See attachment.
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-d...
Fred
See attachment.
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-d...
"the NSA has created a multi-tiered system that allows analysts to store "interesting" content in other databases, such as one named Pinwale which can store material for up to five years. "
Fred
How is this related to the foundation?
On Wed, Jul 31, 2013 at 9:22 PM, Fred Bauder fredbaud@fairpoint.net wrote:
See attachment.
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-d...
Fred _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Apparently Wikipedia was or is one of the targeted websites.
Risker
On 31 July 2013 15:42, Huib Laurens sterkebak@gmail.com wrote:
How is this related to the foundation?
On Wed, Jul 31, 2013 at 9:22 PM, Fred Bauder fredbaud@fairpoint.net wrote:
See attachment.
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-d...
Fred _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Met vriendelijke groet,
Huib Laurens _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Hmmm, the word "wiki" isn't named anywhere.
On Wed, Jul 31, 2013 at 9:43 PM, Risker risker.wp@gmail.com wrote:
Apparently Wikipedia was or is one of the targeted websites.
Risker
On 31 July 2013 15:42, Huib Laurens sterkebak@gmail.com wrote:
How is this related to the foundation?
On Wed, Jul 31, 2013 at 9:22 PM, Fred Bauder fredbaud@fairpoint.net wrote:
See attachment.
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-d...
Fred _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Met vriendelijke groet,
Huib Laurens _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
It's from a slide they have a bit down the page with our logal about why they are interested in http. You can search for "nearly everything a typical user does on the internet"
You can also see the slide on Jimmy's tweet about said issue: https://twitter.com/jimmy_wales/status/362626509648834560
There is an ongoing thread on wikitech about https again stemming from this.
James
James Alexander Legal and Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Wed, Jul 31, 2013 at 12:44 PM, Huib Laurens sterkebak@gmail.com wrote:
Hmmm, the word "wiki" isn't named anywhere.
On Wed, Jul 31, 2013 at 9:43 PM, Risker risker.wp@gmail.com wrote:
Apparently Wikipedia was or is one of the targeted websites.
Risker
On 31 July 2013 15:42, Huib Laurens sterkebak@gmail.com wrote:
How is this related to the foundation?
On Wed, Jul 31, 2013 at 9:22 PM, Fred Bauder fredbaud@fairpoint.net wrote:
See attachment.
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-d...
Fred _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Met vriendelijke groet,
Huib Laurens _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Met vriendelijke groet,
Huib Laurens _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
I believe the concern derives from one of the subpages of the article: https://image.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/7/31/13752...
(Credit to David Gerard for digging that out; this same issue is under discussion on the Wikitech-L list.)
Risker
On 31 July 2013 15:44, Huib Laurens sterkebak@gmail.com wrote:
Hmmm, the word "wiki" isn't named anywhere.
On Wed, Jul 31, 2013 at 9:43 PM, Risker risker.wp@gmail.com wrote:
Apparently Wikipedia was or is one of the targeted websites.
Risker
On 31 July 2013 15:42, Huib Laurens sterkebak@gmail.com wrote:
How is this related to the foundation?
On Wed, Jul 31, 2013 at 9:22 PM, Fred Bauder fredbaud@fairpoint.net wrote:
See attachment.
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-d...
Fred _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Met vriendelijke groet,
Huib Laurens _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Met vriendelijke groet,
Huib Laurens _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Wed, Jul 31, 2013 at 12:48 PM, Risker risker.wp@gmail.com wrote:
I believe the concern derives from one of the subpages of the article:
https://image.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/7/31/13752...
(Credit to David Gerard for digging that out; this same issue is under discussion on the Wikitech-L list.)
Risker
Aye, it's a short bit down the page but included around screenshots and explanations of the tools they use to analyze traffic by keyword (and so what led to Jimmy's understandable reaction imo)
James
On 31 July 2013 20:48, Risker risker.wp@gmail.com wrote:
I believe the concern derives from one of the subpages of the article: https://image.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/7/31/13752... (Credit to David Gerard for digging that out; this same issue is under discussion on the Wikitech-L list.)
Yes, that's the image that made me say out loud "Fuck. Fuck these people."
- d.
On 31 July 2013 21:00, David Gerard dgerard@gmail.com wrote:
On 31 July 2013 20:48, Risker risker.wp@gmail.com wrote:
I believe the concern derives from one of the subpages of the article: https://image.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/7/31/13752... (Credit to David Gerard for digging that out; this same issue is under discussion on the Wikitech-L list.)
