never be logged or archived > > > and only stored in a constrained way for a verification number to be > > > issued. There are various ways of getting two-factor processes to > > > work, so methods that do not rely on mobile numbers may suit > > > volunteers that are worried about sending their mobile phone number to > > > any server in the USA, where there are always questions about secret > > > access and storage for government agencies. > > > > > > We can require that guarantees are given and transparently assured for > > > how any personal information like this is handled by WMF implemented > > > software. It could even be an area that requires legally meaningful > > > assurance, or local processing to avoid, say, Europeans sending any > > > personal data to the USA. ;-) > > > > > > Fae > > > > > > On 12 November 2016 at 13:53, Vi to <vituzzu.wiki(a)gmail.com

...

wrote:

> > > > My phone number is something I consider highly sensitive. Linking > this > > > kind > > > > of data to my online identity would be an unacceptable risk for me. > > > > > > > > Vito > > > > > > > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>: > > > > > > > >> As far as I know 2FA is already implemented and mandatory for WMF > > staff > > > >> accounts and wikitech accounts. https://phabricator.wikimedia. > > > org/T107605 > > > >> > > > >> I emphasized on having 2fa for CUs, oversights and others with > private > > > data > > > >> access: https://phabricator.wikimedia.org/T107605#2570342 > > > >> Not sure what's blocking this. > > > >> > > > >> Best > > > >> > > > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin < > > > cfranklin(a)halonetwork.net > > > > > > > >

...

wrote:

> > > >> > > > >> > I know it's been said many times, but two-factor authentication, > > > >> mandatory > > > >> > for accounts with advanced privileges and optionally available for > > > >> everyone > > > >> > else, would seem to be a logical step. It's not foolproof, but it > > > would > > > >> go > > > >> > a long way to making us less of a soft target. > > > >> > > > > >> > Cheers, > > > >> > Craig > > > >> > > > > >> > On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com

...

wrote:

> > > >> > > > > >> > > Do any of the volunteers contributing to this list have ideas > for > > > >> > > changes that may make a significant difference to security? > > > >> > > > > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in > > the > > > >> > > process appearing to promote an organisation.[1] It was not the > > only > > > >> > > account compromised. This is being analysed, though as there are > > > >> > > security issues being examined, the analysis has not been made > > > public > > > >> > > so far; plus it's the weekend :-) > > > >> > > > > > >> > > Over the last few years, there have improvements on account > set-up > > > and > > > >> > > choice of passwords, along with user suggestions for better > > account > > > >> > > management. Users can also chose to use committed identities[2] > to > > > >> > > make account recovery easier, and are encouraged to use more > > secure > > > >> > > passwords. Two-factor authentication,[3] such as using mobile > > phone > > > >> > > text messages, has been suggested a few times by volunteers, and > > > this > > > >> > > might be a good moment to encourage the WMF to have better > > > facilities > > > >> > > built into the projects. We could even make two-factor > > > identification > > > >> > > a requirement for trusted users, such as administrators, > important > > > >> > > bots, and "high profile" accounts, where they may have special > > > rights > > > >> > > that could cause a fair amount of disruption if a hacked account > > > were > > > >> > > not identified quickly. Considering that some administrator > > accounts > > > >> > > can lie dormant for many months without the actual user > monitoring > > > it, > > > >> > > these could end up being far more disruptive than well-watched > > > >> > > accounts like Jimmy's. > > > >> > > > > > >> > > We may want extra security to remain mostly optional, keeping > our > > > >> > > projects simple to access. Education of new volunteers and > trusted > > > >> > > users may be critical for making it effective, such as avoiding > > > social > > > >> > > hacking. A clearer understanding of what the community would > want > > to > > > >> > > see improved would probably help set development priorities. > > > >> > > > > > >> > > Links > > > >> > > 1. > > https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised > > > >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > > > >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > > >> > > > > > >> > > Thanks, > > > >> > > Fae > > > >> > > -- > > > >> > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > >> > > > > > >> > > _______________________________________________ > > > >> > > Wikimedia-l mailing list, guidelines at: > > > https://meta.wikimedia.org/ > > > >> > > wiki/Mailing_lists/Guidelines > > > >> > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > >> > > Unsubscribe: https://lists.wikimedia.org/ > > > mailman/listinfo/wikimedia-l > > > , > > > >> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject= > > > unsubscribe> > > > >> > _______________________________________________ > > > >> > Wikimedia-l mailing list, guidelines at: > > > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > > >> > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > >> > Unsubscribe: > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l > > > , > > > >> > <mailto:wikimedia-l-request@lists.wikimedia.org > > ?subject=unsubscribe> > > > >> _______________________________________________ > > > >> Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/ > > > >> wiki/Mailing_lists/Guidelines > > > >> New messages to: Wikimedia-l(a)lists.wikimedia.org > > > >> Unsubscribe: https://lists.wikimedia.org/ > mailman/listinfo/wikimedia-l > > , > > > >> <mailto:wikimedia-l-request@lists.wikimedia.org?subject= > unsubscribe> > > > > > > -- > > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at: > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > > > > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l(a)lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l(a)lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> >

