There are sensitive communications over IRC such as harassment
investigations, although hopefully not to the degree that sensitive info
goes over email. I use what is advertised as a secure method of accessing
IRC, but that is still probably much weaker than end-to-end email
encryption. We could look into a more secure messaging system, but my top
concern is the security of staff email, Google Docs, staff accounts with
access to un-sanitized analytics data. I would start there, followed by
Arbcom/CU/OS wiki and email accounts, and probably IRC last.
Pine
On Thu, Aug 7, 2014 at 11:34 AM, Ryan Lane <rlane32(a)gmail.com> wrote:
On Thu, Aug 7, 2014 at 11:27 AM, Pine W
<wiki.pine(a)gmail.com> wrote:
There are "good" reasons people would
target checkuser accounts, WMF
staff
email accounts, and other accounts that have
access to lots of private
info
like functionary email accounts and accounts with
access to restricted
IRC
channels.
WMF uses gmail; they should force-require the use of two factor
authentication for their employees if they care about that. Restricted IRC
channels also don't have anything to do with Wikimedia wiki account
security (and IRC security is a joke anyway, so if we're really relying on
that to be secure, shame on us).
- Ryan
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l