Re: [Wikimedia-l] PRISM
Le 2013-06-10 12:21, Fred Bauder a écrit : Correct. If Osama Bin Laden had been editing Wikipedia, before his death of course, through some account in Pakistan, it would have been rather reasonable to respond favorable to a request for information. Be careful, the underlying assumption of such a claim is that it's fine to create information tools and canals as long as it may have legitimate uses, regardless of potential illegitimate uses, without evaluating if the means are proportionate to the goal and if they may have disproportionate consequences on other issues, such as privacy. -- Association Culture-Libre http://www.culture-libre.org/ ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
Le 2013-06-10 14:29, Craig Franklin a écrit : If the NSA, CIA, or some other spook agency is getting information off of Wikimedia servers, they don't have a CU account or anything like that. They'd have a program running at the operating system level that extracts the data in a standardised format and sends it off to some secret server somewhere where it can be collated for data mining purposes. If they have some way of getting private information, it's going to be well hidden and not something you or I are likely to (or capable of) stumbling across. People wherever they work are humans. They never use supranatural powers that are fundamentally innaccessible to the mere mortal because they are mere mortal. Sure one person can hardly expect to achieve more than a structured organisation with far much ressources. It doesn't mean individuals which are not part of one sepcific organisation are powerless. Cheers, Craig On 10 June 2013 20:09, David Gerard dger...@gmail.com wrote: On 10 June 2013 10:56, Florence Devouard anthe...@yahoo.com wrote: Precisely, they could ask to have CU accounts... There are people who closely monitor who has what powers. - d. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l -- Association Culture-Libre http://www.culture-libre.org/ ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
Le 2013-06-10 16:01, John Vandenberg a écrit : It would be good *if* the WMF can provide assurances to editors that they havent received any national security letters or other 'trawling' requests from any U.S. agency. I doubt they can. Even if they say so, how do you check? May be you can teach people what trusting mean, and what are logical limits of trusting. But, to my mind, your proposal would be misguiding people on what is trust. -- Association Culture-Libre http://www.culture-libre.org/ ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
On Tue, Jun 11, 2013 at 5:52 AM, Mathieu Stumpf psychosl...@culture-libre.org wrote: Le 2013-06-10 16:01, John Vandenberg a écrit : It would be good *if* the WMF can provide assurances to editors that they havent received any national security letters or other 'trawling' requests from any U.S. agency. I doubt they can. Even if they say so, how do you check? May be you can teach people what trusting mean, and what are logical limits of trusting. But, to my mind, your proposal would be misguiding people on what is trust. Do the letters require people to lie? If they did, is that something that could be challenged in regular, non-secret court (perhaps with some parts of the lawsuit under seal or something)? On the other hand, the value of this is rather limited. If the WMF can't say it, it could mean that it once received a secret subpoena regarding the IP addresses of someone they had probable cause to believe was involved with some specific terrorist plot. Or it could mean they got a letter requiring all their logs all the time in perpetuity. If you really need your web browsing to be anonymous, what can you do? HTTPS plus an anonymizing proxy plus noscript gets you some level of security. If your browsing habits can reveal your courtroom defense strategy, is this simple form of anonymization enough to trust the freedom of your client? Maybe it depends on how big of a target your client is. If your client is Martin Luther King Jr., and J. Edgar Hoover is the President, maybe you've gotta take a few steps beyond a simple anonymizing proxy. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
Le 2013-06-10 14:29, Craig Franklin a écrit : If the NSA, CIA, or some other spook agency is getting information off of Wikimedia servers, they don't have a CU account or anything like that. They'd have a program running at the operating system level that extracts the data in a standardised format and sends it off to some secret server somewhere where it can be collated for data mining purposes. If they have some way of getting private information, it's going to be well hidden and not something you or I are likely to (or capable of) stumbling across. People wherever they work are humans. They never use supranatural powers that are fundamentally innaccessible to the mere mortal because they are mere mortal. Sure one person can hardly expect to achieve more than a structured organisation with far much ressources. It doesn't mean individuals which are not part of one sepcific organisation are powerless. There will always be humans maintaining the system who must, in order to do their work, have potential access to everything. We have them here in our developers who have access to our databases. This was the niche Snowden filled and why he had access to so much he was not authorized to access. Fred ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