Gnangarra

8:05 a.m.

New subject: How should security of Wikimedia accounts be better?

I see this as not solving problems but creating barriers to participation - one is the complexity of the process https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the more complicated the systems the more opportunity for failures, more points of access where data can be compromised, and the flip side the easier it is for people to be locked out, - its using 3rd party, no matter how good the system of the third party why should I be using anything other than the WMF system to login, my connection is with the WMF. Who is responsible if the connection is compromised or my data misused by the third party regardless of which third party used they need to know your user details to complete the loop in the authentication . - an authentication app is just inviting people to attempt to compromise the account as you have already given them part of the process should you lose your device What I see could be a technical benefit has a dark side that is enabling additional parties to monitor our activities even compromise them. I think that "security" card is being played poorly here as anonymity in editing is something we have always respected the 3rd party participation in authentication appears to be stripping that away. Google and like minded commercial companies only provide these free tools to gather data for their own internal uses to enable them to better target the advertising that they sell. On 14 November 2016 at 08:10, Craig Franklin <cfranklin(a)halonetwork.net> wrote:

...

This is really excellent. Thankyou! Cheers, Craig On 13 November 2016 at 01:46, Steinsplitter Wiki < steinsplitter(a)wikipedia.de

wrote:

https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_ noticeboard#Two-Factor_Authentication_now_available_for_admins ________________________________ Von: Wikimedia-l <wikimedia-l-bounces(a)lists.wikimedia.org> im Auftrag

von

Amir Ladsgroup <ladsgroup(a)gmail.com> Gesendet: Samstag, 12. November 2016 15:37 An: Wikimedia Mailing List Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be better? Emphasizing on this part of my message: "'Google Authenticator' *or

similar

ones.*" On Sat, Nov 12, 2016 at 6:04 PM Vi to <vituzzu.wiki(a)gmail.com> wrote:

Actually I consider to be sensitive the google account linked to my

mobile

phone :| also lots of people might have no compatible devices. Vito 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>: > There is no need to store phone number at all. > You need to install an app called "Google Authenticator" or similar

ones.

> Then you scan a QR code from a special page in Wikipedia. Then every

time

> you want to login, you need to give username, password and a

short-lived

token the app gives you. See this for more details:

https://lists.wikimedia.org/pipermail/labs-announce/2016-

March/000104.html > > > > > > > > On Sat, Nov 12, 2016 at 5:38 PM Fæ <faewik(a)gmail.com> wrote: > > > > Good point Vito, > > > > I agree that mobile numbers are personal information. However, my > > understanding of the two-factor process would be that it can set up

> > that mobile numbers are *guaranteed* to never be logged or archived > > and only stored in a constrained way for a verification number to be > > issued. There are various ways of getting two-factor processes to > > work, so methods that do not rely on mobile numbers may suit > > volunteers that are worried about sending their mobile phone number

> > any server in the USA, where there are always questions about secret > > access and storage for government agencies. > > > > We can require that guarantees are given and transparently assured

for

> how any personal information like this is handled by WMF implemented > software. It could even be an area that requires legally meaningful > assurance, or local processing to avoid, say, Europeans sending any > personal data to the USA. ;-) > > Fae > > On 12 November 2016 at 13:53, Vi to <vituzzu.wiki(a)gmail.com> wrote: > > My phone number is something I consider highly sensitive. Linking

this

staff > >> accounts and wikitech accounts. https://phabricator.wikimedia. > org/T107605 > >> > >> I emphasized on having 2fa for CUs, oversights and others with

private > > data > > >> access: https://phabricator.wikimedia.org/T107605#2570342 > > >> Not sure what's blocking this. > > >> > > >> Best > > >> > > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin < > > cfranklin(a)halonetwork.net > > > > > >> wrote: > > >> > > >> > I know it's been said many times, but two-factor authentication, > > >> mandatory > > >> > for accounts with advanced privileges and optionally available

for

> > >> everyone > > >> > else, would seem to be a logical step. It's not foolproof, but

