There are sensitive communications over IRC such as harassment investigations, although hopefully not to the degree that sensitive info goes over email. I use what is advertised as a secure method of accessing IRC, but that is still probably much weaker than end-to-end email encryption. We could look into a more secure messaging system, but my top concern is the security of staff email, Google Docs, staff accounts with access to un-sanitized analytics data. I would start there, followed by Arbcom/CU/OS wiki and email accounts, and probably IRC last.
Pine
On Thu, Aug 7, 2014 at 11:34 AM, Ryan Lane rlane32@gmail.com wrote:
On Thu, Aug 7, 2014 at 11:27 AM, Pine W wiki.pine@gmail.com wrote:
There are "good" reasons people would target checkuser accounts, WMF
staff
email accounts, and other accounts that have access to lots of private
info
like functionary email accounts and accounts with access to restricted
IRC
channels.
WMF uses gmail; they should force-require the use of two factor authentication for their employees if they care about that. Restricted IRC channels also don't have anything to do with Wikimedia wiki account security (and IRC security is a joke anyway, so if we're really relying on that to be secure, shame on us).
- Ryan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l