Shannon Lucid, recounting what the two Russian cosmonauts told her every time they left the Mir space station for a spacewalk, 1996
Indymedia UK, one of the oldest Indymedia websites worldwide, will fork in two projects by the 1st of May 2011. A contentious point was IP monitoring by uk.indymedia.org which led to a fierce controversy ( [3] | [4] | [5] | [6] ). Both the British Indymedia website and de.indymedia.org run on the content management system Mir and de.indymedia.org logs IPs temporarily, too. But what exactly does that mean?
Mir was developed for Indymedia in 1999 and has made more than 10 years of independent media possible. The concept of Mir relies on a production server where content is posted and moderated and where static pages are produced and one or more mirror servers where the static pages are copied and then delivered to the users.
The Mir programmers built functions into the software to monitor and filter IP addresses. It could nevertheless be prevented that IP address reach Mir, this is done by removing them on a server level. But that has not been done by uk.indymedia.org nor by de.indymedia.org in the last couple of years.
In fact, it would be possible to built in backdoors to monitor IP addresses secretly for system admins (called root in unix-like systems) with bad intentions. However, with Mir it is possible for all moderators to access the functions to monitor IP addresses if they are not removed at a server level. That's because the programmers of Mir unfortunately didn't integrate permission management into the software. Thus, access to sensitive functions and data cannot be restricted and so every moderator can access everything.
Until spring 2008 and probably until now, the most recent 80 IP addresses from where articles or comments have been posted are being temporarily stored in RAM by the Mir-system used on de.indymedia.org. This data is being used to set up IP filters, e.g. to automatically hide spam or Nazi articles being posted from specific IP addresses.
While the IP addresses aren't stored on the hard disk permanently, it's still possible for moderators to check the most recent 80 IP addresses for the time they are kept in RAM. Usually it's under 240 postings a day, so a moderator would have to check this list only three times a day to get the IP addresses of all postings on de.indymedia.org and – with bad intentions – copy and save them.
But also without bad intentions those IP filters regularly produce false positives and good content gets hidden for being posted from a filtered IP address. It happens regularly for example that Tor exit nodes, VPNs or proxies are being blocked. But because IP monitoring has been kept secret for many years, this collateral damage couldn't be explained to affected users. Not all censorship was intended.
But worse than the IP monitoring itself, are the long years of silence by the moderators of Indymedia Germany. At least since the end of 2007, the later excluded Freiburg moderation collective, criticised the temporary logging of IP addresses. They proposed to disable the IP monitoring at the national meeting in November 2007 in Freiburg. The proposal was blocked by other moderators.
The subject was raised in public at the beginning of 2010 on a mailing list of IMC linksunten and shortly afterwards on the global communication list of the Indymedia network. IMC Germany has ignored the criticism. And it cannot even claim to have monitored the IP addresses to uncover agents provocateurs of the state. In the UK, it has been discovered through IP filters that some postings by state agencies led to criminalisations and even police raids and server seizures.
In general, activists have to look after their security by using services like Tor or VPN. However, IP addresses are being removed on server level by linksunten.indymedia.org as it is being done by IMC Bristol. On top of this, we have disabled IP-Logging in our software Drupal.
In October 2005, IMC Sydney proposed an amendment to the Principles of Unity of the Indymedia network. They proposed that no Indymedia site should log user data. This proposal was raised again in January 2011 by IMC Nantes and extended by IMC Northern England. We support this initiative.
Indymedia should not log IP addresses!
IMC linksunten
Communiqué from 30.01.2011
Obfuscate IP-adresses in Mir
You can "obfuscate" the IP adresses in Mir (as currently done at de.indymedia.org) by applying following patch to mir/templates/admin/abuse.log.template:
40c40
< <td>${l.ip}</td>
---
> <td>${utility.obfuscateIP(l.ip)}</td>
and adding following method to your UtilityFunctions class:
Using this way, only the first 24 bits of the IP adresses are shown which keeps the possibility to create filters for /24-blocks without allowing the moderators to uniquely identify the host that has posted the article/comment.