> would > >> go > >> > a long way to making us less of a soft target. > >> > > >> > Cheers, > >> > Craig > >> > > >> > On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com> wrote: > >> > > >> > > Do any of the volunteers contributing to this list have ideas

for > > >> > > changes that may make a significant difference to security? > > >> > > > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked,

> the > > >> > > process appearing to promote an organisation.[1] It was not

the

> only > > >> > > account compromised. This is being analysed, though as there

are

> >> > > security issues being examined, the analysis has not been made > public > >> > > so far; plus it's the weekend :-) > >> > > > >> > > Over the last few years, there have improvements on account

set-up > > and > > >> > > choice of passwords, along with user suggestions for better > account > > >> > > management. Users can also chose to use committed

identities[2]

to > > >> > > make account recovery easier, and are encouraged to use more > secure > > >> > > passwords. Two-factor authentication,[3] such as using mobile > phone > > >> > > text messages, has been suggested a few times by volunteers,

and

> this > >> > > might be a good moment to encourage the WMF to have better > facilities > >> > > built into the projects. We could even make two-factor > identification > >> > > a requirement for trusted users, such as administrators,

important > > >> > > bots, and "high profile" accounts, where they may have special > > rights > > >> > > that could cause a fair amount of disruption if a hacked

account

were >> > > not identified quickly. Considering that some administrator

accounts > >> > > can lie dormant for many months without the actual user

monitoring

> it, > >> > > these could end up being far more disruptive than well-watched > >> > > accounts like Jimmy's. > >> > > > >> > > We may want extra security to remain mostly optional, keeping

our

> >> > > projects simple to access. Education of new volunteers and

trusted > > >> > > users may be critical for making it effective, such as

avoiding

> social > >> > > hacking. A clearer understanding of what the community would

want

>> > > see improved would probably help set development priorities. >> > > >> > > Links >> > > 1.

https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised

>> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication >> > > >> > > Thanks, >> > > Fae >> > > -- >> > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae >> > > >> > > _______________________________________________ >> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ >> > > wiki/Mailing_lists/Guidelines >> > > New messages to: Wikimedia-l(a)lists.wikimedia.org >> > > Unsubscribe: https://lists.wikimedia.org/ mailman/listinfo/wikimedia-l , >> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject= unsubscribe> >> > _______________________________________________ >> > Wikimedia-l mailing list, guidelines at: >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines >> > New messages to: Wikimedia-l(a)lists.wikimedia.org >> > Unsubscribe:

https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

, >> > <mailto:wikimedia-l-request@lists.wikimedia.org

?subject=unsubscribe> > >> _______________________________________________ > >> Wikimedia-l mailing list, guidelines at:

https://meta.wikimedia.org/

> >> wiki/Mailing_lists/Guidelines > >> New messages to: Wikimedia-l(a)lists.wikimedia.org > >> Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l

, > >> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

unsubscribe> > > > > -- > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

> > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > > wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

_______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

-- GN. President Wikimedia Australia WMAU: http://www.wikimedia.org.au/wiki/User:Gnangarra Photo Gallery: http://gnangarra.redbubble.com

Fæ

10:45 a.m.

New subject: How should security of Wikimedia accounts be better?

Task: https://phabricator.wikimedia.org/T150646 - A Wikimedia hosted two-factor authentication app I agree there are issues, and the help files would need a lot more work before a wider roll-out. The current advice[1] is too open ended and many users randomly searching for two-factor authentication apps (or browser plug-ins) will end up using Google's, or a supplier with no track record, or even some other app with commercial adverts. Open source solutions are around, like Authy[2] (which is what I'm using). There is nothing to stop the WMF from hosting a build using current open source code, and even making it available on Google Play, with the options of customizing it in useful ways later on. For these reasons I've kicked of the task above for the WMF to consider hosting an app. Links: 1. https://meta.wikimedia.org/wiki/Help:Two-factor_authentication 2. https://github.com/authy On 14 November 2016 at 08:05, Gnangarra <gnangarra(a)gmail.com> wrote:

...

This is really excellent. Thankyou! Cheers, Craig On 13 November 2016 at 01:46, Steinsplitter Wiki < steinsplitter(a)wikipedia.de

wrote:

von

similar

ones.*" On Sat, Nov 12, 2016 at 6:04 PM Vi to <vituzzu.wiki(a)gmail.com> wrote:

Actually I consider to be sensitive the google account linked to my

mobile

ones.