[Wikimedia-l] Fwd: [Wikimediach-l] Wikimedia CH is hiring two new staff
Original-Nachricht Datum: Tue, 11 Jun 2013 11:05:45 +0200 Von:Chantal Ebongué chantal.ebon...@wikimedia.ch Dear all, We are looking for two new staff members : 1. Chief Administrative Officer, 80-100 %, since 1.9.2013 2. Chief Scientific Officer, 80-100 %, since 1.9.2013 Ads are also published on www.wikimedia.ch, www.jobs.ch and www.linkedin.com. Applications (or request for information) can be send to me or to i...@wikimedia.ch. Please inform you network ! Regards Chantal Ebongué, CAO *Wikimedia CH - *www.wikimedia.ch http://www.wikimedia.ch/ Escaliers-du-Marché 2 - 1003 Lausanne - Switzerland Office +41 (0)21 340 66 20 - cell phone +41 (0)78 744 21 82 Skype : chantal.ebongue - chantal.ebon...@wikimedia.ch mailto:chantal.ebon...@wikimedia.ch ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
On Tue, Jun 11, 2013 at 8:09 AM, Fred Bauder fredb...@fairpoint.net wrote: There will always be humans maintaining the system who must, in order to do their work, have potential access to everything. No, there isn't. This statement is about as recklessly false as your previous one that WMF didn't have the logs. We have them here in our developers who have access to our databases. Putting everything in a single database which can be accessed by a single developer is a choice. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
On 06/11/2013 08:19 AM, Anthony wrote: Putting everything in a single database which can be accessed by a single developer is a choice. It is, also, the only *reasonable* choice given the resources at our disposal. I've contracted with CSIS in the past and had the immense pleasure of working with true MLS systems. They are extraordinarily expensive, a nightmare to maintain (the change request cycle necessarily works at the scale of months), and requires about two to three times the staff to manage (because the SA can't be the same person as the SO who can also not be the one performing the actual operations; that's not counting that MLS may partition things further if there are different authorities involved). The WMF protects itself not by partitioning roles and security domains, but by making sure that as much of everything is transparent as is possible, and with normal due diligence and care in selecting those persons who have access to the rest. Put another way: I can see at /least/ two dozen vectors for the NSA (or whichever acronym agency you prefer) to get at every single octet under WMF control without us being able to even know about it. We purchase and use off-the-shelf equipment, do not have to source to every bit of firmware in our datacenters (let alone the ability to *audit* any of it), our hardware is on premises we do not have physical control over, and all our communications are transmitted over packet switched networks constructed out of untrustable parts and under the control of innumerable parties we have no control over. Fixing any /one/ of those holes would cost tens of times our current total operating budget, and would be essentially burned money unless they were all closed -- which turns out to not be possible at all given that we actually *want* the world-at-large to be able to, you know, use our stuff? There is nothing we can do about any of this beyond continuing to be careful and trust in all the numerous employees and volunteer of the WMF (most of whom are outside the US) to start yelling very loudly if something fishy is going on. So let's store the tinfoil hats and get back to work, please? -- Marc ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
Perhaps we as individuals, or the WMF as an organisation, might also like to sign up to Mozilla's campaign stopwatching.us? Blogpost - https://blog.mozilla.org/blog/2013/06/11/stopwatching-us-mozilla-launches-massive-campaign-on-digital-surveillance/ Website - https://optin.stopwatching.us/ I note from the selected list of organisations that have already signed (of whom several are our frequent allies) we would be in good company. -Liam / Wittylama -- wittylama.com Peace, love metadata ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
[+ Advocacy Advisors] On Tue, Jun 11, 2013 at 9:08 AM, Liam Wyatt liamwy...@gmail.com wrote: Perhaps we as individuals, or the WMF as an organisation, might also like to sign up to Mozilla's campaign stopwatching.us? Blogpost - https://blog.mozilla.org/blog/2013/06/11/stopwatching-us-mozilla-launches-massive-campaign-on-digital-surveillance/ Website - https://optin.stopwatching.us/ I note from the selected list of organisations that have already signed (of whom several are our frequent allies) we would be in good company. Hi, Liam- Participating in StopWatching is definitely one of the options. For WMF to get involved in that way, there needs to be a consultation with the Advocacy Advisors list and (time permitting) an RFC. By following that process, we can be sure that the actions WMF takes are consistent with community's opinion on the topic. If you think WMF should be more involved, we (as always) invite and encourage you to start an RFC or discussion on Advocacy Advisors. We would pay close attention to those, and use them to help us guide our next steps. Please let us know if there is anything else we can do to support, of course. (Our full internal policy is at https://meta.wikimedia.org/wiki/Legal_and_Community_Advocacy/Foundation_Policy_and_Political_Association_Guideline#Collaborative_Advocacy). Thanks- Luis -- Luis Villa Deputy General Counsel Wikimedia Foundation 415.839.6885 ext. 6810 NOTICE: This message may be confidential or legally privileged. If you have received it by accident, please delete it and let us know about the mistake. As an attorney for the Wikimedia Foundation, for legal/ethical reasons I cannot give legal advice to, or serve as a lawyer for, community members, volunteers, or staff members in their personal capacity. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