Yes, that's the image that made me say out loud "Fuck. Fuck these people."
How DARE they use us as their example. HOW DARE THEY.
- d.
On Wed, Jul 31, 2013 at 1:00 PM, David Gerard dgerard@gmail.com wrote:
On 31 July 2013 21:00, David Gerard dgerard@gmail.com wrote:
On 31 July 2013 20:48, Risker risker.wp@gmail.com wrote:
I believe the concern derives from one of the subpages of the article:
https://image.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/7/31/13752...
(Credit to David Gerard for digging that out; this same issue is under discussion on the Wikitech-L list.)
Yes, that's the image that made me say out loud "Fuck. Fuck these
people."
How DARE they use us as their example. HOW DARE THEY.
Why would we expect that we weren't being targeted? Knowing what people are looking up is powerful knowledge.
- Ryan
On 31 July 2013 21:47, Ryan Lane rlane@wikimedia.org wrote:
Why would we expect that we weren't being targeted? Knowing what people are looking up is powerful knowledge.
That doesn't make it one dot less reprehensible.
- d.
No, but presenting an appearance of surprise is a bit disingenuous. P ----- Original Message ----- From: "David Gerard" dgerard@gmail.com To: "Wikimedia Mailing List" wikimedia-l@lists.wikimedia.org Sent: Wednesday, July 31, 2013 11:10 PM Subject: Re: [Wikimedia-l] NSA
On 31 July 2013 21:47, Ryan Lane rlane@wikimedia.org wrote:
Why would we expect that we weren't being targeted? Knowing what people are looking up is powerful knowledge.
That doesn't make it one dot less reprehensible.
- d.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Wed, Jul 31, 2013 at 3:47 PM, Ryan Lane rlane@wikimedia.org wrote:
Why would we expect that we weren't being targeted? Knowing what people are looking up is powerful knowledge.
- Ryan
Indeed. It's much more safe and sensible to just go down to your library and check out a book.
Oh, wait.
What surprises me is that anyone is surprised by any of this information.
It's one thing to have suspicions and theories about it; but if the third party is constantly denying the allegations and with no recourse there's no point in getting angry. Now that we have reasonable doubt, I hesitate to call it proof, we can start making tremendous amounts of noise.
~Matt Walker
On Wed, Jul 31, 2013 at 5:53 PM, Matthew Walker mwalker@wikimedia.org wrote:
What surprises me is that anyone is surprised by any of this information.
It's one thing to have suspicions and theories about it; but if the third party is constantly denying the allegations and with no recourse there's no point in getting angry. Now that we have reasonable doubt, I hesitate to call it proof, we can start making tremendous amounts of noise.
~Matt Walker
I think that's just naive. Of course it was always denied until it became impossible to deny it. That's how these things work. But I have honestly assumed for many years that virtually everything transmitted over almost any electronic medium was collected and analyzed in some way. That appears to be the case, and in fact, I expected them to have gone further than they have. It seems that most of the data they collect is wiped within 3 days; that the data itself can only be analyzed under a fairly specific set of minimization rules after the approval of a senior executive in the administration, that the rules are drawn from generally accepted 4th amendment jurisprudence, etc.
The cynic in me is also convinced that virtually all Western countries do the same sort of thing, if probably on a smaller scale. I would bet all the money I have that at a minimum the French, the English and the Germans maintain roughly similar intelligence gathering programs. But of course, they will deny it until it becomes impossible to deny it.
On 31 July 2013 23:01, Nathan nawrich@gmail.com wrote:
I think that's just naive. Of course it was always denied until it became impossible to deny it. That's how these things work. But I have honestly assumed for many years that virtually everything transmitted over almost any electronic medium was collected and analyzed in some way. That appears to be the case, and in fact, I expected them to have
Well done! You're very clever.
- d.
Thanks David. Always appreciate your wit.
That said, I wasn't claiming that anticipating being monitored was exceptional. Quite the opposite; I said I was surprised there was anyone who didn't already assume everything was trapped and traced. Your reaction of "Fuck. Fuck these people." suggests you were surprised they might be keeping tabs on Wikipedia. Although I wouldn't take the use of the Wikipedia logo as complete confirmation (it could just be an illustration, for the audience, of how much people use http traffic), its hard to imagine most people would be shocked to learn Wikipedia traffic isn't exempt from a dragnet that catches literally everything else.