> Then you scan a QR code from a special page in Wikipedia. Then every

time

> you want to login, you need to give username, password and a

short-lived

> token the app gives you. See this for more details: > https://lists.wikimedia.org/pipermail/labs-announce/2016-

> > any server in the USA, where there are always questions about secret > > access and storage for government agencies. > > > > We can require that guarantees are given and transparently assured

for

this

> kind > > of data to my online identity would be an unacceptable risk for me. > > > > Vito > > > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>: > > > >> As far as I know 2FA is already implemented and mandatory for WMF staff > >> accounts and wikitech accounts. https://phabricator.wikimedia. > org/T107605 > >> > >> I emphasized on having 2fa for CUs, oversights and others with

for

> > >> everyone > > >> > else, would seem to be a logical step. It's not foolproof, but

for > > >> > > changes that may make a significant difference to security? > > >> > > > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked,

> the > > >> > > process appearing to promote an organisation.[1] It was not

the

> only > > >> > > account compromised. This is being analysed, though as there

are

set-up > > and > > >> > > choice of passwords, along with user suggestions for better > account > > >> > > management. Users can also chose to use committed

identities[2]

and

important > > >> > > bots, and "high profile" accounts, where they may have special > > rights > > >> > > that could cause a fair amount of disruption if a hacked

account

> were > >> > > not identified quickly. Considering that some administrator accounts > >> > > can lie dormant for many months without the actual user

monitoring

> it, > >> > > these could end up being far more disruptive than well-watched > >> > > accounts like Jimmy's. > >> > > > >> > > We may want extra security to remain mostly optional, keeping

our

> >> > > projects simple to access. Education of new volunteers and

trusted > > >> > > users may be critical for making it effective, such as

avoiding

> social > >> > > hacking. A clearer understanding of what the community would

want

to > >> > > see improved would probably help set development priorities. > >> > > > >> > > Links > >> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised > >> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > >> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > >> > > > >> > > Thanks, > >> > > Fae > >> > > -- > >> > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae > >> > > > >> > > _______________________________________________ > >> > > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/ > >> > > wiki/Mailing_lists/Guidelines > >> > > New messages to: Wikimedia-l(a)lists.wikimedia.org > >> > > Unsubscribe: https://lists.wikimedia.org/ > mailman/listinfo/wikimedia-l > , > >> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject= > unsubscribe> > >> > _______________________________________________ > >> > Wikimedia-l mailing list, guidelines at: > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > >> > New messages to: Wikimedia-l(a)lists.wikimedia.org > >> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l > , > >> > <mailto:wikimedia-l-request@lists.wikimedia.org ?subject=unsubscribe> > >> _______________________________________________ > >> Wikimedia-l mailing list, guidelines at:

https://meta.wikimedia.org/

> >> wiki/Mailing_lists/Guidelines > >> New messages to: Wikimedia-l(a)lists.wikimedia.org > >> Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l

, > >> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

mailman/listinfo/wikimedia-l,

> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

-- GN. President Wikimedia Australia WMAU: http://www.wikimedia.org.au/wiki/User:Gnangarra Photo Gallery: http://gnangarra.redbubble.com _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

-- faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae Personal and confidential, please do not circulate or re-quote.

Vi to

10:49 a.m.

New subject: How should security of Wikimedia accounts be better?

Reinventing the wheel is not a good idea, choosing an existing and active open source project and take part into development is cheaper and more sustainable, phabricator is a good example. Vito 2016-11-14 11:45 GMT+01:00 Fæ <faewik(a)gmail.com>om>:

...

I see this as not solving problems but creating barriers to participation - one is the complexity of the process https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the

complicated the systems the more opportunity for failures, more

points of

access where data can be compromised, and the flip side the easier it

for people to be locked out, - its using 3rd party, no matter how good the system of the third

party

why should I be using anything other than the WMF system to login, my connection is with the WMF. Who is responsible if the connection is compromised or my data misused by the third party regardless of which

third

party used they need to know your user details to complete the loop

in the

authentication . - an authentication app is just inviting people to attempt to

compromise

the account as you have already given them part of the process should

you

lose your device What I see could be a technical benefit has a dark side that is enabling additional parties to monitor our activities even compromise them. I

think

that "security" card is being played poorly here as anonymity in editing

something we have always respected the 3rd party participation in authentication appears to be stripping that away. Google and like minded commercial companies only provide these free tools to gather data for

