Re: [Wikimedia-l] PRISM

2013-06-10 Thread Benjamin Lees
On Sun, Jun 9, 2013 at 11:05 PM, Anthony wikim...@inbox.org wrote: By access logs I meant HTTP access logs. It's pretty clear that without taking extraordinary measures, what you're editing is not anonymous. But some people are probably under the impression that what they're reading and

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Federico Leva (Nemo)
Benjamin Lees, 10/06/2013 08:13: http://thread.gmane.org/gmane.org.wikimedia.foundation/49712/focus=49727 is probably relevant (if what Domas said then is still true). While I'm not aware of privacy changing substantially, speaking of fantastic names, Kraken is going to change things a bit

Re: [Wikimedia-l] PRISM

2013-06-10 Thread James Salsman
Federico Leva wrote: ... WMF will log the same (partial) data, but for 100 % of visits rather than 1/1000. How much more will that cause the Foundation to spend on processing subpoenas from law enforcement agencies? Will those agencies be charged for the time and organizational overhead of

[Wikimedia-l] Wikimedia CH General Assembly and 2014 Call for project

2013-06-10 Thread Charles Andrès
Dear all, ==AGM== Wikimedia CH had its Annual General Meeting, April the 27 this year. A new board has been elected, and will officially start its mandate June 27: President: Charles Andrès (reelected) Secretary: Frédéric Schutz (reelected nut new secretary, FR press contact) Treasurer:

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Tobias
On 06/10/2013 08:49 AM, Federico Leva (Nemo) wrote: Benjamin Lees, 10/06/2013 08:13: http://thread.gmane.org/gmane.org.wikimedia.foundation/49712/focus=49727 is probably relevant (if what Domas said then is still true). While I'm not aware of privacy changing substantially, speaking of

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Florence Devouard
Precisely, they could ask to have CU accounts... Flo On 6/10/13 4:53 AM, Benoit Landry wrote: What information could the WMF disclose that isn't already available to some volunteers anyhow? The IP addresses of logged-in editors are visible to volunteer CUs; deleted revisions and log entries

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
Everything passing over the internet is archived. Nearly everything done at Wikipedia passes over the internet. Fred My understanding is that PRISM focused on private electronic communication. I can't see a situation where we would be concerned by that. But some official statement could

Re: [Wikimedia-l] PRISM

2013-06-10 Thread David Gerard
On 10 June 2013 10:56, Florence Devouard anthe...@yahoo.com wrote: Precisely, they could ask to have CU accounts... There are people who closely monitor who has what powers. - d. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Tobias
On 06/10/2013 04:53 AM, Benoit Landry wrote: What information could the WMF disclose that isn't already available to some volunteers anyhow? The IP addresses of logged-in editors are visible to volunteer CUs; deleted revisions and log entries are visible to all volunteers admins. Wikipedia's

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
There is plenty of reason to think the government would be interested in Wikipedia access logs. On the other hand, there's very little reason to believe an organization when they say they haven't been turning over information under a top secret order which they're not allowed to tell anyone

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Tobias
On 06/10/2013 03:17 AM, Liam Wyatt wrote: This is a simple question with a potentially very complicated answer. What, if any, are the implications of the PRISM scandal for Wikimedia? Does the fact that our servers are based in the US now compromise our mission either in a technical,

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Tomasz W. Kozlowski
Tobias wrote: I think Wikimedia should protest openly against such unethical surveillance. While previous posts have pointed out that indeed Wikipedia contains less private information than Facebook or Google, it still has a lot that should remain private. Most notably access logs of both

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Craig Franklin
If the NSA, CIA, or some other spook agency is getting information off of Wikimedia servers, they don't have a CU account or anything like that. They'd have a program running at the operating system level that extracts the data in a standardised format and sends it off to some secret server

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
On Mon, Jun 10, 2013 at 6:10 AM, Fred Bauder fredb...@fairpoint.net wrote: Everything passing over the internet is archived. Nearly everything done at Wikipedia passes over the internet. Encrypted, if you're using https everywhere (and Wikipedia hasn't intentionally or unintentionally

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Theo10011
I don't understand this line of discussion. From an intelligence stand-point, the goal of the program seems to be communication interception COMINT through SIGAD means. From phone calls, to emails, to private and public posts. I'm not sure how that would have any bearing on Wikipedia though, the

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
On Mon, Jun 10, 2013 at 6:21 AM, Fred Bauder fredb...@fairpoint.net wrote: Correct. If Osama Bin Laden had been editing Wikipedia, before his death of course, through some account in Pakistan, it would have been rather reasonable to respond favorable to a request for information. But plenty

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
On Mon, Jun 10, 2013 at 8:59 AM, Theo10011 de10...@gmail.com wrote: I'm not sure how that would have any bearing on Wikipedia though, the purpose there is to write an article, fix typos, add pictures, occasionally there is cross-communication between different editors. Wikipedia is not a

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Theo10011
On Mon, Jun 10, 2013 at 6:33 PM, Anthony wikim...@inbox.org wrote: Wikipedia is not a top traffic website from people editing. 99% of the traffic is reading/searching. Yes, and I as I pointed to the email written by Domas, that those logs don't exist. We know that people's Google