~Nathan
And another thought - you know what unites most of the other companies represented by the logos in that image? Leaks have confirmed that most of them are the subject of secret orders to turn over huge amounts of raw data to the government. They are all bound to secrecy by law, so without permission none of them are permitted to describe or disclose the nature or extent of the data demands the U.S. government has made.
Now if you imagine the puzzle globe on that slide implies that Wikipedia traffic is retained for intelligence analysis, it's a short hop to assume that the Wikimedia Foundation is also the subject of a blanket order transferring its server logs to the NSA.
On 7/31/2013 3:31 PM, Nathan wrote:
And another thought - you know what unites most of the other companies represented by the logos in that image? Leaks have confirmed that most of them are the subject of secret orders to turn over huge amounts of raw data to the government. They are all bound to secrecy by law, so without permission none of them are permitted to describe or disclose the nature or extent of the data demands the U.S. government has made.
Now if you imagine the puzzle globe on that slide implies that Wikipedia traffic is retained for intelligence analysis, it's a short hop to assume that the Wikimedia Foundation is also the subject of a blanket order transferring its server logs to the NSA.
Facebook, Google, Yahoo, and Twitter, yes. But mail.ru? The shift from "most" to "all" in the first paragraph may make it easy to assume the similarity is universal, but it's ignoring the full context. That kind of rhetorical shift is a favorite trick of conspiracy theorists, it's how they get you to make those short hops to unwarranted conclusions.
--Michael Snow
On Wed, Jul 31, 2013 at 7:11 PM, Michael Snow wikipedia@frontier.com wrote:
On 7/31/2013 3:31 PM, Nathan wrote:
And another thought - you know what unites most of the other companies represented by the logos in that image? Leaks have confirmed that most of them are the subject of secret orders to turn over huge amounts of raw data to the government. They are all bound to secrecy by law, so without permission none of them are permitted to describe or disclose the nature or extent of the data demands the U.S. government has made.
Now if you imagine the puzzle globe on that slide implies that Wikipedia traffic is retained for intelligence analysis, it's a short hop to assume that the Wikimedia Foundation is also the subject of a blanket order transferring its server logs to the NSA.
Facebook, Google, Yahoo, and Twitter, yes. But mail.ru? The shift from "most" to "all" in the first paragraph may make it easy to assume the similarity is universal, but it's ignoring the full context. That kind of rhetorical shift is a favorite trick of conspiracy theorists, it's how they get you to make those short hops to unwarranted conclusions.
--Michael Snow
It's hardly a conspiracy theory. Given the differences between mail.ru and Wikipedia, I should think it would be clear why one might be subject to a direct demand for transferring data while the other is not. If anything, I think it's more reasonable to assume that Wikipedia (which shares many features with Google, Yahoo, Twitter, Facebook and other social networks) has been the subject of this kind of demand than that it hasn't. No one with direct knowledge would be able to do anything other than deny it, but we can easily see why data held by Wikipedia (including partially anonymized e-mails, file uploads, talk page communication, etc.) would be of interest to intelligence agencies.
I think it's more reasonable to assume that
Wikipedia (which shares many features with Google, Yahoo, Twitter, Facebook and other social networks) has been the subject of this kind of demand than that it hasn't. No one with direct knowledge would be able to do anything other than deny it, but we can easily see why data held by Wikipedia (including partially anonymized e-mails, file uploads, talk page communication, etc.) would be of interest to intelligence agencies.
The capacity of the Wikimedia Foundation to keep a secret of this nature is law. Simply too many outlaws; something NSA could probably figure out; they are not called intelligence for nothing.
Fred
On Wed, Jul 31, 2013 at 4:52 PM, Nathan nawrich@gmail.com wrote:
On Wed, Jul 31, 2013 at 7:11 PM, Michael Snow wikipedia@frontier.com wrote:
On 7/31/2013 3:31 PM, Nathan wrote:
And another thought - you know what unites most of the other companies represented by the logos in that image? Leaks have confirmed that most of them are the subject of secret orders to turn over huge amounts of raw data to the government. They are all bound to secrecy by law, so without permission none of them are permitted to describe or disclose the nature or extent of the data demands the U.S. government has made.
Now if you imagine the puzzle globe on that slide implies that Wikipedia traffic is retained for intelligence analysis, it's a short hop to assume that the Wikimedia Foundation is also the subject of a blanket order transferring its server logs to the NSA.