their

own internal uses to enable them to better target the advertising that

they

sell. On 14 November 2016 at 08:10, Craig Franklin <cfranklin(a)halonetwork.net> wrote: > This is really excellent. Thankyou! > > Cheers, > Craig > > On 13 November 2016 at 01:46, Steinsplitter Wiki < > steinsplitter(a)wikipedia.de > > wrote: > > > https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_ > > noticeboard#Two-Factor_Authentication_now_available_for_admins > > > > ________________________________ > > Von: Wikimedia-l <wikimedia-l-bounces(a)lists.wikimedia.org> im Auftrag > von > > Amir Ladsgroup <ladsgroup(a)gmail.com> > > Gesendet: Samstag, 12. November 2016 15:37 > > An: Wikimedia Mailing List > > Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts

> > better? > > > > Emphasizing on this part of my message: "'Google Authenticator' *or > similar > > ones.*" > > > > On Sat, Nov 12, 2016 at 6:04 PM Vi to <vituzzu.wiki(a)gmail.com> wrote: > > > > > Actually I consider to be sensitive the google account linked to my > > mobile > > > phone :| > > > > > > also lots of people might have no compatible devices. > > > > > > Vito > > > > > > 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com>om>: > > > > > > > There is no need to store phone number at all. > > > > You need to install an app called "Google Authenticator" or

similar

> > ones. > > > > Then you scan a QR code from a special page in Wikipedia. Then

every

> > time > > > > you want to login, you need to give username, password and a > > short-lived > > > > token the app gives you. See this for more details: > > > > > > > https://lists.wikimedia.org/pipermail/labs-announce/2016- > > March/000104.html > > > > > > > > > > > > > > > > On Sat, Nov 12, 2016 at 5:38 PM Fæ <faewik(a)gmail.com> wrote: > > > > > > > > Good point Vito, > > > > > > > > I agree that mobile numbers are personal information. However, my > > > > understanding of the two-factor process would be that it can set

> so > > > > that mobile numbers are *guaranteed* to never be logged or

archived

> > > > and only stored in a constrained way for a verification number to

> > > > issued. There are various ways of getting two-factor processes to > > > > work, so methods that do not rely on mobile numbers may suit > > > > volunteers that are worried about sending their mobile phone

number

> to > > > > any server in the USA, where there are always questions about

secret

> > > > access and storage for government agencies. > > > > > > > > We can require that guarantees are given and transparently assured > for > > > > how any personal information like this is handled by WMF

implemented

> > > > software. It could even be an area that requires legally

meaningful

> > > > assurance, or local processing to avoid, say, Europeans sending

any

> > > > personal data to the USA. ;-) > > > > > > > > Fae > > > > > > > > On 12 November 2016 at 13:53, Vi to <vituzzu.wiki(a)gmail.com>

wrote:

> > > > > My phone number is something I consider highly sensitive.

Linking

> > this > > > > kind > > > > > of data to my online identity would be an unacceptable risk for

me.

> > > > > > > > Vito > > > > > > > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <ladsgroup(a)gmail.com

: > > > > > > > > > >> As far as I know 2FA is already implemented and mandatory for

WMF

> > > staff > > > > >> accounts and wikitech accounts. https://phabricator.wikimedia. > > > > org/T107605 > > > > >> > > > > >> I emphasized on having 2fa for CUs, oversights and others with > > private > > > > data > > > > >> access: https://phabricator.wikimedia.org/T107605#2570342 > > > > >> Not sure what's blocking this. > > > > >> > > > > >> Best > > > > >> > > > > >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin < > > > > cfranklin(a)halonetwork.net > > > > > > > > > >> wrote: > > > > >> > > > > >> > I know it's been said many times, but two-factor

authentication,

> > > > >> mandatory > > > > >> > for accounts with advanced privileges and optionally

available

> for > > > > >> everyone > > > > >> > else, would seem to be a logical step. It's not foolproof,

but

> it > > > > would > > > > >> go > > > > >> > a long way to making us less of a soft target. > > > > >> > > > > > >> > Cheers, > > > > >> > Craig > > > > >> > > > > > >> > On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com> wrote: > > > > >> > > > > > >> > > Do any of the volunteers contributing to this list have

ideas

> > for > > > > >> > > changes that may make a significant difference to security? > > > > >> > > > > > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting

hacked,

> in > > > the > > > > >> > > process appearing to promote an organisation.[1] It was not > the > > > only > > > > >> > > account compromised. This is being analysed, though as

there

> are > > > > >> > > security issues being examined, the analysis has not been

made

> > > > public > > > > >> > > so far; plus it's the weekend :-) > > > > >> > > > > > > >> > > Over the last few years, there have improvements on account > > set-up > > > > and > > > > >> > > choice of passwords, along with user suggestions for better > > > account > > > > >> > > management. Users can also chose to use committed > identities[2] > > to > > > > >> > > make account recovery easier, and are encouraged to use