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
On Mon, Jun 10, 2013 at 6:10 AM, Fred Bauder fredb...@fairpoint.net wrote: Everything passing over the internet is archived. Nearly everything done at Wikipedia passes over the internet. Encrypted, if you're using https everywhere (and Wikipedia hasn't intentionally or unintentionally

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
They tap directly into the internet backbone. Only if there is some particular matter which interests them which they would need our help to decipher would they contact the Foundation. There are a few things out there that I can imagine them being interested in, but very few. For example, there

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
You are right, Anthony, never assume you're not dealing with idiots. If NSA is doing doing detailed surveillance of Tea Party activists or defense lawyers we are truly well along the road to hell. Fred On Mon, Jun 10, 2013 at 6:21 AM, Fred Bauder fredb...@fairpoint.net wrote: Correct. If

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
National Security Letters have been served on Libraries. However, as we keep no track whatever off who is reading the site; it is hard to see how serving one on us would accomplish anything; we can't produce records we don't keep. I suppose a secret court order could be applied for which would

Re: [Wikimedia-l] PRISM

2013-06-10 Thread John Vandenberg
On Mon, Jun 10, 2013 at 11:00 PM, Anthony wikim...@inbox.org wrote: On Mon, Jun 10, 2013 at 6:21 AM, Fred Bauder fredb...@fairpoint.net wrote: No, massive amounts of information about people doing ordinary things like editing articles about Homer Simpson is kind of the opposite of

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Tobias
On 06/10/2013 03:30 PM, Fred Bauder wrote: Encrypted, if you're using https everywhere (and Wikipedia hasn't intentionally or unintentionally compromised their certificate). But simple encryption that NSA can break at will. No one will bother trying to break SSL/TLS. The NSA certainly

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
It would be good *if* the WMF can provide assurances to editors that they havent received any national security letters or other 'trawling' requests from any U.S. agency. If the WMF has received zero such requests, can the WMF say that? There wouldn't be any gag order.

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Theo10011
On Mon, Jun 10, 2013 at 7:31 PM, John Vandenberg jay...@gmail.com wrote: Or DeCSS, or AACS, .. Or 2012 Benghazi attack, Efforts to impeach Barack Obama, Drone attacks in Pakistan, .. Or PRISM (surveillance program), Edward Snowden, Bradley Manning, .. It would be good *if* the WMF can

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Rand McRanderson
I think the key here is not to keep more information about users than necessary. Of course, there is the question of if the NSA asks for our checkuser data. I am relatively confident of WMF's honesty here. They have been pretty concerned about user privacy in general (I am sure that there is

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
Forwarded to legal at wikimedia.org Fred I think the key here is not to keep more information about users than necessary. Of course, there is the question of if the NSA asks for our checkuser data. I am relatively confident of WMF's honesty here. They have been pretty concerned about

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Svavar Kjarrval
On 10/06/13 14:12, Tobias wrote: No one will bother trying to break SSL/TLS. The NSA certainly doesn't need to. They can just sign their own certificates and perform man-in-the-middle attacks. Browsers will in most cases accept those forged certificates, since the NSA can make sure that they

[Wikimedia-l] [Wikimedia Announcements] Call for community input on our trademark policy and practices

2013-06-10 Thread Yana Welinder
Hi all, On Friday, the Legal and Community Advocacy team posted a call for community input on our trademark policy and practices: http://blog.wikimedia.org/2013/06/07/call-for-community-input-trademark-policy-practices/ We have identified some trademark practices that we think are going well,

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
Encrypted, if you're using https everywhere (and Wikipedia hasn't intentionally or unintentionally compromised their certificate). But simple encryption that NSA can break at will. No one will bother trying to break SSL/TLS. The NSA certainly doesn't need to. They can just sign their

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
On Mon, Jun 10, 2013 at 9:09 AM, Theo10011 de10...@gmail.com wrote: On Mon, Jun 10, 2013 at 6:33 PM, Anthony wikim...@inbox.org wrote: We know that people's Google searches have been used against them in court. I'm not aware of any cases where Wikipedia searches have been used. But I

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
On Mon, Jun 10, 2013 at 9:36 AM, Fred Bauder fredb...@fairpoint.net wrote: You are right, Anthony, never assume you're not dealing with idiots. If NSA is doing doing detailed surveillance of Tea Party activists or defense lawyers we are truly well along the road to hell. Maybe we are. It

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
They tap directly into the internet backbone. Only if there is some particular matter which interests them which they would need our help to decipher would they contact the Foundation. There are a few things out there that I can imagine them being interested in, but very few. For example, there

[Wikimedia-l] [Wikimedia Announcements] Wikimedia engineering May 2013 report

2013-06-10 Thread Guillaume Paumier
Hi, The report covering Wikimedia engineering activities in May 2013 is now available. Wiki version: https://www.mediawiki.org/wiki/Wikimedia_engineering_report/2013/May Blog version: https://blog.wikimedia.org/2013/06/10/wikimedia-engineering-may-2013-report/ We're also proposing a shorter,