Facebook, Google, Yahoo, and Twitter, yes. But mail.ru? The shift from "most" to "all" in the first paragraph may make it easy to assume the similarity is universal, but it's ignoring the full context. That kind of rhetorical shift is a favorite trick of conspiracy theorists, it's how
they
get you to make those short hops to unwarranted conclusions.
--Michael Snow
It's hardly a conspiracy theory. Given the differences between mail.ru and Wikipedia, I should think it would be clear why one might be subject to a direct demand for transferring data while the other is not. If anything, I think it's more reasonable to assume that Wikipedia (which shares many features with Google, Yahoo, Twitter, Facebook and other social networks) has been the subject of this kind of demand than that it hasn't. No one with direct knowledge would be able to do anything other than deny it, but we can easily see why data held by Wikipedia (including partially anonymized e-mails, file uploads, talk page communication, etc.) would be of interest to intelligence agencies.
I would be fired and jailed before I knowingly let that occur. If this was the case I'd very surely not be working for Wikimedia Foundation.
- Ryan
On 07/31/2013 09:27 PM, Ryan Lane wrote:
I would be fired and jailed before I knowingly let that occur. If this was the case I'd very surely not be working for Wikimedia Foundation.
And very many of us live outside the jurisdiction of the entities that would be doing the monitoring and would be very noisy indeed if something of that nature took place.
-- Marc
Also keep in mind that WMF has explicitly stated that they received no such demand. If they had, they still could say "If we had received such a demand, we couldn't legally discuss it", still comply with the order, and let us read between the lines. While I don't always agree with WMF, I have more regard for them than to think they would flat out lie about a matter that important. On Jul 31, 2013 7:59 PM, "Marc A. Pelletier" marc@uberbox.org wrote:
On 07/31/2013 09:27 PM, Ryan Lane wrote:
I would be fired and jailed before I knowingly let that occur. If this
was
the case I'd very surely not be working for Wikimedia Foundation.
And very many of us live outside the jurisdiction of the entities that would be doing the monitoring and would be very noisy indeed if something of that nature took place.
-- Marc
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Wed, Jul 31, 2013 at 9:27 PM, Ryan Lane rlane@wikimedia.org wrote:
I would be fired and jailed before I knowingly let that occur. If this was the case I'd very surely not be working for Wikimedia Foundation.
Key word there being "knowingly".
On 01/08/13 14:15, Anthony wrote:
On Wed, Jul 31, 2013 at 9:27 PM, Ryan Lane rlane@wikimedia.org wrote:
I would be fired and jailed before I knowingly let that occur. If this was the case I'd very surely not be working for Wikimedia Foundation.
Key word there being "knowingly".
I don't know why the NSA would sneak around in our data centres mirroring our ethernet ports if they already have almost all of our access logs by capturing unencrypted traffic as it passes through XKeyscore nodes.
I think you should save the conspiracy theories until after we switch anons to HTTPS, that's when they will have an incentive.
-- Tim Starling
very helpful, james. thanks so much for clue-ing me in. definitely want to know more of the backstory on the chapters sometime. ttyt :)
On Wednesday, July 31, 2013, Tim Starling wrote:
On 01/08/13 14:15, Anthony wrote:
On Wed, Jul 31, 2013 at 9:27 PM, Ryan Lane <rlane@wikimedia.orgjavascript:;>
wrote:
I would be fired and jailed before I knowingly let that occur. If this
was
the case I'd very surely not be working for Wikimedia Foundation.
Key word there being "knowingly".
I don't know why the NSA would sneak around in our data centres mirroring our ethernet ports if they already have almost all of our access logs by capturing unencrypted traffic as it passes through XKeyscore nodes.
I think you should save the conspiracy theories until after we switch anons to HTTPS, that's when they will have an incentive.
-- Tim Starling
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org javascript:; Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org javascript:; ?subject=unsubscribe>
Whoops! :) That wasn't meant to be a reply-to-all. Sorry, everyone. Rookie mistake... :]
On Wed, Jul 31, 2013 at 10:36 PM, Anna Koval akoval@wikimedia.org wrote:
very helpful, james. thanks so much for clue-ing me in. definitely want to know more of the backstory on the chapters sometime. ttyt :)
On Wednesday, July 31, 2013, Tim Starling wrote:
On 01/08/13 14:15, Anthony wrote:
On Wed, Jul 31, 2013 at 9:27 PM, Ryan Lane rlane@wikimedia.org wrote:
I would be fired and jailed before I knowingly let that occur. If this
was
the case I'd very surely not be working for Wikimedia Foundation.