[Wikimedia-l] Some Unanswered Questions
We can guess, of course, and some of us are very good guessers, but here: http://www.scientificamerican.com/article.cfm?id=5-basic-unknowns-nsa-black-hole-prism Fred ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
We'd should ask the NSA if they'd like a Wikipedian-in-Residence. Think of the citations we could add to BLPs! On Jun 10, 2013 2:17 AM, Liam Wyatt liamwy...@gmail.com wrote: This is a simple question with a potentially very complicated answer. What, if any, are the implications of the PRISM scandal for Wikimedia? Does the fact that our servers are based in the US now compromise our mission either in a technical, privacy or an ethical sense? - Liam / Wittylama -- wittylama.com Peace, love metadata ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
On 6/11/2013 1:03 PM, Andy Mabbett wrote: We'd should ask the NSA if they'd like a Wikipedian-in-Residence. Why not just go all the way and ask them to release everything they've collected under a free license? (Well, so the copyright to most of it probably doesn't belong to them. Does that mean we're entitled to royalties for being spied on?) --Michael Snow ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
Would they be considered a reliable source? Peter - Original Message - From: Andy Mabbett a...@pigsonthewing.org.uk To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Sent: Tuesday, June 11, 2013 10:03 PM Subject: Re: [Wikimedia-l] PRISM We'd should ask the NSA if they'd like a Wikipedian-in-Residence. Think of the citations we could add to BLPs! On Jun 10, 2013 2:17 AM, Liam Wyatt liamwy...@gmail.com wrote: This is a simple question with a potentially very complicated answer. What, if any, are the implications of the PRISM scandal for Wikimedia? Does the fact that our servers are based in the US now compromise our mission either in a technical, privacy or an ethical sense? - Liam / Wittylama -- wittylama.com Peace, love metadata ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
[Wikimedia-l] Funds Dissemination Committee first progress reports
Greetings, everyone! Are you curious about what the Funds Dissemination Committee (FDC) Round 1 grantees have been working on these last few months? If you haven't already seen the first progress reports submitted by the FDC Round 1 grantees, come on over and check them out! To find these first quarter progress reports, go to the Round 1 hub on the FDC portal and click on the progress report form Q1 for any of the Round 1 entities [1]. I want to thank all the entities for sharing their progress and learning with us; we have really enjoyed reading the updates and look forward to continuing to learn from them. Second, the FDC staff published a summary of the first progress reports for the FDC. [2] This summary shares some emerging themes and an overview of each of the entity's work to date on programmatic, organizational and financial progress. We have also posted more detailed feedback and questions on the discussion page of all of the individual reports. As ever, contact me with questions or comments! Warm regards, Katy [1] http://meta.wikimedia.org/wiki/FDC_portal/Proposals/2012-2013_round1 [2] http://meta.wikimedia.org/wiki/FDC_portal/Proposals/2012-2013_round1/Staff_summary/Progress_report_form/Q1 ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] PRISM
On Tue, Jun 11, 2013 at 10:41 AM, Marc A. Pelletier m...@uberbox.orgwrote: On 06/11/2013 08:19 AM, Anthony wrote: Putting everything in a single database which can be accessed by a single developer is a choice. It is, also, the only *reasonable* choice given the resources at our disposal. Maybe (*). But my comment was in response to There will always be humans maintaining the system who must, in order to do their work, have potential access to everything. That the commenter extended this to everyone regardless of their resources is evident from the example of Snowden (who didn't have anywhere near access to everything anyway). (*) Which is to say, no, I disagree, but I don't feel like arguing about it. Put another way: I can see at /least/ two dozen vectors for the NSA (or whichever acronym agency you prefer) to get at every single octet under WMF control without us being able to even know about it. Legally? There is nothing we can do about any of this beyond continuing to be careful and trust in all the numerous employees and volunteer of the WMF (most of whom are outside the US) to start yelling very loudly if something fishy is going on. So let's store the tinfoil hats and get back to work, please? Tinfoil hats? These secret subpoenas have been demonstrated to be real. Very few of the employees (and probably none of the volunteers), none of whom are outside the US, would know about them, and those few would be criminally bound to keep quiet about them. This isn't conspiracy theory. This isn't paranoia. It's demonstrated reality. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l