> > > secure > > > > >> > > passwords. Two-factor authentication,[3] such as using

mobile

> > > phone > > > > >> > > text messages, has been suggested a few times by

volunteers,

> and > > > > this > > > > >> > > might be a good moment to encourage the WMF to have better > > > > facilities > > > > >> > > built into the projects. We could even make two-factor > > > > identification > > > > >> > > a requirement for trusted users, such as administrators, > > important > > > > >> > > bots, and "high profile" accounts, where they may have

special

> > > > rights > > > > >> > > that could cause a fair amount of disruption if a hacked > account > > > > were > > > > >> > > not identified quickly. Considering that some administrator > > > accounts > > > > >> > > can lie dormant for many months without the actual user > > monitoring > > > > it, > > > > >> > > these could end up being far more disruptive than

well-watched

> > > > >> > > accounts like Jimmy's. > > > > >> > > > > > > >> > > We may want extra security to remain mostly optional,

keeping

> > our > > > > >> > > projects simple to access. Education of new volunteers and > > trusted > > > > >> > > users may be critical for making it effective, such as > avoiding > > > > social > > > > >> > > hacking. A clearer understanding of what the community

would

> > want > > > to > > > > >> > > see improved would probably help set development

priorities.

> > > > >> > > > > > > >> > > Links > > > > >> > > 1. > > > https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised > > > > >> > > 2. https://en.wikipedia.org/wiki/

Template:Committed_identity

> > > > >> > > 3. https://en.wikipedia.org/wiki/

Multi-factor_authentication

> > > > >> > > > > > > >> > > Thanks, > > > > >> > > Fae > > > > >> > > -- > > > > >> > > faewik(a)gmail.com https://commons.wikimedia.org/

wiki/User:Fae

> > > > >> > > > > > > >> > > _______________________________________________ > > > > >> > > Wikimedia-l mailing list, guidelines at: > > > > https://meta.wikimedia.org/ > > > > >> > > wiki/Mailing_lists/Guidelines > > > > >> > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > > >> > > Unsubscribe: https://lists.wikimedia.org/ > > > > mailman/listinfo/wikimedia-l > > > > , > > > >

> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

> > > > unsubscribe> > > > > >> > _______________________________________________ > > > > >> > Wikimedia-l mailing list, guidelines at: > > > > >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > > > >> > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > > >> > Unsubscribe: > > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l > > > > , > > > > >> > <mailto:wikimedia-l-request@lists.wikimedia.org > > > ?subject=unsubscribe> > > > > >> _______________________________________________ > > > > >> Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/ > > > > >> wiki/Mailing_lists/Guidelines > > > > >> New messages to: Wikimedia-l(a)lists.wikimedia.org > > > > >> Unsubscribe: https://lists.wikimedia.org/ > > mailman/listinfo/wikimedia-l > > > , > > > > >> <mailto:wikimedia-l-request@lists.wikimedia.org?subject= > > unsubscribe> > > > > > > > > -- > > > > faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > > > > > _______________________________________________ > > > > Wikimedia-l mailing list, guidelines at: > > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > > Unsubscribe: https://lists.wikimedia.org/ > mailman/listinfo/wikimedia-l, > > > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

unsubscribe>

> > > > _______________________________________________ > > > > Wikimedia-l mailing list, guidelines at:

https://meta.wikimedia.org/

> > > > wiki/Mailing_lists/Guidelines > > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > > Unsubscribe: https://lists.wikimedia.org/ > mailman/listinfo/wikimedia-l, > > > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

unsubscribe>

> > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at: > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

unsubscribe>

> > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > > wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

, >> > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

> > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > > wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

wiki/Mailing_lists/Guidelines

New messages to: Wikimedia-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> -- faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae Personal and confidential, please do not circulate or re-quote. _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l(a)lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Yongmin Hong

12 Nov 12 Nov

4:12 p.m.

New subject: How should security of Wikimedia accounts be better?