Key word there being "knowingly".
I don't know why the NSA would sneak around in our data centres mirroring our ethernet ports if they already have almost all of our access logs by capturing unencrypted traffic as it passes through XKeyscore nodes.
I think you should save the conspiracy theories until after we switch anons to HTTPS, that's when they will have an incentive.
-- Tim Starling
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- *Anna Koval* Community Advocate Wikimedia Foundation 415-839-6885 x 6729 akoval@wikimedia.org
On Thu, Aug 1, 2013 at 6:44 AM, Tim Starling tstarling@wikimedia.org wrote:
On 01/08/13 14:15, Anthony wrote:
On Wed, Jul 31, 2013 at 9:27 PM, Ryan Lane rlane@wikimedia.org wrote:
I would be fired and jailed before I knowingly let that occur. If this was the case I'd very surely not be working for Wikimedia Foundation.
Key word there being "knowingly".
I don't know why the NSA would sneak around in our data centres mirroring our ethernet ports if they already have almost all of our access logs by capturing unencrypted traffic as it passes through XKeyscore nodes.
I think you should save the conspiracy theories until after we switch anons to HTTPS, that's when they will have an incentive.
tim, and ryan, that is not 100% true. since at least 2010 we know from articles like these: * http://www.wired.com/threatlevel/2010/03/packet-forensics/ * https://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governme... that man-in-the middle attacks are possible with and without HTTPS at XKeyscore nodes. the basic problem is, that wikipedia contents is stored in the U.S., and the site is using certificates issued in the U.S. the same country and legislation the NSA is located. this means the certificates can be compromised and users would not (easily) notice it.
the best sign against snooping internet traffic would be if wikipedia will change the hosting to a different country, and use a different countries ssl certificate. you can bet, that the perceived impact on the U.S. business will be so huge that this intolerable practice will stop, at source, at NSA.
btw, ryan, you talked about firing and jailing - if you did not know that or if you knew it and ignored it, you should be fired or not work at WMF ;) it is _you_ who need to warn about the location beeing vulnerable, and it is _you_ who decide to use vulnerable digicert certificates. but you of course will not be jailed - this seems to happen to people revealing that xkeyscore exists ...
rupert.
On Thu, Aug 1, 2013 at 12:44 AM, Tim Starling tstarling@wikimedia.orgwrote:
On 01/08/13 14:15, Anthony wrote:
On Wed, Jul 31, 2013 at 9:27 PM, Ryan Lane rlane@wikimedia.org wrote:
I would be fired and jailed before I knowingly let that occur. If this
was
the case I'd very surely not be working for Wikimedia Foundation.
Key word there being "knowingly".
I don't know why the NSA would sneak around in our data centres mirroring our ethernet ports if they already have almost all of our access logs by capturing unencrypted traffic as it passes through XKeyscore nodes.
Especially not when they can get someone else to do it for them.
I think you should save the conspiracy theories until after we switch
anons to HTTPS, that's when they will have an incentive.
And I thought Ryan Lane was talking about the future, not the past. I certainly was.
On Thursday, August 1, 2013, Anthony wrote:
On Thu, Aug 1, 2013 at 12:44 AM, Tim Starling <tstarling@wikimedia.orgjavascript:;
wrote:
On 01/08/13 14:15, Anthony wrote:
On Wed, Jul 31, 2013 at 9:27 PM, Ryan Lane <rlane@wikimedia.orgjavascript:;>
wrote:
I would be fired and jailed before I knowingly let that occur. If this
was
the case I'd very surely not be working for Wikimedia Foundation.
Key word there being "knowingly".
I don't know why the NSA would sneak around in our data centres mirroring our ethernet ports if they already have almost all of our access logs by capturing unencrypted traffic as it passes through XKeyscore nodes.
Especially not when they can get someone else to do it for them.
I think you should save the conspiracy theories until after we switch
anons to HTTPS, that's when they will have an incentive.
And I thought Ryan Lane was talking about the future, not the past. I certainly was.
I'm talking about both.
- Ryan
Anthony wrote:
And I thought Ryan Lane was talking about the future, not the past. I certainly was.
