There are sensitive communications over IRC such as harassment investigations, although hopefully not to the degree that sensitive info goes over email. I use what is advertised as a secure method of accessing IRC, but that is still probably much weaker than end-to-end email encryption. We could look into a more secure messaging system, but my top concern is the security of staff email, Google Docs, staff accounts with access to un-sanitized analytics data. I would start there, followed by Arbcom/CU/OS wiki and email accounts, and probably IRC last.
Pine On Thu, Aug 7, 2014 at 11:34 AM, Ryan Lane <[email protected]> wrote: > On Thu, Aug 7, 2014 at 11:27 AM, Pine W <[email protected]> wrote: > > > There are "good" reasons people would target checkuser accounts, WMF > staff > > email accounts, and other accounts that have access to lots of private > info > > like functionary email accounts and accounts with access to restricted > IRC > > channels. > > > > > WMF uses gmail; they should force-require the use of two factor > authentication for their employees if they care about that. Restricted IRC > channels also don't have anything to do with Wikimedia wiki account > security (and IRC security is a joke anyway, so if we're really relying on > that to be secure, shame on us). > > - Ryan > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