I believe you can find some 2FA application that isn't affiliated with Google (actually Google Authenticatir app doesn't require Google account to be linked. Tested on iOS and Android.) Also, some desktop application (ie. 1password*) is 2FA compatible. * Not Free/Open Source Software. -- Yongmin H. Sent from my iPhone Please note that this address is list-only address and any non-mailing list mails will be treated as spam. Please use https://encrypt.to/0x947f156f16250de39788c3c35b625da5beff197a. 2016. 11. 12. 23:34 Vi to <vituzzu.wiki(a)gmail.com> 작성:

...

On 12 November 2016 at 13:53, Vi to <vituzzu.wiki(a)gmail.com> wrote: My phone number is something I consider highly sensitive. Linking this

kind

org/T107605

> > I emphasized on having 2fa for CUs, oversights and others with private

data

> access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <

cfranklin(a)halonetwork.net

> wrote: > >> I know it's been said many times, but two-factor authentication, > mandatory >> for accounts with advanced privileges and optionally available for > everyone >> else, would seem to be a logical step. It's not foolproof, but it

would

> go >> a long way to making us less of a soft target. >> >> Cheers, >> Craig >> >>> On 12 November 2016 at 22:22, Fæ <faewik(a)gmail.com> wrote: >>> >>> Do any of the volunteers contributing to this list have ideas for >>> changes that may make a significant difference to security? >>> >>> Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the >>> process appearing to promote an organisation.[1] It was not the only >>> account compromised. This is being analysed, though as there are >>> security issues being examined, the analysis has not been made

public

>>> so far; plus it's the weekend :-) >>> >>> Over the last few years, there have improvements on account set-up

and

this

>>> might be a good moment to encourage the WMF to have better

facilities

>>> built into the projects. We could even make two-factor

identification

>>> a requirement for trusted users, such as administrators, important >>> bots, and "high profile" accounts, where they may have special

rights

>>> that could cause a fair amount of disruption if a hacked account

were

>>> not identified quickly. Considering that some administrator accounts >>> can lie dormant for many months without the actual user monitoring

it,

>>> these could end up being far more disruptive than well-watched >>> accounts like Jimmy's. >>> >>> We may want extra security to remain mostly optional, keeping our >>> projects simple to access. Education of new volunteers and trusted >>> users may be critical for making it effective, such as avoiding

social

>>> hacking. A clearer understanding of what the community would want to >>> see improved would probably help set development priorities. >>> >>> Links >>> 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised >>> 2. https://en.wikipedia.org/wiki/Template:Committed_identity >>> 3. https://en.wikipedia.org/wiki/Multi-factor_authentication >>> >>> Thanks, >>> Fae >>> -- >>> faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae >>> >>> _______________________________________________ >>> Wikimedia-l mailing list, guidelines at:

https://meta.wikimedia.org/

>>> wiki/Mailing_lists/Guidelines >>> New messages to: Wikimedia-l(a)lists.wikimedia.org >>> Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l ,

>>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

unsubscribe>

>> _______________________________________________ >> Wikimedia-l mailing list, guidelines at: >> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines >> New messages to: Wikimedia-l(a)lists.wikimedia.org >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l(a)lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>

Vi to

2:31 p.m.

New subject: How should security of Wikimedia accounts be better?

At a glance I don't see any way to avoid storing numbers somewhere. Other solutions would be physically sent card/tokens (more secure, less cheap, more privacy concerns) or "display once and print" cards with randomly generated numbers to use as 2nd factor (less secure, *so* cheap, no privacy concerns). Anyway we should provide a set of 2FA methods: 2FA with mobile numbers is great for people being not privacy-paranoid (like me). Vito 2016-11-12 15:08 GMT+01:00 Fæ <faewik(a)gmail.com>om>:

...

My phone number is something I consider highly sensitive. Linking this

kind

org/T107605

> > I emphasized on having 2fa for CUs, oversights and others with private

data

> access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <

cfranklin(a)halonetwork.net>

would

public

> > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account set-up

and

this

> > > might be a good moment to encourage the WMF to have better

facilities

> > > built into the projects. We could even make two-factor

identification

> > > a requirement for trusted users, such as administrators, important > > > bots, and "high profile" accounts, where they may have special

rights

> > > that could cause a fair amount of disruption if a hacked account

were

> > > not identified quickly. Considering that some administrator accounts > > > can lie dormant for many months without the actual user monitoring

it,

social

https://meta.wikimedia.org/

> > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l(a)lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=

unsubscribe>

Dariusz Jemielniak

7:19 p.m.

New subject: How should security of Wikimedia accounts be better?