I think we should focus on the present, personally.
If a user goes to https://wikipedia.org, they're quietly redirected to http://www.wikipedia.org. This is true of a large number of domains (e.g., https://wikimedia.org and https://mediawiki.org).
This has been known about since at least October 2011 (cf. https://bugzilla.wikimedia.org/31369) and everyone seems to agree that it's a pretty evil bug (a user knowingly tries to access a site over HTTPS and is unknowingly routed to HTTP). And yet it's August 2013 and the best response we seem to have come up with is "install a client-side browser plugin" and "we're working on it."
It's difficult to believe that the Wikimedia Foundation is committed to user privacy when bugs like this go unresolved after so many months. This bug will celebrate its second birthday in less than two months.
MZMcBride
On 07/31/2013 07:52 PM, Nathan wrote:
If anything, I think it's more reasonable to assume that Wikipedia (which shares many features with Google, Yahoo, Twitter, Facebook and other social networks) has been the subject of this kind of demand than that it hasn't.
You're also making an unwarranted leap there: that the Foundation would comply with such a demand, if one was made, rather than fight it tooth and nail. In fact, the WMF probably has acquired quite a reputation amongst intelligence circles as being quire uncooperative when it comes to stomping faces with boots.
There are very few people who work for an organization that has as its primary objective the free dissemination of knowledge that wouldn't be willing to rattle the cages of those who seek to suppress it. If nothing else, we are very good at pointing out egg on faces in a very public, very visible way.
-- Marc
Does the law actually require them to lie about data demands when questioned? P ----- Original Message ----- From: "Nathan" nawrich@gmail.com To: "Wikimedia Mailing List" wikimedia-l@lists.wikimedia.org Sent: Thursday, August 01, 2013 1:52 AM Subject: Re: [Wikimedia-l] NSA
On Wed, Jul 31, 2013 at 7:11 PM, Michael Snow wikipedia@frontier.com wrote:
On 7/31/2013 3:31 PM, Nathan wrote:
And another thought - you know what unites most of the other companies represented by the logos in that image? Leaks have confirmed that most of them are the subject of secret orders to turn over huge amounts of raw data to the government. They are all bound to secrecy by law, so without permission none of them are permitted to describe or disclose the nature or extent of the data demands the U.S. government has made.
Now if you imagine the puzzle globe on that slide implies that Wikipedia traffic is retained for intelligence analysis, it's a short hop to assume that the Wikimedia Foundation is also the subject of a blanket order transferring its server logs to the NSA.
Facebook, Google, Yahoo, and Twitter, yes. But mail.ru? The shift from "most" to "all" in the first paragraph may make it easy to assume the similarity is universal, but it's ignoring the full context. That kind of rhetorical shift is a favorite trick of conspiracy theorists, it's how they get you to make those short hops to unwarranted conclusions.
--Michael Snow
It's hardly a conspiracy theory. Given the differences between mail.ru and Wikipedia, I should think it would be clear why one might be subject to a direct demand for transferring data while the other is not. If anything, I think it's more reasonable to assume that Wikipedia (which shares many features with Google, Yahoo, Twitter, Facebook and other social networks) has been the subject of this kind of demand than that it hasn't. No one with direct knowledge would be able to do anything other than deny it, but we can easily see why data held by Wikipedia (including partially anonymized e-mails, file uploads, talk page communication, etc.) would be of interest to intelligence agencies.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Wed, Jul 31, 2013 at 4:11 PM, Michael Snow wikipedia@frontier.comwrote:
Now if you imagine the puzzle globe on that slide implies that Wikipedia traffic is retained for intelligence analysis, it's a short hop to assume that the Wikimedia Foundation is also the subject of a blanket order transferring its server logs to the NSA.
Facebook, Google, Yahoo, and Twitter, yes. But mail.ru? The shift from "most" to "all" in the first paragraph may make it easy to assume the similarity is universal, but it's ignoring the full context. That kind of rhetorical shift is a favorite trick of conspiracy theorists, it's how they get you to make those short hops to unwarranted conclusions.
Thanks for the voice of reason, Michael.
As a quick reminder here, before any conspiracy theories about orders and data retention get out of control:
1) We've flat-out denied any sort of involvement in this, and we continue to stand by that denial: https://blog.wikimedia.org/2013/06/14/prism-surveillance-wikimedia/
2) Take with a grain of salt, of course, but our understanding (based on the few gag orders that have been made public) is that we could be forced to not confirm having received a National Security Letter, but we can't actually be forced to lie about it. In other words, if we'd received one we would not be allowed to say "we've received one", but we also could not be forced to deny it - we'd always have the option to remain silent instead.