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Luis Villa
Hi, all- For your information, we have not been approached to participate in PRISM, and we have never received or honored an NSA or FISA subpoena or order. If we were to be approached in the future, we would reject participation in any PRISM-type program to the maximum extent possible and

Re: [Wikimedia-l] Blocking of HTTPS connection by China

2013-06-10 Thread Tim Starling
On Fri, Jun 7, 2013 at 2:31 PM, Ryan Lane rl...@wikimedia.org wrote: A very small minority of users don't have HTTPS support, or their computers are so old that it makes the site unusably slow. That's a *very* small percentage of users, though. There's also the small issue of a billion people

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Tomasz W. Kozlowski
Luis Villa wrote: For your information, we have not been approached to participate in PRISM, and we have never received or honored an NSA or FISA subpoena or order. Google and Facebook both flatly denied having any relationship to PRISM, and it turned out not to be exactly true—is there any

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Oliver Keyes
Because Luis, Geoff and Stephen all know me well, and in particular they know that if they did sign up to such a programme I'd deck them :P. On 10 June 2013 23:29, Tomasz W. Kozlowski tom...@twkozlowski.net wrote: Luis Villa wrote: For your information, we have not been approached to

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Tim Starling
On 11/06/13 05:21, Anthony wrote: On Mon, Jun 10, 2013 at 9:36 AM, Fred Bauder fredb...@fairpoint.net wrote: You are right, Anthony, never assume you're not dealing with idiots. If NSA is doing doing detailed surveillance of Tea Party activists or defense lawyers we are truly well along the

Re: [Wikimedia-l] PRISM

2013-06-10 Thread John Vandenberg
On Tue, Jun 11, 2013 at 8:15 AM, Luis Villa lvi...@wikimedia.org wrote: Hi, all- For your information, we have not been approached to participate in PRISM, and we have never received or honored an NSA or FISA subpoena or order. If we were to be approached in the future, we would reject

Re: [Wikimedia-l] PRISM

2013-06-10 Thread MZMcBride
David Gerard wrote: On 10 June 2013 18:01, Rand McRanderson therands...@gmail.com wrote: I think the key here is not to keep more information about users than necessary. In particular - at present. as I understand it, we don't keep full access logs, just 1/1000 samples. We need to not keep

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Fred Bauder
David Gerard wrote: On 10 June 2013 18:01, Rand McRanderson therands...@gmail.com wrote: I think the key here is not to keep more information about users than necessary. In particular - at present. as I understand it, we don't keep full access logs, just 1/1000 samples. We need to not keep

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
On Mon, Jun 10, 2013 at 6:15 PM, Luis Villa lvi...@wikimedia.org wrote: We should have a blog post up within the next few days to discuss PRISM and our values in more detail; we will pass that along here when it is posted. Thanks. I do appreciate this. And it seems to be better worded than

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
On Mon, Jun 10, 2013 at 7:13 PM, John Vandenberg jay...@gmail.com wrote: e.g. we have never received or honored an NSA or FISA subpoena or order is good (and far better than I've seen from Google or Facebook), but ... does that exclude all possible orders under the Patriot Act? does that

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Dan Rosenthal
Anthony and John beat me to it -- I was going to second the suggestion that the sentence spend a bit of time being wordcrafted on Meta for extra eyes, to clarify things like the National Security Letters, NSL gag orders, etc. -Dan Dan Rosenthal On Tue, Jun 11, 2013 at 4:02 AM, Anthony

Re: [Wikimedia-l] PRISM

2013-06-10 Thread MZMcBride
Fred Bauder wrote: This has come up in the context of database dumps and database replication. We're basically asking for this information to one day be leaked by retaining it indefinitely (including usernames that out individuals, CheckUser logs, content buried inside page histories, etc.).

Re: [Wikimedia-l] PRISM

2013-06-10 Thread MZMcBride
Anthony wrote: One thing I'd also appreciate is that if indeed Wikipedia access logs are not even collected in the first place (except for 1/1000 samples), that this be stated officially, rather than relying on a two-year-old comment by a single, now-former employee. Minor point: I can't tell for

Re: [Wikimedia-l] PRISM

2013-06-10 Thread MZMcBride
Federico Leva (Nemo) wrote: Benjamin Lees, 10/06/2013 08:13: http://thread.gmane.org/gmane.org.wikimedia.foundation/49712/focus=49727 is probably relevant (if what Domas said then is still true). While I'm not aware of privacy changing substantially, speaking of fantastic names, Kraken is going

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Anthony
On Mon, Jun 10, 2013 at 10:06 PM, MZMcBride z...@mzmcbride.com wrote: Anthony wrote: One thing I'd also appreciate is that if indeed Wikipedia access logs are not even collected in the first place (except for 1/1000 samples), that this be stated officially, rather than relying on a

Re: [Wikimedia-l] PRISM

2013-06-10 Thread Tim Starling
On 11/06/13 10:41, Anthony wrote: One thing I'd also appreciate is that if indeed Wikipedia access logs are not even collected in the first place (except for 1/1000 samples), that this be stated officially, rather than relying on a two-year-old comment by a single, now-former employee. In