+1 to what Craig wrote: two-factor authentication, with a key stored in an authenticator application (which eliminates the problem of revealing the phone number), would definitely be a great thing - and we could make it opt-in, except for higher level functionaries. best, dariusz On Sat, Nov 12, 2016 at 7:27 AM, Craig Franklin <cfranklin(a)halonetwork.net> wrote:

...

-- __________________________ prof. dr hab. Dariusz Jemielniak kierownik katedry Zarządzania Międzynarodowego i grupy badawczej NeRDS Akademia Leona Koźmińskiego http://n <http://www.crow.alk.edu.pl/>wrds.kozminski.edu.pl członek Akademii Młodych Uczonych Polskiej Akademii Nauk Wyszła pierwsza na świecie etnografia Wikipedii "Common Knowledge? An Ethnography of Wikipedia" (2014, Stanford University Press) mojego autorstwa http://www.sup.org/book.cgi?id=24010 Recenzje Forbes: http://www.forbes.com/fdc/welcome_mjx.shtml Pacific Standard: http://www.psmag.com/navigation/books-and-culture/killed-wikipedia-93777/ Motherboard: http://motherboard.vice.com/read/an-ethnography-of-wikipedia The Wikipedian: http://thewikipedian.net/2014/10/10/dariusz-jemielniak-common-knowledge

MZMcBride

11:34 p.m.

Fæ wrote:

...

Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?

When you log in, you're given a user session. This session, along with local Web browser HTTP cookies, allows you to stay logged in and authenticated as you browse and edit a wiki. We've previously discussed the ability for a user to see all of his or her account's active sessions, similar to what other sites (GitHub, Facebook, Google) already allow. This type of interface lets a user see his or her own active sessions, originating IP addresses and User-Agent strings, and sometimes the interface allows destroying all or some sessions (e.g., if you see a session from the time you logged in to a friend's computer). This type of interface can also be used, for better or worse, to track typical behavior of the user, so that if a user often logs in from a specific IP address range (e.g., their home computer in the UK), a user session that comes from a vastly different IP address range (e.g., a mobile device in Australia) can be flagged and reported to the user. Or, in the case of two-factor authentication, a "suspicious" login attempt can be required to go through additional verification. These types of systems are common for Gmail accounts and some credit card accounts. Regarding a user seeing a list of his or her own active sessions and corresponding information, there was, and there likely still is, considerable opposition to this idea. It's akin to a "self-CheckUser" feature (which I think we should separately support) and there were concerns that we would help vandals, sockpuppets, and other bad users. Some links: * https://www.mediawiki.org/wiki/?curid=117743 * https://www.mediawiki.org/wiki/?curid=156161 * https://phabricator.wikimedia.org/T387 * https://phabricator.wikimedia.org/T29242 MZMcBride

Fæ

13 Nov 13 Nov

2:18 p.m.

New subject: How should security of Wikimedia accounts be better?

Task https://phabricator.wikimedia.org/T150605 I have raised the above task for the WMF to publish an appropriate summary of the behind the scenes analysis of the recent hack of accounts and the claimed copying of the English Wikipedia database (presumably user account tables). The request summary is pasted below for those that don't want to read the detail, though I recommend that technically minded volunteers subscribe to it on Phabricator -- "This is a request for a report of the analysis of the OurMine hack to be published. It is understood that a non-public investigation is necessary, but it also makes sense to be transparent about events and as quickly as possible. This will provide an 'official' public assurance of the steps being taken by the WMF to make the systems more secure. Volunteers have rapidly responded by promoting two-factor authentication, as well as working collegiately on guidance for volunteers. A report of the behind the scenes analysis would aid these efforts and ensure that if wider changes of passwords or the roll-out of 2FA to non-sysop accounts makes sense, that these can be discussed within the community in a positive way. It is likely that volunteer discussions will continue and this will be reported in the Signpost next week, so timing a report in the next few days would be helpful in ensuring factual reporting." Thanks, Fae On 12 November 2016 at 23:34, MZMcBride <z(a)mzmcbride.com> wrote:

...

Fæ wrote:

Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?

-- faewik(a)gmail.com https://commons.wikimedia.org/wiki/User:Fae

2731

days inactive

2733

days old

wikimedia-l@lists.wikimedia.org

Manage subscription

17 comments

9 participants

tags (0)

participants (9)

Amir Ladsgroup
Craig Franklin
Dariusz Jemielniak
Fæ
Gnangarra
MZMcBride
Steinsplitter Wiki
Vi to
Yongmin Hong