3) We understand that the rules cause some people not to trust our denial, and can't entirely blame them! That is why we've asked the government to change the rules, so that you can have more trust in us next time we issue the same denial: https://blog.wikimedia.org/2013/07/18/wikimedia-foundation-letter-transparen...
This is not to say that the http/https issue isn't important; like Engineering, we think progress on that issue is important. But it is important to keep "we don't yet deploy https as widely as we'd like" separate from "there are secret orders to transfer all our logs to the NSA."
Thanks- Luis
Thanks, This answers my question. P ----- Original Message ----- From: "Luis Villa" lvilla@wikimedia.org To: "Wikimedia Mailing List" wikimedia-l@lists.wikimedia.org Sent: Thursday, August 01, 2013 2:13 AM Subject: Re: [Wikimedia-l] NSA
On Wed, Jul 31, 2013 at 4:11 PM, Michael Snow wikipedia@frontier.comwrote:
Now if you imagine the puzzle globe on that slide implies that Wikipedia traffic is retained for intelligence analysis, it's a short hop to assume that the Wikimedia Foundation is also the subject of a blanket order transferring its server logs to the NSA.
Facebook, Google, Yahoo, and Twitter, yes. But mail.ru? The shift from "most" to "all" in the first paragraph may make it easy to assume the similarity is universal, but it's ignoring the full context. That kind of rhetorical shift is a favorite trick of conspiracy theorists, it's how they get you to make those short hops to unwarranted conclusions.
Thanks for the voice of reason, Michael.
As a quick reminder here, before any conspiracy theories about orders and data retention get out of control:
- We've flat-out denied any sort of involvement in this, and we continue
to stand by that denial: https://blog.wikimedia.org/2013/06/14/prism-surveillance-wikimedia/
- Take with a grain of salt, of course, but our understanding (based on
the few gag orders that have been made public) is that we could be forced to not confirm having received a National Security Letter, but we can't actually be forced to lie about it. In other words, if we'd received one we would not be allowed to say "we've received one", but we also could not be forced to deny it - we'd always have the option to remain silent instead.
- We understand that the rules cause some people not to trust our denial,
and can't entirely blame them! That is why we've asked the government to change the rules, so that you can have more trust in us next time we issue the same denial: https://blog.wikimedia.org/2013/07/18/wikimedia-foundation-letter-transparen...
This is not to say that the http/https issue isn't important; like Engineering, we think progress on that issue is important. But it is important to keep "we don't yet deploy https as widely as we'd like" separate from "there are secret orders to transfer all our logs to the NSA."
Thanks- Luis
-- Luis Villa Deputy General Counsel Wikimedia Foundation 415.839.6885 ext. 6810
NOTICE: *This message may be confidential or legally privileged. If you have received it by accident, please delete it and let us know about the mistake. As an attorney for the Wikimedia Foundation, for legal/ethical reasons I cannot give legal advice to, or serve as a lawyer for, community members, volunteers, or staff members in their personal capacity.* _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Wed, Jul 31, 2013 at 5:13 PM, Luis Villa lvilla@wikimedia.org wrote:
As a quick reminder here, before any conspiracy theories about orders and data retention get out of control:
- We've flat-out denied any sort of involvement in this, and we continue
to stand by that denial: https://blog.wikimedia.org/2013/06/14/prism-surveillance-wikimedia/
- Take with a grain of salt, of course, but our understanding (based on
the few gag orders that have been made public) is that we could be forced to not confirm having received a National Security Letter, but we can't actually be forced to lie about it. In other words, if we'd received one we would not be allowed to say "we've received one", but we also could not be forced to deny it - we'd always have the option to remain silent instead.
<snip>
If we are going to chase crazy down the rabbit hole, then it may be worth noticing that the NSL gag order makes it a crime to discuss NSL demands with anyone except A) personal legal counsel, and B) persons who are directly necessary to fulfill the demand. In particular, if I (as an individual) am served with an NSL then there is no provision allowing me to tell my boss or my subordinates unless I directly need their help to satisfy the request. If someone with root access were directly served with an NSL, it isn't obvious that WMF executives would ever learn about it. This is one of the ways that NSL gag orders are ridiculous.
-Robert Rohde
The letters must be sent to the organization rather than an individual. The idea of going to an individual employee and strongarming them may happen, but the law around NSLs is specific.
The court cases to date indicate that if an individual employee got a US NSL and sued over it, the judge would likely take actions that would end the FBI agents careers.
Such individual strongarming would almost certainly use threats or MICE (money, ideology, compromise, ego) enticements and no paper trail to have to testify over in court later.
George William Herbert Sent from my iPhone
On Aug 1, 2013, at 2:31 AM, Robert Rohde rarohde@gmail.com wrote:
On Wed, Jul 31, 2013 at 5:13 PM, Luis Villa lvilla@wikimedia.org wrote:
As a quick reminder here, before any conspiracy theories about orders and data retention get out of control:
- We've flat-out denied any sort of involvement in this, and we continue
to stand by that denial: https://blog.wikimedia.org/2013/06/14/prism-surveillance-wikimedia/
- Take with a grain of salt, of course, but our understanding (based on
the few gag orders that have been made public) is that we could be forced to not confirm having received a National Security Letter, but we can't actually be forced to lie about it. In other words, if we'd received one we would not be allowed to say "we've received one", but we also could not be forced to deny it - we'd always have the option to remain silent instead.
<snip>
If we are going to chase crazy down the rabbit hole, then it may be worth noticing that the NSL gag order makes it a crime to discuss NSL demands with anyone except A) personal legal counsel, and B) persons who are directly necessary to fulfill the demand. In particular, if I (as an individual) am served with an NSL then there is no provision allowing me to tell my boss or my subordinates unless I directly need their help to satisfy the request. If someone with root access were directly served with an NSL, it isn't obvious that WMF executives would ever learn about it. This is one of the ways that NSL gag orders are ridiculous.
-Robert Rohde
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
It is funny (but also sad) to see how people thought that Internet privacy was respected in Western world. Almost 99% only worried about China/Iran Internet monitoring and censorship but we had here the most comprehensive spy system logging every site you read.
Wake up!
And "non-western" countries probably go further if their technological capacity allows it. If you are not being spied on by "somebody" it is because no-one could be bothered or they havent got around to it yet, not because any law protects your privacy. P ----- Original Message ----- From: "Nathan" nawrich@gmail.com To: "Wikimedia Mailing List" wikimedia-l@lists.wikimedia.org Sent: Thursday, August 01, 2013 12:01 AM Subject: Re: [Wikimedia-l] NSA
On Wed, Jul 31, 2013 at 5:53 PM, Matthew Walker mwalker@wikimedia.org wrote:
What surprises me is that anyone is surprised by any of this information.
It's one thing to have suspicions and theories about it; but if the third party is constantly denying the allegations and with no recourse there's no point in getting angry. Now that we have reasonable doubt, I hesitate to call it proof, we can start making tremendous amounts of noise.
~Matt Walker
I think that's just naive. Of course it was always denied until it became impossible to deny it. That's how these things work. But I have honestly assumed for many years that virtually everything transmitted over almost any electronic medium was collected and analyzed in some way. That appears to be the case, and in fact, I expected them to have gone further than they have. It seems that most of the data they collect is wiped within 3 days; that the data itself can only be analyzed under a fairly specific set of minimization rules after the approval of a senior executive in the administration, that the rules are drawn from generally accepted 4th amendment jurisprudence, etc.
The cynic in me is also convinced that virtually all Western countries do the same sort of thing, if probably on a smaller scale. I would bet all the money I have that at a minimum the French, the English and the Germans maintain roughly similar intelligence gathering programs. But of course, they will deny it until it becomes impossible to deny it.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Look at the attached image.
Fred
Hmmm, the word "wiki" isn't named anywhere.
On Wed, Jul 31, 2013 at 9:43 PM, Risker risker.wp@gmail.com wrote:
Apparently Wikipedia was or is one of the targeted websites.
Risker
On 31 July 2013 15:42, Huib Laurens sterkebak@gmail.com wrote:
How is this related to the foundation?
On Wed, Jul 31, 2013 at 9:22 PM, Fred Bauder fredbaud@fairpoint.net wrote:
See attachment.
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-d...
Fred _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Met vriendelijke groet,
Huib Laurens _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Met vriendelijke groet,
Huib Laurens _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
wikimedia-l@lists.wikimedia.org